| |
| |||||||
Überwachung, Datenschutz und Spam: Werde ich gehackt?Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
31.12.2009, 14:23
| #1 |
 |  Werde ich gehackt? Hallo erstmal^^, also ich habe folgendes probelm ich hab mir Malwarebytes gekauft und diesen schutz an und in regelmäßigen abstehen kommt das hier(siehe Anhang) |
|
31.12.2009, 17:52
| #2 |
| |  Werde ich gehackt? root eSolutions - bekannt?
__________________ADVANCEDHOSTERS LIMITED.. bekannt? Mach mal ein Scan mit Malwarebytes und mit Avira bitte! Und natürlich ein hijackthislog. |
|
31.12.2009, 17:57
| #3 |
| | Werde ich gehackt? hi danke für deine antwort warte schon die ganze zeit^^
__________________ich hab jetzt schon 2 quick scans mit Malwarebytes anti malware gemacht und mach grade nochmal full scan dan poste ich alles ok Geändert von Tomaco (31.12.2009 um 17:59 Uhr) Grund: - |
|
31.12.2009, 18:02
| #4 |
| | Werde ich gehackt? Okay. und scan dann mal mit avira! |
|
31.12.2009, 18:12
| #5 |
| | Werde ich gehackt? Ist es wichtig das ich mit avira scane hier der HijackThis log Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 18:13:22, on 31.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AVG\AVG9\avgchsvx.exe C:\Programme\AVG\AVG9\avgrsx.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Programme\AVG\AVG9\avgwdsvc.exe C:\Programme\AVG\AVG9\avgnsx.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\AVG\AVG9\avgemc.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\PROGRAMME\T-ONLINE\WLAN-ACCESS FINDER\TOWLAACF.EXE /StartMinimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://www.fiaa.eu/OPLauncher.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Common Toolkit Service - SPAMfighter - C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\FighterSuiteService.exe O23 - Service: Google Update Service (gupdate1ca0573f5a95a58) (gupdate1ca0573f5a95a58) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Host Service (PbManager) - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\mspbmgr.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11407 bytes |
|
31.12.2009, 18:13
| #6 |
| | Werde ich gehackt? Es wäre schon sehr sinnvoll! Im hijackthislog ist nichts schlimmes dabei! |
|
31.12.2009, 19:34
| #7 |
| | Werde ich gehackt? Ja also geortet hab ich die IP'S auch schon die eine in der USA in Ashburn und die andere in Luxenburg. |
|
01.01.2010, 01:14
| #8 |
| | Werde ich gehackt? Hier der erste quick scan Malwarebytes' Anti-Malware 1.43 Datenbank Version: 3462 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31.12.2009 11:22:41 mbam-log-2009-12-31 (11-22-41).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 154827 Laufzeit: 24 minute(s), 2 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 1 Infizierte Dateien: 18 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Dropper) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Infizierte Dateien: C:\WINDOWS\system32\sdra64.exe (Trojan.Dropper) -> Delete on reboot. C:\WINDOWS\Temp\15.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\34.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\11.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\89.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\B5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\iqho.tmp\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\iymx.tmp\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\cd12c4df-e9ea-484b-8d08-862ebeab7cf0.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\cd17ea0c-c956-40b2-8c2e-a3689f9455e5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\cd1808f5-6714-42d8-9253-b452a1ea613a.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\cd1eff91-26b9-4d6a-a6dc-2c538430e163.tmp (Trojan.Agent) -> Quarantined and deleted successfully. |
|
01.01.2010, 12:37
| #9 | |
| | Werde ich gehackt? Ja es ist wichtig das du Avira durchlaufen lässt! Unbedingt eine Vollsuche mit Malwarebytes AntiMalware durchführen! Um dein System ist es sehr schlecht bestellt. Du solltest dir gedanken über Neuaufsetzen machen... Fals du dich gegen Neuaufsetzen entscheidest gehst du wie folgt vor: (Es ist kaum möglich dein System 100% Sauber zu bekommen, die schäden am System können nicht "gestopft" werden). 1. http://www.trojaner-board.de/51464-a...-ccleaner.html 2. http://www.trojaner-board.de/74910-a...tion-tool.html 3. http://www.trojaner-board.de/74908-a...t-scanner.html 4. Vollsuche mit Malwarebytes ausführen und Log posten. 5. Avira Scan Protokol Ihr eine kleine Info zum Thema ob du gehackt wirst. Das sagt Symantec zum backdoor.IRC.Bot Zitat:
Black_light Frohes neues Jahr!
