Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Google Links (und andere) führen zu Werbung + Partition unformatiert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.08.2009, 11:07   #1
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Hallo,
habe seit ein paar Tagen das Problem, dass Google Links bei mir desöfteren zu Werbung führen und nicht zu der angegebenen Seite. Außerdem führen auch noch andere Links von allen möglichen Seiten zu "windowsclick.com" welches sich dann zur Google-Startseite umwandelt.

Habe diesen Thread gesehen und würde gern wissen, ob ich auch ein Rootkit hab und die Maßnahmen durchführen soll oder ob es bei mir an etwas anderem liegt.

Ein anderes Problem ist, dass meine Partition E: plötzlich als unformatiert angezeigt wird. Ist die Festplatte kaputt oder kanns sein, dass ein Virus schuld daran ist? Außerdem konnte ich Malwarebytes Antimalware und Spybot nicht direkt ausführen, sondern musste erst eine Kopie der .exe machen und diese dann starten. Keine Ahnung, ob das was zu sagen hat, aber ich fands komisch.

Hier mein HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:59:30, on 27.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\LClock\LClock.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
D:\Progs\ICQ Away Reader\ICQ Away Reader.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Progs\ICQ6.5\ICQ.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
D:\Progs\Opera\opera.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre6\bin\java.exe
C:\Programme\Firefox 2.0\Mozilla Firefox\firefox.exe
D:\Progs\HiJackThis\HijackThis.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://192.168.2.1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Progs\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Progs\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Progs\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LanguageShortcut] D:\Progs\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: ICQ Away Reader.lnk = D:\Progs\ICQ Away Reader\ICQ Away Reader.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - D:\Progs\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - D:\Progs\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161598910476
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe


Habe AntiVir, Spybot und Malwarebytes schon durchlaufen lassen und alles bereinigt.. hat leider nichts gebracht.

Alt 27.08.2009, 11:14   #2
Chris4You
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Hi,

das HJ-Log gibt nicht viel her, daher beschleicht mich wieder so ein ungutes Gefühl...

Erweitertes Vorgehen:

Bitte RSIT und Gmer:

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.

* Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

zusätzlich noch MBR-Rootkit
Lade den MBR-Rootkitscanner von GMER auf Deine Bootplatte:
http://www2.gmer.net/mbr/mbr.exe
Merke Dir das Verzeichnis wo Du ihn runtergeladen hast;
Start->Ausführen->cmd
Wechsle in das Verzeichnis des Downloads und starte durch Eingabe
von mbr das Programm...
Das Ergebnis sollte so aussehen:
Zitat:
D:\Downloads>mbr
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
In dem Verzeichnis wo mbr.exe liegt findest Du das Log,
poste es im Thread;

Was wurde von MAM gelöscht/gefunden?

chris
__________________

__________________

Alt 27.08.2009, 11:32   #3
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Hallo, erstmal danke für die schnelle Hilfe..

Dann fang ich mal an:

RSIT log.txt Teil 1:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Patrick at 2009-08-27 11:17:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (11%) free of 95 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:55, on 27.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\LClock\LClock.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
D:\Progs\ICQ Away Reader\ICQ Away Reader.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Progs\ICQ6.5\ICQ.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
D:\Progs\Opera\opera.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre6\bin\java.exe
C:\Dokumente und Einstellungen\Patrick\Desktop\RSIT.exe
C:\Programme\trend micro\Patrick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://192.168.2.1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Progs\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Progs\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Progs\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LanguageShortcut] D:\Progs\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [LClock] C:\Programme\LClock\LClock.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ICQ Away Reader.lnk = D:\Progs\ICQ Away Reader\ICQ Away Reader.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - D:\Progs\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - D:\Progs\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - D:\Progs\iMacros\imacros.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Progs\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Progs\ICQ6.5\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - h**p://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h++p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161598910476
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 9530 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - D:\Progs\FlashGet\jccatch.dll [2007-01-22 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - D:\Progs\FlashGet\getflash.dll [2007-01-15 136968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet - D:\Progs\FlashGet\fgiebar.dll [2007-01-15 104200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]
"LanguageShortcut"=D:\Progs\PowerDVD\Language\Language.exe [2007-02-07 54832]
"LClock"=C:\Programme\LClock\LClock.exe [2004-09-20 65536]
""= []
"Dit"=C:\WINDOWS\Dit.exe [2003-12-30 94208]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-02-24 508416]
"ledpointer"=C:\WINDOWS\CNYHKey.exe [2004-02-03 5794816]
"XboxStat"=C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-06-29 286720]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ISUSPM"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [2009-01-25 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
C:\Programme\Gemeinsame Dateien\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-09-21 615696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
C:\WINDOWS\mHotkey.exe [2004-02-24 508416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
D:\Progs\Daemon Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
C:\WINDOWS\CNYHKey.exe [2004-02-03 5794816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE [2006-07-19 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\Progs\PowerDVD\PDVDServ.exe [2007-02-07 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-09-19 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-04-21 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Progs\Winamp Pro\winampa.exe [2006-11-21 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3

C:\Dokumente und Einstellungen\Patrick\Startmenü\Programme\Autostart
ICQ Away Reader.lnk - D:\Progs\ICQ Away Reader\ICQ Away Reader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
__________________

Geändert von Pat89 (27.08.2009 um 11:41 Uhr)

