Umleitung auf windowsclick.com , Programme funktionieren nicht etc.

Michi86 · 19.08.2009, 20:40

Hab ein ähnliches Problem wie http://www.trojaner-board.de/70996-s...dowsclick.html

U.a. funktionieren die Systemwiederherstellung und Malwarebytes' Anti-Malware nicht.

Hijackthis-File:

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:15, on 19.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\DU Meter\DUMeterSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\TweakMASTER\TMTray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Hama\Common\RaUI.exe
C:\Programme\Orbitdownloader\orbitdm.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads\HJTInstall.exe
C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads\HJTInstall.exe
C:\Programme\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Programme\TweakMASTER\TweakBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TweakMASTER] "C:\Programme\TweakMASTER\TMTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] REM C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [WinPerfectAutoRun] C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-776561741-1425521274-725345543-1004 Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Zu &LinkFox hinzufügen - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Programme\PokerStars.TEST\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kusewovi.dll,C:\WINDOWS\system32\wudepuve.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: nnnopOhi - nnnopOhi.dll (file missing)
O20 - Winlogon Notify: urqQjiGY - urqQjiGY.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Programme\DU Meter\DUMeterSvc.exe
O23 - Service: DVRMSFileWatcherService - - c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c92d5b88e0307c) (gupdate1c92d5b88e0307c) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12673 bytes

Michi86 · 19.08.2009, 20:41

GMER - Rootkit Detection

Zitat:

GMER 1.0.14.14536 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-19 21:38:10
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

Code 86970BD8 ZwEnumerateKey
Code 86971AA0 ZwFlushInstructionCache
Code 86D1121E IofCallDriver
Code 86D01256 IofCompleteRequest
Code 8697BAAD ZwSaveKey
Code 8697DA7D ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!IofCallDriver 804EF0BC 5 Bytes JMP 86D11223
.text ntkrnlpa.exe!IofCompleteRequest 804EF14C 5 Bytes JMP 86D0125B
.text ntkrnlpa.exe!ZwSaveKey 805002A0 5 Bytes JMP 8697BAB2
.text ntkrnlpa.exe!ZwSaveKeyEx 805002B4 5 Bytes JMP 8697DA82
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B528A 5 Bytes JMP 86971AA4
PAGE ntkrnlpa.exe!ZwEnumerateKey 8062296E 5 Bytes JMP 86970BDC

---- User code sections - GMER 1.0.14 ----

.text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[760] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 0049E7A0 C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
.text C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads\Tralala.exe[2148] ADVAPI32.dll!RegCreateKeyExW 77DA774C 1 Byte [ E9 ]
.text C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads\Tralala.exe[2148] ADVAPI32.dll!RegCreateKeyExW + 2 77DA774E 3 Bytes [ 3B, 2A, FA ]
.text C:\WINDOWS\Explorer.EXE[2620] SHELL32.dll!SHFileOperationW 7E71FDEE 5 Bytes JMP 00DA1102 C:\Programme\Unlocker\UnlockerHook.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3624] WS2_32.dll!connect 71A1406A 5 Bytes JMP 010727E0 \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3624] WS2_32.dll!send 71A1428A 5 Bytes JMP 010727C0 \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3624] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 010729A0 \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.14 ----

Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [620] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsraxtoiqtk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [620] 0x00740000
Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1632] 0x02790000
Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1716] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsraxtoiqtk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1716] 0x00740000
Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1760] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsraxtoiqtk.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1760] 0x00740000
Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1820] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsraxtoiqtk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1820] 0x00740000
Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1888] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsraxtoiqtk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1888] 0x00740000
Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1904] 0x10000000
Library \\?\globalroot\systemroot\system32\UACsraxtoiqtk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1904] 0x00740000
Library \\?\globalroot\systemroot\system32\UACsraxtoiqtk.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2620] 0x10000000
Library \\?\globalroot\systemroot\system32\UACedobnvcgvk.dll (*** hidden *** ) @ C:\Programme\Mozilla Firefox\firefox.exe [3624] 0x01060000

---- Registry - GMER 1.0.14 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6E19043D-8262-49FD-1693-E4BFF59BC257}

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.14 ----

Chris4You · 20.08.2009, 10:17

Hi,

da läuft ein Rootkit, die "Trusted zones" sind keine, und einige Notify-Einträge sind -äh- interessant ...

Daher:
Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Achtung Benenne es bereits im Downloadialog auf test.com um!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/comb...x-benutzt-wird

Danach bitte MAM und RSIT:

Malwarebytes Antimalware (MAM).
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Fullscan und alles bereinigen lassen! Log posten.

