Trojaner-Board - Offen Malwarebytes vs. Adaware ?

Trojaner-Board (https://www.trojaner-board.de/)

- Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)

- -

Malwarebytes vs. Adaware ? (https://www.trojaner-board.de/79321-malwarebytes-vs-adaware.html)

nyrk	11.11.2009 00:41

Malwarebytes vs. Adaware ?

Nachdem ich erst gestern in einem Post hier auf malwarebytes aufmerksam geworden bin und mit dieser Software einige Trojaner bzw. Trojan loaders gefunden und entfernt habe, die ich offenbar schon einige Zeit im System hatte und die auch nie von Norton Internet Security 2010 erkannt wurden, würde mich interessieren, wie Malwarebytes im Vergleich zu anderen Antimalware-Programmen dasteht. Im Speziellen zB zu Ad Aware von Lavasoft. Ich habe den Eindruck, dass Ad Aware eher Cookies und dergleichen zu finden vermag, Malwarebytes aber eher bekannte und dank Heuristik auch noch unbekannte Malware aufspürt und entfernt?

Meine Frage also: für wie gut haltet ihr Malwarebytes?
Wie ist es im Vergleich zu Ad Aware? Besser, ergänzend, ... ?

Wenn Malwarebytes einen tatsächlich neuartigen Schutz darstellt, wie auf deren Website beworben wird und diese Software tatsächlich schon einige bösartige Programme bei mir entdeckt hat, überlege ich, das Schutzmodul zu kaufen, um - komplementär zu NortonIS10 - einen möglichst effizienten, durchgehenden Schutz zu haben. Was meint ihr?

Vielen Dank im Voraus,

Nyrk

nyrk	11.11.2009 13:50

GMER - Rootkit Resultate - Bitte um Hilfe!

Hallo liebes Forum,

Ich habe gerade ein wenig durch die Threads gestöbert und bin u.a. auf das Tool GMER, das Rootkits erkennen soll, gestolpert. Ohne ein besonderes Ergebnis zu erwarten, habe ich es runtergeladen und ausgeführt.

Nun habe ich im Punkt Rootkits/Malware einiges gelistet, das ich aber nicht deuten kann. Ich hänge das entsprechende log an.

Bedeutet das, dass all diese Einträge Malware bzw. Rootkits sind?

Davon abgesehen habe ich Norton Internet Security 2010 laufen und vor Kurzem mit Malwarebytes einige angeblich gefundene Trojaner entfernt. Ich wähnte mich also in relativer Sicherheit, doch die Ergebnisse, die mir GMER anzeigt, verunsichern mich etwas.
Sind das nun rootkits? Wenn ja, was kann ich weiter tun, um sie zu entfernen?

Vielen Dank,
Alex

nyrk	11.11.2009 13:54

Ich hoffe, dass ich mit meiner Frage keine der Goldenen Regeln missachtet habe? Wenn doch, bitte ich um Belehrung.

Ich habe im Vorfeld natürlich nach guten Vergleichen von Adaware mit Malwarebytes gegoogelt und auch hier im Forum gesucht, doch einen direkten Vergleich in Textform durch jemanden, der beide Programme nutzt und sich damit offensichtlich auskennt, habe ich leider nicht gefunden.

Mich würde wirklich interessieren, wozu Malwarebytes, im Vergleich zu anderen Tools, tatsächlich taugt - und wozu nicht.

Larusso

11.11.2009 14:02

:hallo:

Malwarebytes ist ein sehr gutes Anti-Malware Tool (keine Anti Viren-Software) was man als "nichtspezialist" bedenkenlos anwenden kann.

Im Vergleich zu Ad Aware und auch gegen andere Software, ist es aber meiner Meinung nach um einiges effizienter .

Mich nervt zb die Logfile von Ad Aware. Informationen die kein Mensch benötigt aber Hauptsache die Logfile ist lange und unübersichtlich.