__________________ Alle Tipps + Hilfen aller Helfer sind ohne Gewähr + Haftung Geändert von Black_Light (01.01.2010 um 13:09 Uhr) |
|
01.01.2010, 13:02
| #10 |
| | Werde ich gehackt? Nen full scan hab ich gestern auch schon gemacht Wie ich diese dummen backdoors hasse  Malwarebytes' Anti-Malware 1.43 Datenbank Version: 3462 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01.01.2010 01:09:59 mbam-log-2010-01-01 (01-09-57).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 298865 Laufzeit: 5 hour(s), 19 minute(s), 9 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
01.01.2010, 13:05
| #11 |
| | Werde ich gehackt? Alles klar... Nun arbeite die Liste weiter ab. Punkt 4 kannst du erstmal weg lassen. Wie siehst du es mit dem Thema Neuaufsetzen? Außerdem findest du in deinem Postfach einen Nachricht. Gruß Black_light
__________________ Alle Tipps + Hilfen aller Helfer sind ohne Gewähr + Haftung |
|
01.01.2010, 13:16
| #12 |
| | Werde ich gehackt? Hier die Log files von RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by **** at 2010-01-01 13:10:15 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 30 GB (39%) free of 76 GB Total RAM: 511 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:11:09, on 01.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AVG\AVG9\avgchsvx.exe C:\Programme\AVG\AVG9\avgrsx.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\AVG\AVG9\avgwdsvc.exe C:\Programme\AVG\AVG9\avgnsx.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\StkCSrv.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\AVG\AVG9\avgemc.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\Elfi\Desktop\RSIT.exe C:\Programme\trend micro\Elfi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\PROGRAMME\T-ONLINE\WLAN-ACCESS FINDER\TOWLAACF.EXE /StartMinimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_include/_common/Cab/GamehiSpecCheck.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} (Perparer Class) - http://www.fiaa.eu/OPLauncher.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_include/_common/cab/RedbananaAutoPlay.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Common Toolkit Service - SPAMfighter - C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\FighterSuiteService.exe O23 - Service: Google Update Service (gupdate1ca0573f5a95a58) (gupdate1ca0573f5a95a58) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Host Service (PbManager) - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\mspbmgr.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10977 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\User_Feed_Synchronization-{488DF8EE-D640-4C2C-8A43-7A49B34D27BD}.job C:\WINDOWS\tasks\User_Feed_Synchronization-{DCB88A40-D5A6-4BFB-BC31-5F0806901FD9}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-06-04 1541416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Programme\AVG\AVG9\avgssie.dll [2009-12-13 1484056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll [2009-09-18 1115392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-10 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll [2009-06-29 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll [2009-09-18 1115392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "nwiz"=nwiz.exe /install [] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-09-07 98304] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-09-23 198160] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-23 2033432] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "T-Online_Software_6\WLAN-Access Finder"=C:\PROGRAMME\T-ONLINE\WLAN-ACCESS FINDER\TOWLAACF.EXE [2008-04-08 671796] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Steam"=c:\programme\steam\steam.exe [2009-12-22 1217808] "NBJ"=C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2004-07-26 1867776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-09-23 198160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-12-13 12464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoResolveSearch"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE" "C:\Programme\THQ\ICQ6.5\ICQ.exe"="C:\Programme\THQ\ICQ6.5\ICQ.exe:*:Enabled:ICQ" "C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Programme\JoWood\SpellForce\SpellForce.exe"="C:\Programme\JoWood\SpellForce\SpellForce.exe:*:Enabled:spellforce" "C:\Programme\Pando Networks\Media Booster\PMB.exe"="C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service" "C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\Programme\Microsoft Games\Halo\HALO.EXE"="C:\Programme\Microsoft Games\Halo\HALO.EXE:*:Enabled:Halo" "C:\Programme\Counter-Strike Source\hl2.exe"="C:\Programme\Counter-Strike