Alt 27.08.2009, 11:36   #4
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



RSIT log.txt Teil 2:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Progs\ICQ 5.1\ICQLite\ICQLite.exe"="D:\Progs\ICQ 5.1\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Progs\ICQ 5.1 - Englisch\ICQ Pro7\ICQLite.exe"="D:\Progs\ICQ 5.1 - Englisch\ICQ Pro7\ICQLite.exe:*:Enabled:ICQLite"
"D:\Spiele\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe"="D:\Spiele\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Firefox 2.0\Mozilla Firefox\firefox.exe"="C:\Programme\Firefox 2.0\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\Progs\FlashGet\flashget.exe"="D:\Progs\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server"
"D:\Progs\PowerDVD\PowerDVD.exe"="D:\Progs\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"D:\Progs\Skype\Phone\Skype.exe"="D:\Progs\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\Progs\ICQLite 5.1\ICQLite.exe"="D:\Progs\ICQLite 5.1\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Progs\Opera\Opera.exe"="D:\Progs\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe"="D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Progs\ICQ6\ICQ.exe"="D:\Progs\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Spiele\World of Warcraft\WoW-2.4.2-enGB-downloader.exe"="D:\Spiele\World of Warcraft\WoW-2.4.2-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1d784408\Launcher.exe"="C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1d784408\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Progs\ICQ6.5\ICQ.exe"="D:\Progs\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Progs\Bearshare\BearShare.exe"="D:\Progs\Bearshare\BearShare.exe:*:Disabled:BearShare"
"D:\Progs\BitTorrent\bittorrent.exe"="D:\Progs\BitTorrent\bittorrent.exe:*:Disabled:bittorrent"
"D:\Progs\Curse\CurseClient.exe"="D:\Progs\Curse\CurseClient.exe:*:Disabled:Curse Client"
"D:\Progs\eMule\emule.exe"="D:\Progs\eMule\emule.exe:*:Disabled:eMule"
"C:\Programme\Far Cry\Bin32\FarCry.exe"="C:\Programme\Far Cry\Bin32\FarCry.exe:*:Disabled:Far Cry"
"D:\Spiele\Steam\SteamApps\shox_1\counter-strike\hl.exe"="D:\Spiele\Steam\SteamApps\shox_1\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Programme\Steam\steamapps\Shox_1\counter-strike\hl.exe"="C:\Programme\Steam\steamapps\Shox_1\counter-strike\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Programme\Halo\haloce.exe"="C:\Programme\Halo\haloce.exe:*:Disabled:Halo"
"C:\Programme\Steam\steamapps\Shox_1\counter-strike source\hl2.exe"="C:\Programme\Steam\steamapps\Shox_1\counter-strike source\hl2.exe:*:Disabled:hl2"
"D:\Spiele\Black and White\runblack.exe"="D:\Spiele\Black and White\runblack.exe:*:Disabled:lh"
"C:\Programme\Sony Ericsson\Update Service\ma3platform.exe"="C:\Programme\Sony Ericsson\Update Service\ma3platform.exe:*:Disabled:ma3platform"
"D:\Progs\Miranda\Miranda IM\miranda32.exe"="D:\Progs\Miranda\Miranda IM\miranda32.exe:*:Disabled:Miranda IM"
"D:\Spiele\Neverwinter Nights II\nwn2main_amdxp.exe"="D:\Spiele\Neverwinter Nights II\nwn2main_amdxp.exe:*:Disabled:Neverwinter Nights 2 AMD"
"D:\Spiele\Neverwinter Nights II\nwn2main.exe"="D:\Spiele\Neverwinter Nights II\nwn2main.exe:*:Disabled:Neverwinter Nights 2 Main"
"D:\Spiele\Neverwinter Nights II\nwn2server.exe"="D:\Spiele\Neverwinter Nights II\nwn2server.exe:*:Disabled:Neverwinter Nights 2 Server"
"D:\Spiele\Neverwinter Nights II\nwupdate.exe"="D:\Spiele\Neverwinter Nights II\nwupdate.exe:*:Disabled:Neverwinter Nights 2 Updater"
"D:\Spiele\Quake IV\Quake4Ded.exe"="D:\Spiele\Quake IV\Quake4Ded.exe:*:Disabled:Quake 4"
"C:\Programme\Bid For Power\Bid For Power\quake3.exe"="C:\Programme\Bid For Power\Bid For Power\quake3.exe:*:Disabled:quake3"
"D:\Progs\QIP\qip.exe"="D:\Progs\QIP\qip.exe:*:Disabled:Quiet Internet Pager"
"D:\Progs\CryptLoad_1.0.4\RouterClient.exe"="D:\Progs\CryptLoad_1.0.4\RouterClient.exe:*:Disabled:RouterClient"
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC"
"C:\Programme\Titan Quest Immortal Throne\Tqit.exe"="C:\Programme\Titan Quest Immortal Throne\Tqit.exe:*:Disabled:Tqit"
"D:\Progs\TVU Player\TVUPlayer.exe"="D:\Progs\TVU Player\TVUPlayer.exe:*:Disabled:TVU Player Component"
"D:\Progs\Ventrilo\Ventrilo.exe"="D:\Progs\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91cf1bcc-76ee-11db-b349-000c76a6ff4e}]
shell\AutoRun\command - L:\Launch.exe