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.

* Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

chris

Michi86 · 21.08.2009, 14:47

Combofix bricht wiederholt gleich nach Start des Scans ab, ein blauer Bildschirm erscheint
Problem: Speichern in einen speichergeschützten Bereich geht nicht oder so ähnlich
Ich muss den PC neu starten.

MAM lässt sich wie oben erwähnt nicht starten.

Hier meine RSIT Logs:

log.txt (Teil 1)

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ich at 2009-08-21 15:23:49
WIN_XP Service Pack 2
System drive C: has 131 GB (55%) free of 238 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:53, on 21.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\DU Meter\DUMeterSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\TweakMASTER\TMTray.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Hama\Common\RaUI.exe
C:\Programme\Orbitdownloader\orbitdm.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\Ich.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Programme\TweakMASTER\TweakBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TweakMASTER] "C:\Programme\TweakMASTER\TMTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] REM C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [WinPerfectAutoRun] C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [WinPerfectAutoRun] C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe -boot (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-776561741-1425521274-725345543-1004 Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Zu &LinkFox hinzufügen - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Programme\PokerStars.TEST\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: nnnopOhi - nnnopOhi.dll (file missing)
O20 - Winlogon Notify: urqQjiGY - urqQjiGY.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Programme\DU Meter\DUMeterSvc.exe
O23 - Service: DVRMSFileWatcherService - - c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c92d5b88e0307c) (gupdate1c92d5b88e0307c) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\test.com\HIDEC.exe" "C:\test.com\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 12762 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2008-12-19 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll [2009-01-22 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG8\avgssie.dll [2009-08-21 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}]
TweakMASTER PRO Component - C:\Programme\TweakMASTER\TweakBHO.dll [2008-05-18 133184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
TBSB03968 Class - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-02-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-07-17 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-01-22 211272]
{000E148C-F7A7-445A-9044-93BF6CE09ECB} - Toolbar fuer eBay - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"nwiz"=nwiz.exe /install []
"TweakMASTER"=C:\Programme\TweakMASTER\TMTray.exe [2008-05-18 610368]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-01 7311360]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2008-11-20 290088]
"FreePDF Assistant"=REM C:\Programme\FreePDF_XP\fpassist.exe []
"UnlockerAssistant"=C:\Programme\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-21 2007832]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-10 160768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"PhonostarTimer"=C:\Programme\phonostar\ps_timer.exe [2009-05-13 126976]
"WinPerfectAutoRun"=C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe [2007-09-28 3732992]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"AutoStart-Manager 2006"=C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe [2005-12-23 397312]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UserAccess7"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Hama Wireless LAN Utility.lnk - C:\Programme\Hama\Common\RaUI.exe
Orbit.lnk - C:\Programme\Orbitdownloader\orbitdm.exe

C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart
OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-21 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
avldr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnopOhi]
nnnopOhi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqQjiGY]
urqQjiGY.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJBrstU
"notification packages"=scecli
C:\WINDOWS\system32\kusewovi.dll
C:\WINDOWS\system32\wudepuve.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Dokumente und Einstellungen\Ich\Desktop\freezer.exe"="C:\Dokumente und Einstellungen\Ich\Desktop\freezer.exe:*:Enabled:freezer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*

isabled:Firefox"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe"="C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Programme\Spotify\spotify.exe"="C:\Programme\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\SoulseekNS\slsk.exe"="C:\Programme\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Michi86 · 21.08.2009, 14:49

Das Problem besteht übrigens afaik seit 17.8. oder so
Teil 2 log.txt

Zitat:

======List of files/folders created in the last 1 months======

2009-08-21 15:20:36 ----A---- C:\avenger.txt
2009-08-21 15:03:52 ----SD---- C:\test.com
2009-08-21 15:03:50 ----A---- C:\WINDOWS\system32\CF21292.exe
2009-08-21 14:56:43 ----A---- C:\Boot.bak
2009-08-21 14:56:28 ----RASHD---- C:\cmdcons
2009-08-21 14:54:43 ----A---- C:\WINDOWS\zip.exe
2009-08-21 14:54:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-21 14:54:43 ----A---- C:\WINDOWS\SWSC.exe
2009-08-21 14:54:43 ----A---- C:\WINDOWS\SWREG.exe
2009-08-21 14:54:43 ----A---- C:\WINDOWS\sed.exe
2009-08-21 14:54:43 ----A---- C:\WINDOWS\PEV.exe
2009-08-21 14:54:43 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-21 14:54:43 ----A---- C:\WINDOWS\grep.exe
2009-08-21 14:54:29 ----D---- C:\WINDOWS\ERDNT
2009-08-21 14:54:27 ----A---- C:\WINDOWS\system32\CF19447.exe
2009-08-21 14:54:14 ----D---- C:\Qoobox
2009-08-19 21:31:29 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-08-19 21:31:29 ----A---- C:\WINDOWS\gmer.dll
2009-08-19 21:31:28 ----A---- C:\WINDOWS\gmer.exe
2009-08-19 20:03:59 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-19 19:48:23 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-08-19 19:48:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-19 19:08:56 ----D---- C:\Programme\Mozilla Firefox
2009-08-18 20:33:48 ----D---- C:\Programme\trend micro
2009-08-18 20:33:47 ----D---- C:\rsit
2009-08-18 20:24:20 ----D---- C:\Programme\CCleaner
2009-08-17 22:54:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-14 13:35:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 13:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 13:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 13:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 13:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-14 13:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 13:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 13:29:48 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-14 13:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-14 13:29:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-14 13:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-10 11:28:10 ----A---- C:\WINDOWS\system32\xa.tmp
2009-08-08 00:59:05 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\OpenOffice.org
2009-08-07 23:38:27 ----D---- C:\Programme\OpenOffice.org 3
2009-08-07 23:24:58 ----D---- C:\Programme\MSECache
2009-08-05 20:34:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
2009-08-05 20:34:11 ----D---- C:\Programme\SoulseekNS
2009-08-03 12:20:27 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-01 21:03:24 ----SHD---- C:\found.000
2009-07-23 10:36:01 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Uniblue