Source\hl2.exe:*:Enabled:hl2" "C:\Programme\AVG\AVG9\avgemc.exe"="C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe" "C:\Programme\AVG\AVG9\avgupd.exe"="C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe" "C:\Programme\AVG\AVG9\avgnsx.exe"="C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe"="C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe" "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Download er_Engine" "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "C:\Programme\AVG\AVG9\avgdiagex.exe"="C:\Programme\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe" "C:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm"="C:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2" "C:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe"="C:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP" "C:\Programme\Valve\Half-Life 2\hl2.exe"="C:\Programme\Valve\Half-Life 2\hl2.exe:*:Enabled:Half-Life_2" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype " "C:\Programme\Counter-Strike 1.6\hl.exe"="C:\Programme\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher" "C:\Programme\Dreamlords\dreamlords.exe"="C:\Programme\Dreamlords\dreamlords.exe:*:Enabled  reamlords Game Client""C:\Programme\gamigo\heroes in the sky\HIS.exe"="C:\Programme\gamigo\heroes in the sky\HIS.exe:*:Enabled:his" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" ======List of files/folders created in the last 1 months====== 2010-01-01 13:10:15 ----D---- C:\rsit 2010-01-01 01:46:18 ----D---- C:\WINDOWS\system32\ZoneLabs 2010-01-01 01:42:59 ----D---- C:\WINDOWS\Internet Logs 2009-12-31 16:33:35 ----D---- C:\Programme\TrendMicro 2009-12-28 16:39:05 ----D---- C:\Programme\phonostar-Player 2009-12-27 16:06:14 ----D---- C:\Programme\OpenAL 2009-12-24 19:00:35 ----D---- C:\Programme\VDOWNLOADER 2009-12-24 18:20:58 ----D---- C:\Programme\LG Electronics 2009-12-24 18:17:33 ----A---- C:\WINDOWS\system32\NMSDVDXU.dll 2009-12-24 18:17:19 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\LG Electronics 2009-12-24 18:16:58 ----D---- C:\Programme\LG PC Suite II 2009-12-23 14:20:25 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\TuneUp Software 2009-12-23 14:18:21 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-12-23 12:24:19 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll 2009-12-23 10:10:32 ----D---- C:\Programme\PokerStars.NET 2009-12-22 16:18:03 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\Splitscreen Studios 2009-12-20 17:09:07 ----A---- C:\WINDOWS\system32\dxdllreg.exe 2009-12-20 16:30:47 ----D---- C:\Programme\Steam 2009-12-20 13:56:06 ----A---- C:\WINDOWS\EFXP.INI 2009-12-18 08:15:11 ----SHD---- C:\found.000 2009-12-16 18:37:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games 2009-12-16 18:29:12 ----D---- C:\Programme\Plants vs Zombies 2009-12-15 19:20:48 ----D---- C:\Fraps 2009-12-13 19:57:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar 2009-12-13 19:03:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller 2009-12-12 15:17:55 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\FFSJ 2009-12-11 17:13:06 ----D---- C:\Programme\Z8Games 2009-12-08 19:50:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro 2009-12-08 19:50:11 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\DAEMON Tools Pro 2009-12-08 19:34:50 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\DAEMON Tools Lite 2009-12-08 19:34:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite 2009-12-06 20:23:57 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\Sierra 2009-12-06 17:37:22 ----D---- C:\Programme\NovaLogic 2009-12-05 15:51:38 ----D---- C:\ijji ======List of files/folders modified in the last 1 months====== 2010-01-01 13:11:09 ----D---- C:\WINDOWS\Temp 2010-01-01 13:11:09 ----D---- C:\Programme\Trend Micro 2010-01-01 13:10:20 ----D---- C:\WINDOWS\Prefetch 2010-01-01 13:01:43 ----D---- C:\Programme\Mozilla Firefox 2010-01-01 12:52:18 ----D---- C:\Programme\Gemeinsame Dateien\Common Toolkit Suite 2010-01-01 12:52:02 ----A---- C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt 2010-01-01 12:51:51 ----D---- C:\Programme\Gemeinsame Dateien\Akamai 2010-01-01 12:51:40 ----SD---- C:\WINDOWS\Tasks 2010-01-01 12:50:33 ----RD---- C:\Programme 2010-01-01 12:50:33 ----D---- C:\WINDOWS\system32 2010-01-01 02:20:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-01 01:55:02 ----D---- C:\WINDOWS 2010-01-01 01:53:07 ----D---- C:\WINDOWS\srchasst 2010-01-01 01:53:06 ----D---- C:\WINDOWS\system32\drivers 2010-01-01 01:43:12 ----SHD---- C:\WINDOWS\Installer 2010-01-01 01:43:12 ----D---- C:\Config.Msi 2010-01-01 01:42:35 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\BitTorrent 2009-12-31 21:31:48 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-31 15:16:04 ----D---- C:\Programme\gPotato.eu 2009-12-31 15:14:24 ----D---- C:\Programme\gamigo 2009-12-31 14:05:28 ----A---- C:\WINDOWS\pex.INI 2009-12-31 14:05:23 ----A---- C:\WINDOWS\ulead32.ini 2009-12-31 13:27:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2009-12-31 11:52:07 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-31 11:44:19 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-12-31 11:24:40 ----D---- C:\WINDOWS\java 2009-12-30 22:05:22 ----D---- C:\Rise against 2009-12-29 21:31:51 ----HD---- C:\Programme\InstallShield Installation Information 2009-12-27 16:06:14 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-12-27 16:06:14 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2009-12-26 15:48:11 ----D---- C:\Programme\Gameforge4D 2009-12-25 15:23:36 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-12-24 18:23:12 ----HD---- C:\WINDOWS\inf 2009-12-23 14:59:16 ----A---- C:\WINDOWS\NEXON_EU_DownloaderUpdater.exe 2009-12-23 14:18:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software 2009-12-23 13:53:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-23 12:44:04 ----D---- C:\Programme\GameSpy Arcade 2009-12-20 17:11:28 ----D---- C:\WINDOWS\system32\DirectX 2009-12-20 17:08:17 ----HD---- C:\WINDOWS\msdownld.tmp 2009-12-19 15:10:29 ----D---- C:\Programme\Google 2009-12-18 20:18:26 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-17 11:17:12 ----D---- C:\Programme\Gemeinsame Dateien\Real 2009-12-17 11:17:11 ----D---- C:\Programme\Gemeinsame Dateien 2009-12-17 11:13:44 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-12-17 11:13:44 ----D---- C:\Temp 2009-12-17 10:22:12 ----D---- C:\Sierra 2009-12-15 14:33:45 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2009-12-15 14:29:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS 2009-12-13 20:09:57 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-12-13 19:56:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 2009-12-13 18:53:28 ----D---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\Skype 2009-12-13 13:59:38 ----D---- C:\WINDOWS\network diagnostic 2009-12-11 21:16:47 ----D---- C:\WINDOWS\Debug 2009-12-09 14:34:25 ----D---- C:\Programme\Internet Explorer 2009-12-09 14:34:01 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-08 19:16:14 ----D---- C:\WINDOWS\WinSxS 2009-12-07 17:29:14 ----SD---- C:\Dokumente und Einstellungen\Elfi\Anwendungsdaten\Microsoft 2009-12-06 19:11:21 ----A---- C:\WINDOWS\MegaManager.INI 2009-12-05 12:59:50 ----D---- C:\WINDOWS\system32\FxsTmp 2009-12-04 22:13:24 ----D---- C:\Programme\IObit ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Athlon64-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2004-05-08 38912] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-21 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-13 28424] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-13 360584] R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752] R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\CtxS51.sys [2004-03-12 845092] R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2005-10-14 28256] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-05-03 6554496] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol); C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2006-02-11 31424] R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 X10UIF;%DESCRIPTION%; C:\WINDOWS\System32\Drivers\x10uif.sys [2001-11-14 10761] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800] S3 AVFSFilter;AVFSFilter; C:\WINDOWS\system32\DRIVERS\avfsfilter.sys [] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 efipsk;efipsk; \??\C:\DOKUME~1\Rudi\LOKALE~1\Temp\efipsk.sys [] S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [] S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 mbr;mbr; \??\C:\DOKUME~1\Rudi\LOKALE~1\Temp\mbr.sys [] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12288] S3 MPCSYS;MPCSYS; \??\C:\WINDOWS\System32\DRIVERS\mpcsys.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864] S3 PRISM_A00;CREATIX 802.11g Driver; C:\WINDOWS\System32\DRIVERS\PRISMA00.sys [2004-01-16 380736] S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\Sandra.sys [] S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 61536] S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360] S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088] S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624] S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704] S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432] S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800] S3 SipIMNDI;T-Online Dialerschutz VoIP Service; C:\WINDOWS\system32\DRIVERS\SipIMNDI.