======List of files/folders created in the last 1 months======

2009-08-27 11:17:36 ----D---- C:\Programme\trend micro
2009-08-27 11:17:35 ----D---- C:\rsit
2009-08-26 18:04:51 ----A---- C:\WINDOWS\RCoUn0.exe
2009-08-26 14:16:26 ----A---- C:\WINDOWS\cadkasdeinst01.exe
2009-08-25 20:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-23 17:13:51 ----D---- C:\Prototype
2009-08-23 15:42:26 ----D---- C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Malwarebytes
2009-08-23 15:25:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-23 10:27:38 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-23 10:27:38 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-23 10:27:37 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-08-23 10:27:36 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-08-23 10:27:35 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-08-23 10:27:35 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-08-23 10:27:33 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-08-23 10:27:32 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-08-23 10:26:21 ----HD---- C:\WINDOWS\msdownld.tmp
2009-08-23 10:11:47 ----D---- C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\DAEMON Tools Pro
2009-08-22 11:52:28 ----A---- C:\WINDOWS\system32\xa.tmp
2009-08-13 00:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 00:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 00:20:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 00:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 00:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 00:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 00:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 00:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 00:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-10 03:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-08 22:17:19 ----D---- C:\043a37f82b0859dc53769c5432
2009-08-05 17:25:06 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-05 17:25:06 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-05 17:25:06 ----A---- C:\WINDOWS\system32\java.exe
2009-08-02 23:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-02 23:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-02 23:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-27 11:17:36 ----RD---- C:\Programme
2009-08-26 19:02:03 ----D---- C:\WINDOWS\Prefetch
2009-08-26 18:49:29 ----D---- C:\Programme\AntiVir PersonalEdition Classic
2009-08-26 18:49:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-08-26 18:04:51 ----D---- C:\WINDOWS
2009-08-26 14:39:44 ----D---- C:\WINDOWS\system32
2009-08-26 13:07:51 ----D---- C:\WINDOWS\Temp
2009-08-25 20:25:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-25 20:20:03 ----HD---- C:\WINDOWS\inf
2009-08-25 20:20:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-25 20:19:59 ----D---- C:\WINDOWS\system32\drivers
2009-08-25 15:47:08 ----A---- C:\WINDOWS\wininit.ini
2009-08-25 15:14:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-25 14:41:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-08-24 18:13:44 ----D---- C:\Dokumente und Einstellungen\Patrick\Anwendungsdaten\Spybot - Search & Destroy
2009-08-24 17:51:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-24 17:19:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-23 20:44:07 ----D---- C:\WINDOWS\network diagnostic
2009-08-23 10:27:38 ----D---- C:\WINDOWS\system32\DirectX
2009-08-23 09:56:56 ----SHD---- C:\WINDOWS\Installer
2009-08-13 00:20:23 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 00:19:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-08-13 00:19:00 ----D---- C:\Programme\Outlook Express
2009-08-10 03:12:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-09 15:31:06 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-08 22:33:12 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-08 22:33:09 ----RSD---- C:\WINDOWS\assembly
2009-08-08 22:23:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-08 22:23:10 ----D---- C:\WINDOWS\WinSxS
2009-08-08 22:18:22 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-08 22:18:18 ----D---- C:\WINDOWS\system32\en-us
2009-08-08 22:18:12 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 17:51:44 ----D---- C:\Programme\DivX
2009-08-07 17:51:11 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-08-05 22:21:20 ----A---- C:\WINDOWS\system.ini
2009-08-05 17:25:04 ----D---- C:\Programme\Java
2009-08-05 10:59:36 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-02 15:15:26 ----D---- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-04-28 50816]
R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\system32\drivers\SSHDRV76.sys []
R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\D:\Progs\PowerDVD\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-02 271360]
R2 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-09-01 3712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-02-02 18048]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-26 3565568]
R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LHidUsbK;SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-07-19 36736]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-02 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-02 5888]
R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 UKBFLT;UKBFLT; C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wbscr;Winbond Smartcard Reader for I/O; C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 19928]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
S3 aj0ilic4;aj0ilic4; C:\WINDOWS\system32\drivers\aj0ilic4.sys []
S3 ajcy51co;ajcy51co; C:\WINDOWS\system32\drivers\ajcy51co.sys []
S3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz132;cpuz132; \??\C:\DOKUME~1\Patrick\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\D:\Progs\Everest\kerneld.wnt []
S3 ggsemc;Sony Ericsson USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2007-05-24 8704]
S3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2003-05-22 670203]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
S3 PRISM_A00;PRISM 802.11g Driver; C:\WINDOWS\System32\DRIVERS\PRISMA00.sys [2004-01-16 380736]
S3 RimUsb;BlackBerry-Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 LckFldService;LckFldService; C:\WINDOWS\system32\LckFldService.exe []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-09-19 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-09-19 170480]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-09-19 1108464]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 StarWindServiceAE;StarWind AE Service; D:\Progs\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]

-----------------EOF-----------------

Geändert von Pat89 (27.08.2009 um 11:46 Uhr)

Alt 27.08.2009, 11:40   #5
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



RSIT info.txt Teil 1:


info.txt logfile of random's system information tool 1.06 2009-08-27 11:18:00

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->D:\Progs\FOLDER~1\FOLDER~2.EXE UnInstall
-->MsiExec /X{506DDFBE-983F-4BC3-84B8-65F423B2D798}
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.42-->"D:\Progs\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{84F1B62A-E6F6-458E-BC19-51DBB14055EA}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{84F1B62A-E6F6-458E-BC19-51DBB14055EA}
BlackBerry Device Software v4.6.1 für das BlackBerry 8900-Smartphone-->MsiExec.exe /X{976E06C6-79D6-4DA2-B273-51C5BA7B636F}
Blaze Media Pro-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3CF1EF0D-29E2-4553-A9ED-4D514B45A07D}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
BSPlayer-->"D:\Progs\BS Player 2\BSplayerPro\uninstall.exe"
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
C-Media Audio-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\C-Media Audio\Uninst.isu" -c"C:\Programme\C-Media Audio\CMIUnInstall.DLL"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Debugging Tools for Windows-->MsiExec.exe /I{1C943495-B69F-4D41-AE0E-23C57ECD90EE}
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->D:\Progs\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVEREST Home Edition v2.20-->D:\Progs\Everest\unins000.exe
FireTune-->C:\WINDOWS\iun6002.exe "D:\Progs\FireTune\irunin.ini"
FlashGet 1.81-->D:\Progs\FlashGet\uninst.exe
floAt's Mobile Agent 2-->"C:\Programme\FMA 2\unins000.exe"
Freez FLV to MP3 Converter-->"D:\Progs\Freez FLV to MP3 Converter\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
ICQ Away Reader 1.4-->"D:\Progs\ICQ Away Reader\unins000.exe"
ICQ UIN Backup 1.3-->"D:\Progs\ICQ Tools\ICQ UIN Backup NEU für ICQ6\unins000.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iMacros V6.02-->"D:\Progs\iMacros\unins000.exe"
IrfanView (remove only)-->D:\Progs\IrfanView\iv_uninstall.exe
IsoBuster 2.1-->"D:\Progs\IsoBuster\Uninst\unins000.exe"
J2SE Development Kit 5.0 Update 5-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150050}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Logitech SetPoint-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Malwarebytes' Anti-Malware-->"D:\Progs\Malwarebytes Anti-Malware 1.40\unins000.exe"
Medion Flash XL 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
Messenger Plus! Live-->"D:\Progs\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}