======List of files/folders modified in the last 1 months======

2009-08-21 15:21:19 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Orbit
2009-08-21 15:21:10 ----D---- C:\WINDOWS\Temp
2009-08-21 15:20:58 ----D---- C:\WINDOWS\system32
2009-08-21 15:20:44 ----D---- C:\Avenger
2009-08-21 15:20:40 ----D---- C:\WINDOWS
2009-08-21 15:20:36 ----D---- C:\WINDOWS\system32\drivers
2009-08-21 15:19:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-21 15:04:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-21 14:56:43 ----RASH---- C:\boot.ini
2009-08-21 14:49:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-19 20:44:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-08-19 19:48:23 ----RD---- C:\Programme
2009-08-19 19:12:56 ----D---- C:\Programme\PokerStars
2009-08-18 21:14:52 ----HD---- C:\WINDOWS\inf
2009-08-18 20:27:00 ----D---- C:\WINDOWS\Debug
2009-08-18 00:10:15 ----A---- C:\WINDOWS\win.ini
2009-08-18 00:10:15 ----A---- C:\WINDOWS\system.ini
2009-08-17 23:41:00 ----HD---- C:\$AVG8.VAULT$
2009-08-17 22:54:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-17 22:36:34 ----AD---- C:\Downloads
2009-08-17 22:33:03 ----D---- C:\Config.Msi
2009-08-17 21:46:30 ----SHD---- C:\WINDOWS\Installer
2009-08-17 21:46:30 ----D---- C:\Programme\Gemeinsame Dateien
2009-08-17 21:44:05 ----SD---- C:\WINDOWS\Tasks
2009-08-17 21:43:32 ----D---- C:\WINDOWS\Prefetch
2009-08-17 20:44:47 ----D---- C:\WINDOWS\Registration
2009-08-15 23:32:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-15 23:16:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 13:59:53 ----D---- C:\Programme\ANSTOSS 3
2009-08-14 13:37:33 ----D---- C:\WINDOWS\system32\Setup
2009-08-14 13:34:30 ----D---- C:\Programme\Outlook Express
2009-08-11 18:57:20 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Move Networks
2009-08-10 11:40:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
2009-08-08 15:28:23 ----D---- C:\Programme\Azureus
2009-08-08 15:28:20 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Azureus
2009-08-07 23:40:48 ----RSD---- C:\WINDOWS\assembly
2009-08-07 23:39:21 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 23:38:02 ----D---- C:\Programme\OpenOffice.org 2.4
2009-08-07 23:21:27 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\OpenOffice.org2
2009-08-06 16:39:36 ----D---- C:\Programme\Replay Media Catcher
2009-08-06 16:33:10 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2009-08-06 16:33:06 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2009-08-06 16:33:05 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-08-05 11:05:18 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 17:01:19 ----A---- C:\WINDOWS\system32\lsprst7.dll
2009-08-03 17:01:14 ----D---- C:\Programme\SPSS Evaluation
2009-08-03 17:01:10 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-08-03 12:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-03 12:21:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-03 12:20:54 ----D---- C:\WINDOWS\system32\de-de
2009-08-03 12:20:54 ----D---- C:\Programme\Internet Explorer
2009-08-03 12:20:30 ----D---- C:\WINDOWS\WinSxS
2009-08-03 12:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-08-02 13:09:49 ----D---- C:\Programme\Google
2009-08-02 13:08:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-01 22:05:43 ----D---- C:\WINDOWS\system32\config
2009-08-01 22:04:42 ----D---- C:\Programme\Unlocker
2009-08-01 22:04:39 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Adobe
2009-08-01 22:00:34 ----D---- C:\Programme\LimeWire
2009-08-01 22:00:26 ----D---- C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\LimeWire
2009-08-01 21:16:25 ----D---- C:\Dokumente und Einstellungen
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-21 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-21 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-23 108552]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-04 20747]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-01-24 666368]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-10-13 4022528]
R3 AmdTools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 31744]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-10-02 126864]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-01 3535424]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-10 17024]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
S1 bqfpmkbcowxftext;bqfpmkbcowxftext; C:\WINDOWS\system32\drivers\bqfpmkbcowxftext.sys []
S2 mtviaxz;mtviaxz; C:\WINDOWS\system32\drivers\hucl.sys []
S2 qkkewwvh;qkkewwvh; C:\WINDOWS\system32\drivers\rynzgk.sys []
S3 catchme;catchme; \??\C:\DOKUME~1\Ich\LOKALE~1\Temp\catchme.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-08-19 85969]
S3 HidIr;Microsoft Infrarot-HID-Treiber; C:\WINDOWS\system32\DRIVERS\hidir.sys [2004-08-10 15104]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2004-08-10 46208]
S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-10 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-10 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-21 42512]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-10 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-10 15360]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2009-03-21 27136]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-21 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-21 297752]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ClipInc001;ClipInc 001; C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [2008-11-28 2195720]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304]
R2 DUMeterSvc;DU Meter Service; C:\Programme\DU Meter\DUMeterSvc.exe [2008-05-18 1388592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center-Planerdienst; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-02-19 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-01 131139]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 DVRMSFileWatcherService;DVRMSFileWatcherService; c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe [2006-03-18 32768]
S2 gupdate1c92d5b88e0307c;Google Update Service (gupdate1c92d5b88e0307c); C:\Programme\Google\Update\GoogleUpdate.exe [2008-10-13 133104]
S2 PEVSystemStart;PEVSystemStart; cmd /k start /i /dC: C:\test.com\HIDEC.exe C:\test.com\SWREG.EXE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Programme\Hotspot Shield\bin\HssTrayService.EXE []
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2007-06-21 92792]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-12 355584]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe []

-----------------EOF-----------------

Michi86 · 21.08.2009, 14:52

info.txt Teil 1

Zitat:

info.txt logfile of random's system information tool 1.06 2009-08-18 20:33:54

======Uninstall list======

-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe"
ActionPoker.com-->C:\Programme\Action Poker\uninst.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
All2WAV Recorder 3.20-->"C:\Programme\All2WAV Recorder\unins000.exe"
AMD Dual-Core Optimizer-->MsiExec.exe /X{886C92E6-4AF1-4290-BB86-4B5064A1BB7D}
AmoK DelayDel 1.2-->C:\Programme\AmoK\AmoK DelayDel\uninst.exe
ANSTOSS 3-->"C:\Programme\ANSTOSS 3\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Programme\FLV Player\Uninstall\uninstall.xml"
Ashampoo WinOptimizer 2008-->"C:\Programme\Ashampoo\Ashampoo WinOptimizer 2008\Uninstall\1806_Uninstall.exe"
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
Audio Recorder for Free-->C:\PROGRA~1\AUDIOR~2\UNWISE.EXE C:\PROGRA~1\AUDIOR~2\INSTALL.LOG
Audio Recorder Pro 3.70-->"C:\Programme\Audio Recorder Pro\unins000.exe"
Audiograbber 1.83 SE -->"C:\Programme\Audiograbber\Uninstall.exe"
AudioRecorder-->C:\AudioSuite\AudioRecorder\UninstalAR.exe
Autostart-Manager 2006-->MsiExec.exe /I{3B11379A-9196-4228-981A-BB255E13109E}
AVG Free 8.5-->C:\Programme\AVG\AVG8\setup.exe /UNINSTALL
AVS Video Converter 6-->"C:\Programme\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Programme\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Azureus-->C:\Programme\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Bounci Madness 2.0-->C:\Programme\Bounci Madness\Uninstal.exe
Broken Sword 2.5-->"C:\Programme\Broken Sword 2.5\unins000.exe"
Camtasia Studio 5-->MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Programme\CDex_170b2\uninstall.exe"
CheckerBoard 1.65-->"C:\Programme\CheckerBoard\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco Systems VPN Client 4.8.02.0010-->MsiExec.exe /X{176130BC-99A1-41FE-A78B-56045E33AD70}
Crashday-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}\setup.exe" -l0x7 -removeonly
Crashday-demo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66A0EFCD-EF56-4F16-8B04-A1BE121099BD}\setup.exe" -l0x7 -removeonly
dCut-->MsiExec.exe /I{885EE19A-486C-4A85-BA1B-19D719C72798}
DH Driver Cleaner Professional Edition-->C:\Programme\Driver Cleaner Pro\Uninstall.exe
Digital Media Converter 2.7-->"C:\Programme\Deskshare\Digital Media Converter\unins000.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe
DVD Flick-->"C:\Programme\DVD Flick\unins000.exe"
DVRMSToolbox-->MsiExec.exe /I{19C17C44-FA53-4873-A83E-434AC61028DF}
Easy Website Pro 3-->C:\Programme\PhotonFX\Easy Website Pro 3\Uninstall.exe
EasyCleaner-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Echospin Delivery Wizard-->RunDll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\esProxy.inf,DefaultUninstall
eMule-->"C:\Programme\eMule\Uninstall.exe"
Firebird SQL Server - MAGIX Edition-->C:\Programme\MAGIX\Common\Database\unwise.exe
FlatOut2-->MsiExec.exe /I{7E641E46-81DB-4D1D-906A-48342523051C}
Floses Spielesammlung 1.3.1-->"C:\Programme\Flo & Seb Engineering\Floses Spielesammlung\unins000.exe"
Flv Audio Extractor 1.04-->"C:\Programme\Flv Audio Extractor\unins000.exe"
FlvRecorder-->"C:\Programme\FlvRecorder\unins000.exe"
Free FLV to MP3 Converter-->"C:\Programme\Topsevenreviews\Free FLV to MP3 Converter\unins000.exe"
Free M4a to MP3 Converter 6.0-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe"
Free Video to Flash Converter version 4.1-->"C:\Programme\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
GetASFStream-->"C:\Program Files\GetASFStream\epuninst.exe" /s
Google Gears-->MsiExec.exe /I{F724042F-367A-3B58-9BE3-8EF7A6F058D6}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.63-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.63\uninstal.txt"
Grand Theft Auto San Andreas-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly
GTA2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
GTR 2 Demo-->"C:\GTR2Demo\Support\unins000.exe"
Hama Wireless LAN Adapter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x7 -removeonly
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HS WinPerfect-->"C:\Programme\nobox.de\HS WinPerfect\unins000.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iMesh-->C:\Programme\iMesh Applications\iMesh\UninstallSurvey.exe C:\Programme\iMesh Applications\iMesh\UnwiseLauncher.exe /A C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
Internet Speed Monitor-->C:\Programme\iCheck\Uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jagged Alliance 2 Wildfire-->C:\PROGRA~1\Zuxxez\JAGGED~1\UNWISE.EXE C:\PROGRA~1\Zuxxez\JAGGED~1\INSTALL.LOG
JAP-->C:\Programme\JAP\uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Jing-->MsiExec.exe /I{AAF817C5-9B99-4025-A5C1-8D0DB5717F2C}
Just Cause 1.00.0000-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\setup.exe" -l0x7 -removeonly
Just Cause Demo 1.00.0000-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E766BDE2-A6DF-4066-B495-2B7BDFF01BB0}\setup.exe" -l0x7 -removeonly
MAGIX Music Maker 2008 Producer Edition Trial 13.0.1.11 (D)-->C:\Programme\MAGIX\MusicMaker2008PEDownloadVersion\unwise.exe
MAGIX Screenshare 4.3.6.1987 (D)-->C:\Programme\MAGIX\PCVisit\unwise.exe
Mercenaries 2: World in Flames™ (DEMO)-->MsiExec.exe /X{8D07389B-2C9D-4B9B-BC6A-85BAD8A848A6}
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 German Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Moorhuhn Tennis-->C:\PHENOM~1\MOORHU~1\UNWISE.EXE C:\PHENOM~1\MOORHU~1\INSTALL.LOG
Mozilla Firefox (3.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MP3 Recorder Studio 5.9-->"C:\Programme\MP3 Recorder Studio\unins000.exe"
Mpeg2Decoder 1.3-->"C:\Programme\Mpeg2Decoder\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Network Stumbler 0.4.0 (remove only)-->"C:\Programme\Network Stumbler\uninst.exe"
Neverball 1.5.0-->C:\Programme\Neverball\uninstall.exe
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
Orbit Downloader-->"C:\Programme\Orbitdownloader\unins000.exe"
phonostar-Player Version 2.01.4-->"C:\Programme\phonostar\unins000.exe"
PicaLoader 1.7.1-->C:\Programme\PicaLoader\uninst.exe
Picture Ripper 4-->"C:\Programme\Picture Ripper 4\unins000.exe"
PokerStars-->"C:\Programme\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Red Kings Poker (remove only)-->"C:\Programme\Red Kings Poker\uninstall.exe"
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
RemoveIT Pro v4 - SE-->C:\PROGRA~1\INCODE~1\REMOVE~2\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~2\INSTALL.LOG
RemoveIT Pro v7 (Trial)-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG
Replay Media Catcher 3.0-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 3.01-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 3.02-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
RichFLV-->msiexec /qb /x {B09501E3-A67A-83C9-6678-59FF8C510822}
RichFLV-->MsiExec.exe /I{B09501E3-A67A-83C9-6678-59FF8C510822}
SA25x0 & SA26x0 Device Manager-->C:\Programme\InstallShield Installation Information\{0AD8AA88-0DE9-4065-A35E-529EB576A507}\setup.exe -runfromtemp -l0x0007 -removeonly
Security Task Manager 1.7g-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sharpshooter's Miniature Golf Version 4.285-->"C:\Programme\Sharpshooter's Miniature Golf\unins000.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Michi86 · 21.08.2009, 14:54