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 StkCMini;Syntek AVStream USB2.0 VGA WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-05-10 1188352] S3 StkMini;Syntek DC-112X; C:\WINDOWS\System32\Drivers\StkMini.sys [2005-07-05 787081] S3 StkScan;Syntek DC-112X Filter Driver; C:\WINDOWS\System32\Drivers\StkScan.sys [2005-06-10 4673] S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 TSMPacket;T-DSL SpeedManager Service; C:\WINDOWS\System32\DRIVERS\tsmpkt.sys [] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-09-04 13056] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-09-04 19968] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-09-04 24832] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064] S3 vtany;vtany; \??\C:\WINDOWS\vtany.sys [] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva289;XDva289; \??\C:\WINDOWS\system32\XDva289.sys [] S3 XDva317;XDva317; \??\C:\WINDOWS\system32\XDva317.sys [] S3 xhunter1;xhunter1; \??\C:\WINDOWS\xhunter1.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 avg9emc;AVG Free E-mail Scanner; C:\Programme\AVG\AVG9\avgemc.exe [2009-11-21 906520] R2 avg9wd;AVG Free WatchDog; C:\Programme\AVG\AVG9\avgwdsvc.exe [2009-12-13 285392] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104] R2 LogWatch;Ereignisprotokoll-Überwachung; C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248] R2 MBAMService;MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-30 235344] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2007-01-09 61440] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Programme\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-01 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-01 189248] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2007-03-29 24576] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2008-12-21 603904] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 Common Toolkit Service;Common Toolkit Service; C:\Programme\Gemeinsame Dateien\Common Toolkit Suite\FighterSuiteService.exe [2009-10-29 676488] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gupdate1ca0573f5a95a58;Google Update Service (gupdate1ca0573f5a95a58); C:\Programme\Google\Update\GoogleUpdate.exe [2009-07-15 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280] S2 PbManager;Host Service; C:\WINDOWS\system32\config\system [2010-01-01 6029312] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 CA_LIC_CLNT;CA-Lizenz-Client; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824] S3 CA_LIC_SRVR;CA-Lizenzserver; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des -service [] S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe [2009-08-17 99176] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] S4 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-01-01 13:11:14 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 4Story 1.5-->"C:\Programme\Gameforge4D\4Story\unins000.exe" Adobe Acrobat 5.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} AVG 9.0-->C:\Programme\AVG\AVG9\setup.exe /UNINSTALL BitTorrent-->"C:\Programme\BitTorrent\BitTorrent.exe" /UNINSTALL Brother MFL-Pro Suite MFC-250C-->"C:\Programme\InstallShield Installation Information\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}\Setup.exe" -runfromtemp -l0x0007 UNINSTALL Reg=BH9_C1 -removeonly Call of Duty(R) 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057 CCleaner-->"C:\Programme\CCleaner\uninst.exe" C-evo-->C:\WINDOWS\system32\UniClear.exe -f"C:\Programme\C-evo" -f"C:\Dokumente und Einstellungen\Rudi\Startmenü\Programme\C-evo.lnk" -u"Software\cevo" -m"Software\Microsoft\Windows\CurrentVersion\Uninstall\C-evo" -c".cEvo" -c"cEvoBook" Children of the Nile-->MsiExec.exe /X{8B1EBF90-5CD9-4A3C-842C-EDE963761D6E} Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Chrome SpecForce-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5233A5FC-F083-4317-96F8-58FBB4020B3A} /l1031 /Z"UNINSTALL" C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Combat Arms-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US Crashday Patch#2-->MsiExec.exe /X{4E2FAB2F-9004-40D6-8BF8-DB2F2DA16DEC} Creatix V.9X DSP Data Fax Modem-->rundll32 CtxSCci.dll,iSMUninstallation "Creatix V.9X DSP Data Fax Modem" Empire Earth-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" Enemy Engaged Comanche Vs Hokum-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\WINDOWS\uninstall\Razorworks\Enemy Engaged Comanche Vs Hokum\setup.exe" eTrust Antivirus Registration-->MsiExec.exe /I{515E1B00-E2B4-4975-9900-95F66077C3AE} Far Cry-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} Fraps (remove only)-->"C:\Fraps\uninstall.exe" Free Audio CD Burner version 1.2-->"C:\Programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free Studio version 4.2-->"C:\Programme\DVDVideoSoft\Free Studio\unins000.exe" Free Video to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe" Free YouTube to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe" Garena-->C:\Programme\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653} Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programme\google\googletoolbar4.dll" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Icewind