Alt 27.08.2009, 11:41   #6
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



RSIT info.txt Teil 2:

Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}
MindManager Smart-->D:\Progs\MINDMA~1\UNWISE.EXE D:\Progs\MINDMA~1\INSTALL.LOG
Miranda IM-->D:\Progs\Miranda\Miranda IM\uninstall.exe
Mozilla Firefox (1.5)-->C:\Programme\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
Mozilla Firefox (3.5.2)-->C:\Programme\Firefox 2.0\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.42-->D:\Progs\Mp3tag\Mp3tagUninstall.EXE
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyPhoneExplorer-->C:\Programme\MyPhoneExplorer\uninstall.exe
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA PhysX-->MsiExec.exe /X{506DDFBE-983F-4BC3-84B8-65F423B2D798}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
PartyPoker.net-->"D:\Progs\PartyPoker\PartyPokerNet\Uninstall.exe" "D:\Progs\PartyPoker\PartyPokerNet\install.log"
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
PDF Reader 2-->C:\WINDOWS\cadkasdeinst01.exe "D:\Progs\PDF Reader 2\"
PokerStars.net-->D:\Progs\PokerStars.de\Uninstall.EXE /u:"PokerStars.net"
PowerDVD-->"C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000407 /z-uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riva FLV Encoder 2.0-->"D:\Progs\Riva Converter\Riva FLV Encoder 2.0\unins000.exe"
RouterControl 2.0-->C:\WINDOWS\RCoUn0.exe /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"
Roxio Media Manager-->MsiExec.exe /X{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}
ScummVM 0.9.1-->"D:\Progs\ScummVM\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFT Loader 2006-->D:\Progs\SFT Loader\uninstall.exe
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SIW version 2009-05-12-->"D:\Progs\SIW\unins000.exe"
Skype 3.1-->"C:\Programme\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Ericsson Themes Creator 2.54-->D:\Progs\Sony Ericsson\Themes Creator\Uninstall.exe
SpeedFan (remove only)-->"D:\Progs\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"D:\Progs\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2007.bld.23 (July 4, 2007)-->D:\Progs\SUPER\Setup.exe /remove /q0
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->D:\Progs\Teamspeak\unins000.exe
TeamSpeak Overlay BETA 2 (#63)-->"d:\progs\ts overlay\uninstall.exe"
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Titan Poker-->"C:\WINDOWS\Titan Poker setup.exe" /uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb972691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AA020E6E-E2FB-45EF-B732-2400E2296742}
Update für Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Wireless Keyboard Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D1955A3A-EA24-4682-8641-43B5B688B09A}\Setup.exe" -l0x7
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.5-test4-->D:\Progs\VLC\uninstall.exe
W83L518D-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe" -l0x7
WinAce Archiver-->"D:\Progs\WinAce\SXUNINST.EXE" "D:\Progs\WinAce\SXUNINST.INI"
Winamp (remove only)-->"D:\Progs\Winamp Pro\UninstWA.exe"
WinAVIVideoConverter-->D:\Progs\WinAVIVideoConverter\unins000.exe
Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Support Tools-->MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Progs\WinRAR\uninstall.exe
WinZip-->"D:\Progs\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 w*w.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 w*w.008k.com
127.0.0.1 008k.com
127.0.0.1 w*w.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 w*w.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition

======System event log======

Computer Name: PATRICK-2DCT6O1
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 87361
Source Name: Service Control Manager
Time Written: 20090717153340.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PATRICK-2DCT6O1
Event Code: 7036
Message: Dienst "Universeller Plug & Play-Gerätehost" befindet sich jetzt im Status "Ausgeführt".

Record Number: 87360
Source Name: Service Control Manager
Time Written: 20090717130838.000000+120
Event Type: Informationen
User:

Computer Name: PATRICK-2DCT6O1
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Universeller Plug & Play-Gerätehost" gesendet.

Record Number: 87359
Source Name: Service Control Manager
Time Written: 20090717130837.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PATRICK-2DCT6O1
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 87358
Source Name: Service Control Manager
Time Written: 20090717124411.000000+120
Event Type: Informationen
User:

Computer Name: PATRICK-2DCT6O1
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 87357
Source Name: Service Control Manager
Time Written: 20090717124403.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: PATRICK-2DCT6O1
Event Code: 0
Message:
Record Number: 3388
Source Name: RoxLiveShare9
Time Written: 20090205233845.000000+060
Event Type: Informationen
User:

Computer Name: PATRICK-2DCT6O1
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 3387
Source Name: SecurityCenter
Time Written: 20090205233716.000000+060
Event Type: Informationen
User:

Computer Name: PATRICK-2DCT6O1
Event Code: 4096
Message:
Record Number: 3386
Source Name: Avira AntiVir
Time Written: 20090205233618.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: PATRICK-2DCT6O1
Event Code: 105
Message: The service was started.

Record Number: 3385
Source Name: ATI Smart
Time Written: 20090205233601.000000+060
Event Type: Informationen
User:

Computer Name: PATRICK-2DCT6O1
Event Code: 302
Message: msnmsgr (2312) \\.\C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\patrick.msn@web.de\SharingMetadata\Working\database_D2A0_DBEC_A0DB_D557\dfsr.db: Das Datenbankmodul hat erfolgreich die Schritte zur Wiederherstellung abgeschlossen.