info.txt Teil 2

Zitat:

SiteUnseen-->C:\WINDOWS\ST5UNST.EXE -n "C:\Programme\Itc\SiteUnseen\ST5UNST.LOG"
Snagit 9.1.1-->MsiExec.exe /I{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}
Spotify-->"C:\Programme\Spotify\uninstall.exe"
SPSS 15.0 for Windows Evaluation Version-->MsiExec.exe /X{EE48D800-A3B5-43E3-B846-1CC556B8170D}
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TestPokerStars.com-->"C:\Programme\PokerStars.TEST\PokerStarsUninstall.exe" /u:TestPokerStars.com
Texas Hold'em Poker 7.1-->"C:\Programme\Texas Hold'em Poker\unins000.exe"
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Thief - Deadly Shadows Demo-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}\setup.exe" -l0x9
Thief - Deadly Shadows-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC123EEA-330A-4685-911C-95B8F5E9DE68}\Setup.exe" -l0x7
Toolbar fuer eBay-->regsvr32 /u /s "C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TweakMASTER-->"C:\Programme\TweakMASTER\unins000.exe"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Programme\Unlocker\uninst.exe
Update für Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Service-->C:\Programme\Sony Ericsson\Update Service\uninst.exe
URL Snooper v2.20.02-->"C:\Programme\URLSnooper2\unins000.exe"
VideoLAN VLC media player 0.8.6f-->C:\Programme\VideoLAN\VLC\uninstall.exe
VideoReDo/Plus Version 2.5.6.512-->"C:\Programme\VideoReDoPlus\unins000.exe"
WDR RadioRecorder-->C:\WINDOWS\CISUnins.exe "C:\Programme\Tobit ClipInc\Server\CISUnins.inf"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation DE Language Pack-->MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB911061-->"C:\WINDOWS\$NtUninstallKB911061$\spuninst\spuninst.exe"
Windows-Treiberpaket - NVIDIA System (05/13/2005 4.5.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\setup.exe /u C:\WINDOWS\system32\DRVSTORE\nvsmbus_992BFDA203C1E2C6050C2ACFF181F8A0FA4EC0E6\nvsmbus.inf
Windows-Treiberpaket - NVIDIA System (05/13/2005 5.1.2600.0450)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\setup.exe /u C:\WINDOWS\system32\DRVSTORE\nf4sys_AA3A6883400D458FDC96850CCDF36EFE3227810D\nf4sys.inf
WinPcap 4.1 beta-->C:\Programme\WinPcap\uninstall.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XMedia Recode 2.0.5.6-->C:\Programme\XMedia Recode\uninst.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
xp-AntiSpy 3.96-8-->C:\Programme\xp-AntiSpy\Uninstall.exe
XP-Clean Express-->MsiExec.exe /I{8904ACA8-CEB6-4286-BC3B-6F5A14654CC6}
Zattoo 3.2.4 Beta-->C:\Programme\Zattoo\uninst.exe