Dale II-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x7 ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Informationen über Ihren PC-->MsiExec.exe /I{3D1A6B70-3E02-49BC-88B0-916C80274632} Java 2 Runtime Environment Standard Edition 1.3.1_18-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{68249B78-B714-11D7-88E8-0050DA21757E}\Setup.exe" -uninst Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C} Knights of Honor-->MsiExec.exe /X{4FBFE520-F0F8-4BAC-BF03-27E422CB7ED5} Lexmark X74-X75-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75 LG PC Suite II-->C:\Programme\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0007 -removeonly LG USB Modem driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x7 LG -removeonly Loewenzahn 2-->MsiExec.exe /X{3D339202-76E6-4815-89D0-B59A8654B812} Loewenzahn 3-->MsiExec.exe /X{A9CCF5C3-4E30-42E6-992F-3D257B01E292} Loewenzahn 4-->MsiExec.exe /X{AE9E39ED-A41A-40D4-B4CD-858A6E41D881} Loewenzahn 6-->MsiExec.exe /X{7CFC17CE-0A66-46B0-BA57-BF8AB674BF5C} Löwenzahn 1-->MsiExec.exe /X{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C} Löwenzahn 5-->MsiExec.exe /X{DE470016-1C64-11D5-982A-0050DA602C65} Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log MAGIX Digital Foto Maker 2004-->C:\MAGIX\Digital_Foto_Maker_2004\instslct.exe Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Medion Flash XL 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst Mega Manager-->C:\Programme\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Picture It! Foto Premium 9-->C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Express Edition - DEU Service Pack 1 (KB926748)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {6CE1284C-B158-4420-AD9D-BD39CD1AA8A1} Microsoft Visual C++ 2005 Express Edition - DEU-->C:\Programme\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - DEU\setup.exe Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8} Microsoft Visual J# 2.0 Redistributable Package - SE-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package - SE\install.exe Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9} Microsoft Works Suite-Add-Ins für Microsoft Word-->MsiExec.exe /I{4EAD2E21-1D4A-4E2B-A082-8D08961539C9} Microsoft Works-->MsiExec.exe /I{5B680750-760B-49E4-81E7-21B2B337F9F7} Moorhuhn Kart 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{46376BAF-996E-410E-82B2-5D9E61820E6D}\Setup.exe" -l0x7 Mozilla Firefox (3.5.6)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Multimedia Keyboard Driver Ver1.0 (KB-0108)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe Nero Suite-->C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\setup.exe /uninstall Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA Performance Drivers-->MsiExec.exe /I{4C0A8D65-4286-4B58-87FE-18AD24289285} NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592} O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50} OpenAL-->"C:\Programme\OpenAL\oalinst.exe" /U Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} Pando Media Booster-->C:\Programme\Pando Networks\Media Booster\uninst.exe PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C} Philips Digital Audio Player-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8C99E9B3-292B-4E0D-A719-998AFF4DB27C}\Setup.exe" -l0x7 phonostar-Player Version 3.01.2-->"C:\Programme\phonostar-Player\unins000.exe" PowerCinema 3.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall PunkBuster Services-->C:\WINDOWS\system32\pbsvc_heroes.exe -u QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB971090)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} /package {6CE1284C-B158-4420-AD9D-BD39CD1AA8A1} Setup-Start von Microsoft Works 2004-->C:\Programme\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP G:\ Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" SiSoftware Sandra Lite 2009.SP4-->"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\unins000.exe" Skype web features-->MsiExec.exe /I{8B53527D-BBB2-43A5-91D7-9ED772FD737F} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898} SpellForce 2 - Shadow Wars-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{27223691-82E0-4C93-87D9-02C0B0D3D783}\setup.exe" -l0x7 -removeonly SpellForce 2 Patch-->MsiExec.exe /I{7E8242F8-BD2A-44D7-BCED-9B231A02B367} Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Steuern 2005-->"C:\WINDOWS\Steuern 2005\uninstall.exe" "/U:C:\Programme\eurowin\Steuern 2005\Uninstall\uninstall.xml" SuddenAttackNA-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{732799C0-7785-43C5-8496-71546A062992}\setup.exe" -l0x9 -removeonly SweetIM for Messenger 2.7-->MsiExec.exe /X{D16ECDF4-DA6F-418F-947A-C1652B5CFD96} System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B} Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x7 Ulead VideoStudio 7 SE VCD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\Setup.exe" -l0x7 Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" USB 2.0 PC Camera-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{01814817-4502-4C66-825A-5E22D80ACD8E}\Setup.exe" -l0x9 USB2.0 PC Camera-->C:\Programme\InstallShield Installation Information\{B2B980D5-39DE-47E1-8CCD-874281A7EB5C}\setup.exe -runfromtemp -l0x0009 -removeonly USB2.0 PC Camera-->C:\Programme\InstallShield Installation Information\{D1D3C1C6-F2FF-4E18-96DF-1409064DB545}\setup.exe -runfromtemp -l0x0009 -removeonly VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6} VDownloader 1.12-->"C:\Programme\VDOWNLOADER\unins000.exe" VIA Plattform-Geräte-Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60} Windows Live Sync-->MsiExec.exe /X{8C1E2925-14F8-45AA-B999-1E2A74BF5607} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Windows-Sicherungsprogramm-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE} Wings of War DEMO-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6617B725-F6CA-409B-865C-CC0A651B0E6A} WinRAR-->C:\Programme\WinRAR\uninstall.exe WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8} X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE Yahtzee-->C:\WINDOWS\unin0407.exe -fC:\WINDOWS\DeIsL1.isu Zoo Empire Tier-Memory-->MsiExec.exe /I{63F92A39-2126-40A9-AA9F-58B8F0BBC9A8} ======Security center information====== AV: AVG Internet Security ======System event log====== Computer Name: **** Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet. Record Number: 4643 Source Name: Service Control Manager Time Written: 20091210134634.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: **** Event Code: 7011 Message: Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst NVSvc. Record Number: 4642 Source Name: Service Control Manager Time Written: 20091210134634.000000+060 Event Type: Fehler User: Computer Name: **** Event Code: 7036 Message: Dienst "Google Update Service (gupdate1ca0573f5a95a58)" befindet sich jetzt im Status "Beendet". Record Number: 4641 Source Name: Service Control Manager Time Written: 20091210134613.000000+060 Event Type: Informationen User: Computer Name: **** Event Code: 7036 Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt". Record Number: 4640 Source Name: Service Control Manager Time Written: 20091210134604.000000+060 Event Type: Informationen User: Computer Name: **** Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet. Record Number: 4639 Source Name: Service Control Manager Time Written: 20091210134604.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM =====Application event log===== Computer Name: **** Event Code: 1517 Message: Die Registrierung des Benutzers "ELFI\Elfi" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden. Record Number: 616 Source Name: Userenv Time Written: 20091115011811.000000+060 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: **** Event Code: 1000 Message: Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Record Number: 615 Source Name: Application Error Time Written: 20091115011747.000000+060 Event Type: Fehler User: Computer Name: **** Event Code: 1000 Message: Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Record Number: 614 Source Name: Application Error Time Written: 20091115011735.000000+060 Event Type: Fehler User: Computer Name: **** Event Code: 1000 Message: Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Record Number: 613 Source Name: Application Error Time Written: 20091115011723.000000+060 Event Type: Fehler User: Computer Name: **** Event Code: 4113 Message: Record Number: 612 Source Name: Avira AntiVir Time Written: 20091114233235.000000+060 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\Smart Projects\IsoBuster "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0c00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "VS80COMNTOOLS"=C:\Programme\Microsoft Visual Studio 8\Common7\Tools\ "SAN_DIR"=C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4 -----------------EOF----------------- |
|
01.01.2010, 21:36
| #13 |
| | Werde ich gehackt? Hab ihr nochn paar tipps wie das entlich aufhört !!!!!!!!!!!!!!! |
|
02.01.2010, 11:59
| #14 |
| | Werde ich gehackt? Neuaufsetzen oder die Liste abarbeiten... ich würde dir wie gesagt Neuaufsetzen empfehlen!!! Black_light
__________________ Alle Tipps + Hilfen aller Helfer sind ohne Gewähr + Haftung |
|
02.01.2010, 12:53
| #15 |
| | Werde ich gehackt? Ok ich wäre jetzt auch für Neuaufsetzen hab aber von sowas überhaupt keine ahnung^^. |
|
| Themen zu Werde ich gehackt? |
| anhang, folge, folgendes, gehackt, gekauft, malwarebytes, probelm, regelmäßigen, schutz |
Werde ich gehackt?
Linear-Darstellung