Record Number: 3384
Source Name: ESENT
Time Written: 20090205165444.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\;C:\Programme\Support Tools\;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------



GMER (schlug direkt an):
GMER 1.0.15.15077 [e0qsv2oh.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-27 11:23:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8A914230 ZwEnumerateKey
Code 8A913610 ZwFlushInstructionCache
Code 8A91574E IofCallDriver
Code 8A92AF16 IofCompleteRequest
Code 8A90E74D ZwSaveKey
Code 8A5E0615 ZwSaveKeyEx

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AB501F8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UAClxtjppirmt.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----



MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
BIOS signateure not found



MBAM:
Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2682
Windows 5.1.2600 Service Pack 3

23.08.2009 17:04:34
mbam-log-2009-08-23 (17-04-34).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 329358
Laufzeit: 1 hour(s), 19 minute(s), 13 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\npclntax.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3CF1EF0D-29E2-4553-A9ED-4D514B45A07D}\offline\IFGMGCEMRAFAKNXEIMMAXFNSDRFFFF0\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
C:\Programme\Path of Neo\mat\Clone\For_Clone_DVD_From_MiRROR.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Programme\Path of Neo\mat\Retail\For_EU_Retail.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\memman.vxd (Rogue.sysCleanerPro) -> Quarantined and deleted successfully.
D:\Progs\BS Player 2\BSP2.12\BSPlayer_2.12.941\KeyGen\keygen.exe (Trojan.Hacktool) -> Not selected for removal.
D:\Progs\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully.
D:\Progs\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully.
D:\Progs\SC MP3 WAV Converter\scmpw6.exe (Adware.Zango) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-606747145-1547161642-725345543-1004\Dd6.8\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.



PS: Mein PC scheint ziemlich zugemüllt zu sein..

Geändert von Pat89 (27.08.2009 um 11:47 Uhr)

Alt 27.08.2009, 11:51   #7
Chris4You
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Hi,

wir müssen erst den Rootkit aus dem Weg räumen, dann noch mal mit MAM und Avira drüber. Der Rootkit schützt einige Komponenten, so dass die sich immer wieder neu "herstellen/Runterladen" können...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Weitere Anleitung unter:http://www.bleepingcomputer.com/comb...x-benutzt-wird

Danach MAM updaten und von der Leine lassen, fullscan:

Danach bitte noch einen mit AVIRA wie folgt:
Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-a...tellungen.html
Führe einen Systemscan durch und poste das Ergebnis!

chris
Ps.: Wegen dem Keylogger unbedingt von einem sauberen PC aus die Passwörter ändern!
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 27.08.2009, 17:05   #8
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Soo.. endlich fertig ^^

Combofix:

ComboFix 09-08-26.05 - Patrick 27.08.2009 12:22.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1663 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Patrick\Desktop\ComboFix2.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\run.log
c:\windows\system32\BReWErS.dll
c:\windows\system32\drivers\UAClxtjppirmt.sys
c:\windows\system32\nerocheck.exe
c:\windows\system32\skinboxer43.dll
c:\windows\system32\UACbpjegpyncf.db
c:\windows\system32\UAChcqotjfrxr.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkjyxejnoea.dll
c:\windows\system32\UACnhmpaijaor.dll
c:\windows\system32\UACoelxewlkyt.dat
c:\windows\system32\UACxuvpxyowir.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((( Dateien erstellt von 2009-07-27 bis 2009-08-27 ))))))))))))))))))))))))))))))
.