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Chris4You · 21.08.2009, 15:24

Hi,

das kann jetzt gefährlich werden...
Teile des Rootkits sind sichtbar, versuche sie mit Avenger zu erwischen, wie der Rest drauf reagiert ist unklar...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\WINDOWS\system32\kusewovi.dll (?Wurm?)
C:\WINDOWS\system32\wudepuve.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:

ATTFilter

Drivers to delete:
bqfpmkbcowxftext
bqfpmkbcowxftext.sys

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\nnnopOhi
HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\urqQjiGY
 
Files to delete:
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
C:\WINDOWS\SYSTEM32\nnnopOhi.dll
C:\WINDOWS\SYSTEM32\urqQjiGY.dll
C:\WINDOWS\system32\drivers\bqfpmkbcowxftext.sys
C:\WINDOWS\system32\UACedobnvcgvk.dll 
C:\WINDOWS\system32\UACsraxtoiqtk.dll
C:\WINDOWS\system32\drivers\hucl.sys
C:\WINDOWS\system32\drivers\rynzgk.sys

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code:

ATTFilter

O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)

Versuche dann (ohne Internetverbindung) noch mal MAM bzw. ComboFix zu starten!

Sophos Antirootkit:
Downloade Sophos Antirookit und Scanne Dein gesamtes System, poste das Logfile. Benutzeranleitung (english): http://www.sophos.de/sophos/docs/eng...r_15_umeng.pdf
http://www.chip.de/downloads/Sophos-..._21584106.html

Chris

Michi86 · 21.08.2009, 15:44

Hm, die beiden dll finde ich nicht trotz "alle Dateien anzeigen"

Michi86 · 21.08.2009, 15:50

Avenger File:

Zitat:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "bqfpmkbcowxftext" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\bqfpmkbcowxftext.sys" not found!
Deletion of driver "bqfpmkbcowxftext.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job" deleted successfully.
File "C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job" deleted successfully.

Error: file "C:\WINDOWS\SYSTEM32\nnnopOhi.dll" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\nnnopOhi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\SYSTEM32\urqQjiGY.dll" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\urqQjiGY.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\bqfpmkbcowxftext.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\bqfpmkbcowxftext.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\UACedobnvcgvk.dll" deleted successfully.
File "C:\WINDOWS\system32\UACsraxtoiqtk.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\hucl.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hucl.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\rynzgk.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\rynzgk.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\nnnopOhi" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\nnnopOhi" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\urqQjiGY" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\urqQjiGY" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Michi86 · 21.08.2009, 16:01

MAM geht immernoch nicht (mbam.exe wird, wie vor dem fix, zwar bei den Prozessen im Task-Manager angezeigt, öffnet sicher aber nicht)
Bei ComboFix gleiches Problem wie vorher

Michi86 · 21.08.2009, 19:38

Sophos Anti-Rootkit - Download - CHIP Online hat das Problem scheinbar gelöst. Hab nach dem Scan (hat beim mir 1 Stunde gedauert) einfach alles, was ich abhaken konnte, abgehakt und vom Programm bereinigen lassen. (Wie postet man denn da ein Logfile?)
Alle Programme funktionieren wieder, ich werde im Netz nicht mehr umgeleitet.

Soll ich noch ein Logfile von einem anderen Programm posten?

Vielen Dank schonmal.

Chris4You · 22.08.2009, 12:45

Hi,

lösche combofix mit Start->ausführen combofix /u, installiere eine neue Version (download wie gehabt) und lass die mal laufen. Was macht MAM, ist es jetzt startfähig, sonst müssen wir noch was tun...

Prüfe, od Du das Logfile von Sophos hier findest:
Protokolldatei: %TEMP%\sarscan.log (%TEMP% das temporäre Windows-Verzeichnis)...