2009-08-27 09:24 . 2009-08-27 09:25 -------- d-----w- C:\MBR
2009-08-27 09:17 . 2009-08-27 09:17 -------- d-----w- c:\programme\trend micro
2009-08-27 09:17 . 2009-08-27 09:18 -------- d-----w- C:\rsit
2009-08-26 16:04 . 2009-05-19 11:49 330344 ----a-w- c:\windows\RCoUn0.exe
2009-08-26 12:16 . 2009-08-26 12:16 74240 ----a-w- c:\windows\cadkasdeinst01.exe
2009-08-23 15:13 . 2009-08-27 09:16 -------- d-----w- C:\Prototype
2009-08-23 13:42 . 2009-08-23 13:42 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Malwarebytes
2009-08-23 13:25 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 13:25 . 2009-08-23 13:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-23 13:25 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 08:11 . 2009-08-23 08:11 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\DAEMON Tools Pro
2009-08-23 07:56 . 2009-08-23 07:56 12862 ----a-r- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-08-12 16:56 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 20:17 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 20:17 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 20:17 . 2009-08-08 20:17 -------- d-----w- C:\043a37f82b0859dc53769c5432
2009-08-08 20:17 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 20:17 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-05 15:24 . 2009-08-05 15:24 152576 ----a-w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 08:59 . 2009-08-05 08:59 206336 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 16:49 . 2006-10-23 12:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-08-25 12:41 . 2007-02-07 09:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-08-24 16:13 . 2007-02-07 09:52 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Spybot - Search & Destroy
2009-08-24 15:49 . 2009-03-28 12:45 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2009-08-24 15:18 . 2007-02-11 13:11 154 ----a-w- c:\windows\system32\mslck.dat
2009-08-23 08:11 . 2006-11-10 10:09 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-22 09:52 . 2009-08-22 09:52 784890 ----a-w- c:\windows\system32\xa.tmp
2009-08-18 19:27 . 2008-11-28 16:16 256 ----a-w- c:\windows\system32\pool.bin
2009-08-12 22:19 . 2006-12-20 14:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-08-08 21:47 . 2006-10-23 11:30 101648 ----a-w- c:\dokumente und einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-08-08 20:23 . 2003-04-02 12:00 80754 ----a-w- c:\windows\system32\perfc007.dat
2009-08-08 20:23 . 2003-04-02 12:00 451374 ----a-w- c:\windows\system32\perfh007.dat
2009-08-07 15:51 . 2006-10-23 12:33 -------- d-----w- c:\programme\DivX
2009-08-07 15:51 . 2009-03-14 22:26 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared
2009-08-05 15:25 . 2006-10-23 14:52 -------- d-----w- c:\programme\Java
2009-08-05 08:59 . 2006-10-23 10:03 206336 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 13:15 . 2008-08-04 00:34 -------- d-----w- c:\programme\Gemeinsame Dateien\Blizzard Entertainment
2009-07-25 03:23 . 2008-12-14 11:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-04-02 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-10-23 11:04 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-12 14:58 . 2006-11-06 19:15 -------- d-----w- c:\dokumente und einstellungen\Patrick\Anwendungsdaten\teamspeak2
2009-06-25 08:25 . 2005-06-15 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2003-04-02 12:00 737792 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-04-02 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-04-02 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-04-02 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-04-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2003-04-02 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-17 09:44 . 2009-06-16 13:20 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-17 09:44 . 2009-06-16 13:20 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-16 14:36 . 2003-04-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-04-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 13:22 . 2006-11-10 22:45 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-15 10:43 . 2003-04-02 12:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2003-04-02 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2009-03-15 19:05 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-04-02 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2006-10-23 10:03 1296896 ----a-w- c:\windows\system32\quartz.dll
2006-09-16 16:01 . 2006-10-23 12:04 60526 ----a-w- c:\programme\mozilla firefox\components\jar50.dll
2006-09-16 16:01 . 2006-10-23 12:04 49256 ----a-w- c:\programme\mozilla firefox\components\jsd3250.dll
2006-09-16 16:01 . 2006-10-23 12:04 166000 ----a-w- c:\programme\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2007-08-10 17:04 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2007-08-10 17:04 31232 --sh--r- c:\windows\system32\msfDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"LanguageShortcut"="d:\progs\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"LClock"="c:\programme\LClock\LClock.exe" [2004-09-19 65536]
"XboxStat"="c:\programme\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2003-12-29 94208]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-02-24 508416]
"ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2004-02-03 5794816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Patrick\Startmen\Programme\Autostart\
ICQ Away Reader.lnk - d:\progs\ICQ Away Reader\ICQ Away Reader.exe [2009-3-19 548864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Microsoft Office Groove Audit Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Progs\\ICQ 5.1 - Englisch\\ICQ Pro7\\ICQLite.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Firefox 2.0\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Progs\\FlashGet\\flashget.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Progs\\PowerDVD\\PowerDVD.exe"=
"d:\\Progs\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Progs\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Progs\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Progs\\BitTorrent\\bittorrent.exe"=
"d:\\Progs\\eMule\\emule.exe"=
"d:\\Progs\\Miranda\\Miranda IM\\miranda32.exe"=
"d:\\Progs\\CryptLoad_1.0.4\\RouterClient.exe"=
"d:\\Progs\\Ventrilo\\Ventrilo.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [24.10.2006 13:14 53760]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [24.10.2006 19:48 3712]
R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [28.03.2009 14:45 13440]
R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [24.10.2006 16:50 11672]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [12.04.2009 02:21 19928]
S3 cpuz132;cpuz132;\??\c:\dokume~1\Patrick\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys --> c:\dokume~1\Patrick\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\progs\Everest\kerneld.wnt [18.08.2005 01:00 7168]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [23.10.2006 12:16 24704]
S3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [23.10.2006 12:16 380736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://192.168.2.1/
IE: &Alles mit FlashGet laden - d:\progs\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - d:\progs\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Patrick\Anwendungsdaten\Mozilla\Firefox\Profiles\e3z5h6km.Patrick\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programme\Firefox 2.0\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\progs\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: d:\progs\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\progs\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\progs\Opera\program\plugins\npqtplugin.dll
FF - plugin: d:\progs\Opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\progs\Opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\progs\Opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\progs\Opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\progs\Opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\progs\Opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\progs\Opera\program\plugins\NPSWF32.dll
FF - plugin: d:\progs\Opera\program\plugins\npwmsdrm.dll

---- FIREFOX Richtlinien ----
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.notify.ontimer - true
FF - user.js: content.notify.interval - 100000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 4
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: intl.accept_languages - de, en, en-us
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.switch.threshold - 650000
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programme\Firefox 2.0\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programme\Firefox 2.0\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 12:31
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\EverestDriver]
"ImagePath"="\??\d:\progs\Everest\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet012\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\progs\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-606747145-1547161642-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:9d,e1,91,1d,3c,37,34,8f,51,46,bf,db,a9,1d,9b,cd,bf,7c,db,35,04,
da,9b,72,f6,30,d5,1a,90,6f,6c,8c,93,93,f3,8f,27,ec,0b,37,9e,67,94,cb,3c,a7,\
"rkeysecu"=hex:d2,be,92,ff,ea,c2,e2,37,0c,44,e3,e1,46,2c,aa,4f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2009-08-27 12:35
ComboFix-quarantined-files.txt 2009-08-27 10:34

Vor Suchlauf: 18 Verzeichnis(se), 10.994.688.000 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 11.785.011.200 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

291 --- E O F --- 2009-08-25 18:20

Alt 27.08.2009, 17:08   #9
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



MBAM:

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2705
Windows 5.1.2600 Service Pack 3

27.08.2009 14:31:59
mbam-log-2009-08-27 (14-31-59).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 131827
Laufzeit: 1 hour(s), 45 minute(s), 58 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnhmpaijaor.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxuvpxyowir.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UAClxtjppirmt.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047238.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047239.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047240.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xa.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


AntiVir:


Avira AntiVir Personal
Report file date: Donnerstag, 27. August 2009 15:16

Scanning for 1665449 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PATRICK-2DCT6O1

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 15.5.2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25.11.2008 15:51:02
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18.7.2008 15:03:25
LUKE.DLL : 8.1.4.5 164097 Bytes 18.7.2008 15:03:25
LUKERES.DLL : 8.1.4.0 12033 Bytes 18.7.2008 15:03:25
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 00:48:20
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.6.2009 11:34:44
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21.8.2009 17:02:43
ANTIVIR3.VDF : 7.1.5.172 194560 Bytes 27.8.2009 13:15:24
Engineversion : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 30.4.2009 20:15:25
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 26.8.2009 16:49:14
AESCN.DLL : 8.1.2.4 127348 Bytes 23.7.2009 14:10:09
AERDL.DLL : 8.1.2.4 430452 Bytes 14.7.2009 23:42:18
AEPACK.DLL : 8.1.3.18 401783 Bytes 27.5.2009 17:48:52
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 22.6.2009 12:00:18
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 18.8.2009 16:51:35
AEHELP.DLL : 8.1.6.0 233846 Bytes 18.8.2009 16:51:17
AEGEN.DLL : 8.1.1.59 356725 Bytes 26.8.2009 16:49:12
AEEMU.DLL : 8.1.0.9 393588 Bytes 18.10.2008 01:08:49
AECORE.DLL : 8.1.7.6 184694 Bytes 23.7.2009 14:09:47
AEBB.DLL : 8.1.0.3 53618 Bytes 18.10.2008 01:08:46
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18.7.2008 15:03:25
AVPREF.DLL : 8.0.2.0 38657 Bytes 18.7.2008 15:03:25
AVREP.DLL : 8.0.0.3 155688 Bytes 21.4.2009 15:08:30
AVREG.DLL : 8.0.0.1 33537 Bytes 18.7.2008 15:03:25
AVARKT.DLL : 1.0.0.23 307457 Bytes 17.4.2008 15:13:45
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18.7.2008 15:03:24
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17.4.2008 15:13:46
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18.7.2008 15:03:25
NETNT.DLL : 8.0.0.1 7937 Bytes 17.4.2008 15:13:46
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18.7.2008 15:03:20
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18.7.2008 15:03:20

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programme\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: off
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Donnerstag, 27. August 2009 15:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ICQ Away Reader.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'XBoxStat.exe' - '1' Module(s) have been scanned
Scan process 'CNYHKey.exe' - '1' Module(s) have been scanned
Scan process 'mHotkey.exe' - '1' Module(s) have been scanned
Scan process 'Dit.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Das Gerät ist nicht bereit.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Das Gerät ist nicht bereit.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Das Gerät ist nicht bereit.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Das Gerät ist nicht bereit.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '72' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Dokumente und Einstellungen\Patrick\Desktop\Programme\610_Gamez_For_Sony_Ericsson.rar
[0] Archive type: RAR
--> Worms_Forts_3D_W550_K750_K700.jar
[1] Archive type: ZIP
--> META-INF/MANIFEST.MF
[DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
[NOTE] The file was deleted!
C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\CryptLoad_1.1.8 (1).rar
[0] Archive type: RAR
--> router\FRITZ!Box\nc.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.NetCat.B program
[NOTE] The file was deleted!
C:\Dokumente und Einstellungen\Patrick\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\cache4\temporary_download\CryptLoad_1.1.8.rar
[0] Archive type: RAR
--> router\FRITZ!Box\nc.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.NetCat.B program
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChcqotjfrxr.dll.vir
[DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkjyxejnoea.dll.vir
[DETECTION] Is the TR/TDss.BI Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047241.dll
[DETECTION] Is the TR/TDss.BI Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP203\A0047242.dll
[DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\closeapp.exe
[DETECTION] Contains recognition pattern of the APPL/CloseApp application
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <BACKUP>
D:\Progs\Sony Ericsson Games\Boost.Mobile.1805.Games.Pack.March.2007.J2ME.Retail.RDX.zip
[0] Archive type: ZIP
--> sbmgp37b.zip
[1] Archive type: ZIP
--> sbmgp37.r01
[2] Archive type: RAR
--> BoostPro.jar
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> sbmgp37h.zip
[1] Archive type: ZIP
--> sbmgp37.r07
[2] Archive type: RAR
--> metro_us_lrg.jar
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> sbmgp37l.zip
[1] Archive type: ZIP
--> sbmgp37.r11
[2] Archive type: RAR
--> SimonSays.jar
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> sbmgp37i.zip
[1] Archive type: ZIP
--> sbmgp37.r08
[2] Archive type: RAR
--> NBA_F5_i730.jar
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> sbmgp37a.zip
[1] Archive type: ZIP
--> sbmgp37.r00
[2] Archive type: RAR
--> baberuth.jar
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Spiele\addons\CurseSetup-2.0.0.14 ZWEI.exe
[0] Archive type: NSIS
--> ProgramFilesDir/Updater.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP204\A0047538.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{6AE423D9-F515-414D-928F-922A8B1DCCDA}\RP204\A0047547.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.Xpstyle.U program
[NOTE] The file was deleted!
D:\Tools\ETrustAntivirus\English\eAV_S.Win\AlertCab.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> alert.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\English\eAV_S.Win\Cpackage.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> AVH32DLL.DLL
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\English\eAV_S.Win\webpkg.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> inoweb.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\eTrust Update\eTrustAntiviursupdatefull.exe
[0] Archive type: CAB SFX (self extracting)
--> \QO46360.exe
[1] Archive type: RSRC
--> Object
[2] Archive type: CAB (Microsoft)
--> Arclib.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\French\eAV_S.Win\AlertCab.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> alert.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\French\eAV_S.Win\Cpackage.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> AVH32DLL.DLL
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\German\eAV_S.Win\AlertCab.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> alert.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\German\eAV_S.Win\Cpackage.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> AVH32DLL.DLL
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\Spanish\eAV_S.Win\AlertCab.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> alert.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Tools\ETrustAntivirus\Spanish\eAV_S.Win\Cpackage.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> AVH32DLL.DLL
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <RECOVER>


End of the scan: Donnerstag, 27. August 2009 17:01
Used time: 1:44:49 Hour(s)

The scan has been done completely.

18789 Scanning directories
837063 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
12 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
837049 Files not concerned
9566 Archives were scanned
22 Warnings
12 Notes



Vielen Dank für die Hilfe!! Kann wieder auf E: zugreifen und es scheint auch keine Werbung bei (Google-)Links rauszukommen.. Top Support hier!