Bitte nochmal ein neues RSIT-Log posten!

chris

Michi86 · 22.08.2009, 14:09

MBAM funktioniert hab gestern gescannt (hat ewig gedauert), hat doch einiges gefunden. Das Logfile stammt von vor der Bereinigung (No action taken), ich hab natürlich bereinigen lassen

Zitat:

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2551
Windows 5.1.2600 Service Pack 2

22.08.2009 01:31:42
mbam-log-2009-08-22 (01-31-34).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 227712
Laufzeit: 4 hour(s), 37 minute(s), 15 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 3
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.BHO) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
C:\Programme\iCheck (Trojan.Agent) -> No action taken.
C:\Programme\GetModule (Trojan.Agent) -> No action taken.

Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\net.net.q_804B001_q.old (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\xpre.tmp.q_43439006_q (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\net.net.q_804B001_q (Trojan.Downloader) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan\rasvsnet.tmp.q_43433001_q (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{145A9684-D1BB-4390-91AE-8939961537F3}\RP107\A0044060.sys (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{145A9684-D1BB-4390-91AE-8939961537F3}\RP136\A0070283.dll (Rogue.Agent) -> No action taken.
C:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\twain_32\002C7E13.uf (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> No action taken.
C:\Programme\iCheck\Uninstall.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\prnet.tmp-up.txt (Malware.Trace) -> No action taken.

Michi86 · 22.08.2009, 14:26

RSIT log.txt Teil 1

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ich at 2009-08-22 15:22:19
WIN_XP Service Pack 2
System drive C: has 132 GB (55%) free of 238 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:22:22, on 22.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\DU Meter\DUMeterSvc.exe
c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\TweakMASTER\TMTray.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Orbitdownloader\orbitdm.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\EHTray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\PokerStars\PokerStars.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Dokumente und Einstellungen\Ich\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\Ich.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Programme\TweakMASTER\TweakBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: TBSB03968 - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TweakMASTER] "C:\Programme\TweakMASTER\TMTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] REM C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [WinPerfectAutoRun] C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [WinPerfectAutoRun] C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe -boot (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [AutoStart-Manager 2006] "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-776561741-1425521274-725345543-1004\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-776561741-1425521274-725345543-1004 Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe (User '?')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Zu &LinkFox hinzufügen - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Programme\PokerStars.TEST\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: nnnopOhi - nnnopOhi.dll (file missing)
O20 - Winlogon Notify: urqQjiGY - urqQjiGY.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Programme\DU Meter\DUMeterSvc.exe
O23 - Service: DVRMSFileWatcherService - - c:\programme\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate1c92d5b88e0307c) (gupdate1c92d5b88e0307c) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\test.com\HIDEC.exe" "C:\test.com\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 13172 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2008-12-19 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll [2009-01-22 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programme\AVG\AVG8\avgssie.dll [2009-08-21 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}]
TweakMASTER PRO Component - C:\Programme\TweakMASTER\TweakBHO.dll [2008-05-18 133184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
TBSB03968 Class - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-02-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-07-17 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-01-22 211272]
{000E148C-F7A7-445A-9044-93BF6CE09ECB} - Toolbar fuer eBay - C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll [2008-08-14 2484224]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"nwiz"=nwiz.exe /install []
"TweakMASTER"=C:\Programme\TweakMASTER\TMTray.exe [2008-05-18 610368]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-01 7311360]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2008-11-20 290088]
"FreePDF Assistant"=REM C:\Programme\FreePDF_XP\fpassist.exe []
"UnlockerAssistant"=C:\Programme\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-21 2007832]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-10 160768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"PhonostarTimer"=C:\Programme\phonostar\ps_timer.exe [2009-05-13 126976]
"WinPerfectAutoRun"=C:\Programme\nobox.de\HS WinPerfect\WinPerfect.exe [2007-09-28 3732992]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"AutoStart-Manager 2006"=C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe [2005-12-23 397312]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UserAccess7"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Hama Wireless LAN Utility.lnk - C:\Programme\Hama\Common\RaUI.exe
Orbit.lnk - C:\Programme\Orbitdownloader\orbitdm.exe

C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart
OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-21 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
avldr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnopOhi]
nnnopOhi.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqQjiGY]
urqQjiGY.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJBrstU
"notification packages"=scecli
C:\WINDOWS\system32\kusewovi.dll
C:\WINDOWS\system32\wudepuve.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

Umleitung auf windowsclick.com , Programme funktionieren nicht etc.

Plagegeister aller Art und deren Bekämpfung: Umleitung auf windowsclick.com , Programme funktionieren nicht etc.