Hoffe mein System ist nun sauber ^^

Alt 28.08.2009, 19:45   #10
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Habe nun noch einen Scan mit Prevx gemacht und folgendes gefunden:
http://img42.imageshack.us/img42/5130/prevx.jpg

Da ich für das Programm keine Lizenz hab, kann ich die Sachen nicht entfernen.. was nun?

Alt 31.08.2009, 08:40   #11
Chris4You
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Hi,

lasse folgende Files mal online (virustotal.com) prüfen und poste das Ergebnis:
Code:
ATTFilter
c:\windows\rcoun0.exe
c:\windows\titan poker setup.exe
         
chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 31.08.2009, 15:48   #12
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



rcoun0.exe:
MD5: 0467ede1d7b8874e64e5301adb017018
First received: 2008.12.19 00:57:53 UTC
Date: 2009.08.28 12:40:33 UTC [>3D]
Results: 1/41
Permalink: Virustotal. MD5: 0467ede1d7b8874e64e5301adb017018 Medium Risk Malware

titan poker:
MD5: 7eae9c5dc9ccf4a89f9425c5e4193c35
First received: 2007.01.16 14:19:20 UTC
Date: 2009.07.04 01:08:04 UTC [>58D]
Results: 27/40
Permalink: Virustotal. MD5: 7eae9c5dc9ccf4a89f9425c5e4193c35 Infostealer Heuristic.LooksLike.Trojan.Agent.I a variant of Win32/PTCasino


Pat

Alt 31.08.2009, 16:53   #13
Chris4You
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Hi,

das ist dann wohl tatsächlich was faul, daher räumen wir noch etwas auf:

Wenn Du auf die Poker-Teile verzichten kannst, dann deinstalliere sie, auf jeden Fall Avenger laufen lassen, HJ nur wenn Du sie deinstalliert hast:

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
icq status checker.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")


Code:
ATTFilter
Files to delete:
c:\windows\rcoun0.exe
c:\windows\titan poker setup.exe
         
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Progs\ICQLite 5.1 - 2008\ICQLite.exe (file missing)
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Progs\Poker\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - D:\Progs\PartyPoker\PartyPokerNet\RunPF.exe
         
Chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 31.08.2009, 20:47   #14
Pat89
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



icq status checker:
MD5: 788792ff216c7fdc658af6913e0466ae
First received: 2007.04.10 15:25:13 UTC
Date: 2008.10.17 22:05:52 UTC [>317D]
Results: 2/32
Permalink: Virustotal. MD5: 788792ff216c7fdc658af6913e0466ae Suspicious Trojan/Worm Win32.Malware.gen#ASPack!90 (suspicious)

Avenger:
Code:
ATTFilter
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\rcoun0.exe" deleted successfully.

Error:  file "c:\windows\titan poker setup.exe" not found!
Deletion of file "c:\windows\titan poker setup.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
         
Hatte Titan Poker vorher deinstalliert, deswegen hat ers wohl nichmehr gefunden.

Die Einträge hab ich gefixt.. den ICQ Status Checker auch noch mit dem Avenger löschen? Das Teil brauch ich eh nich..

Danke schonmal

Alt 01.09.2009, 07:29   #15
Chris4You
 
Google Links (und andere) führen zu Werbung + Partition unformatiert - Standard

Google Links (und andere) führen zu Werbung + Partition unformatiert



Hi,

ja...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Google Links (und andere) führen zu Werbung + Partition unformatiert
antivir, avira, bho, browser, excel, festplatte, firefox, google, hijack, hijackthis, home, internet, internet explorer, kaputt, maßnahme, mozilla, object, problem, rootkit, rundll, server, software, starten., system, virus, werbung, windows xp



Ähnliche Themen: Google Links (und andere) führen zu Werbung + Partition unformatiert


  1. Google-Suchergebnisse führen auf andere Seiten
    Log-Analyse und Auswertung - 09.09.2013 (17)
  2. Google-Links führen zu falschen Seiten
    Log-Analyse und Auswertung - 20.07.2013 (15)
  3. Google links führen auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (7)
  4. Google Links (und andere) führen zu Werbung
    Plagegeister aller Art und deren Bekämpfung - 18.12.2012 (8)
  5. Google Links führen zu Werbung.
    Log-Analyse und Auswertung - 05.11.2012 (11)
  6. Google Links führen zu dubiosen Seiten...
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (8)
  7. Google Links führen auf falsche Seiten
    Log-Analyse und Auswertung - 15.07.2012 (52)
  8. Google links führen auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (9)
  9. google links führen zu falschen seiten
    Log-Analyse und Auswertung - 17.11.2011 (9)
  10. Google Links werden umgeleitet/führen auf leere Seite
    Log-Analyse und Auswertung - 31.08.2011 (43)
  11. Google Links führen zu Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (3)
  12. Google-Links führen zu Werbeseiten
    Log-Analyse und Auswertung - 18.12.2010 (124)
  13. Google links führen immer zu google
    Log-Analyse und Auswertung - 09.05.2010 (1)
  14. IE öffnet automatisch; Google-Links führen zu falschen Seiten
    Log-Analyse und Auswertung - 03.09.2009 (9)
  15. Google-Links führen zu falschen Seiten
    Log-Analyse und Auswertung - 12.05.2009 (0)
  16. Google: Links führen zu falschen Seiten oder werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 10.02.2009 (42)
  17. Google-Links führen auf falsche Internetseiten
    Log-Analyse und Auswertung - 22.07.2007 (4)

Zum Thema Google Links (und andere) führen zu Werbung + Partition unformatiert - Hallo, habe seit ein paar Tagen das Problem, dass Google Links bei mir desöfteren zu Werbung führen und nicht zu der angegebenen Seite. Außerdem führen auch noch andere Links von - Google Links (und andere) führen zu Werbung + Partition unformatiert...
Archiv
Du betrachtest: Google Links (und andere) führen zu Werbung + Partition unformatiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.