Ich lass Ad Aware meistens deinstallieren ;)

Malwarebytes zeigt was wo gefunden wurde. Der Rest ist nicht wichtig.
Als Kaufoption ist es jedenfalls empfehlenswert, aber auch de Freeware als "Zwischendurch" Scan ist sehr effektiv.

nyrk	11.11.2009 14:05

Vielen Dank !!!

Larusso

11.11.2009 14:08

Was mich aber denoch beunruhigt :)

Poste mir bitte die aktuelle Logfile von Malwarebytes
Starte Malwarebytes--> Reiter Scan-Berichte--> klick auf den aktuellsten Bericht--> es öffnet sich automatisch ein Text-Dokument

nyrk	11.11.2009 14:17

Beunruhigt? Wieso?

Ich hänge drei logs an, die Viren anzeigen, sowie das letzte, das Virenfreiheit angibt.

Im Übrigen habe ich in einem separaten Thread unter http://www.trojaner-board.de/79334-gmer-rootkit-resultate-bitte-um-hilfe.html Resultate gepostet, die mir das Tool GMER im Reiter "Rootkits/Malware" anzeigt. Das verunsichert mich ebenfalls, da diese Einträge - falls wirklich Malware - überraschend sind. Aber vielleicht sind sie auch harmlos?!

Nochmals danke,
Alex

Larusso

11.11.2009 14:20

Dachte ich mir fast.

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Poste bitte alle Logfiles in Code-Tags.
Klicke antworten --> #
danach [code]text[/code]
So sollte das dann hier aussehen nach dem antworten:

Code:

deine Logfile

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"

Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren

schritt 2

Lade Random's System Information Tool (RSIT) herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt

schritt 3

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

nyrk	11.11.2009 14:44

rsit info, Teil 1

Code:



info.txt logfile of random's system information tool 1.06 2009-11-11 14:28:11
 

======Uninstall list======
 

-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec.exe /I{3B55590C-8A9B-4BD6-B489-744B63026A2A}

-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}

-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD836E74-7923-4174-A055-F97CD0F3BB46}\setup.exe" -l0x7  -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Actual Window Minimizer 5.4-->"C:\Programme\Actual Window Minimizer\unins000.exe"

Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe

Adobe Acrobat  7.0 Elements - Deutsch-->msiexec /I {E5E6E687-1031-0000-0000-000000000002}

Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}

Adobe Digital Editions-->"C:\Programme\Adobe\Adobe Digital Editions\uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}

Adobe Photoshop Lightroom 2.3-->MsiExec.exe /I{7CBD8A89-45F4-4203-9923-673F72603747}

Adobe Premiere Elements 2.0-->msiexec /I {11C98E1A-EC91-4B38-B44C-C562292D8453}

Adobe Reader 7.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70000000000}

Adobe Reader 7.0.5 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70500000002}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Air Mouse Server-->MsiExec.exe /I{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}

AnVir Task Manager-->"C:\Programme\AnVir Task Manager\AnVir.exe" Uninstall

AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"

Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Ashampoo Burning Studio 2009 Advanced-->"C:\Programme\Ashampoo\Ashampoo Burning Studio 2009 Advanced\unins000.exe"

AVM FRITZ!fax für FRITZ!Box-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\FRITZ!\Uninst.isu -cC:\Programme\FRITZ!\UNINST.DLL

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CallBurner-->MsiExec.exe /I{4486CDF2-9905-4342-8E27-8504B088984D}

Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5ADA9741-0570-4096-B5FE-1D55E57537D4} 

Canon Internet Library for ZoomBrowser EX-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24} 

Canon PhotoRecord-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"

Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

CDex extraction audio-->"C:\Programme\CDex_150\uninstall.exe"

Click to DVD 2.0.03 Menu Data-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x7  -removeonly

Click to DVD 2.5.20-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x7  -removeonly

ClocX (1.5b2)-->"C:\Programme\ClocX\Uninstall.exe"

Comic Life-->MsiExec.exe /X{A0FC458F-AA6E-430A-B91C-1D6640B4B149}

Creative ZEN Stone Plus-Benutzerhandbuch-->"C:\Programme\Creative\Creative ZEN Stone Plus\UGRemove.exe" /Product_Name:ZENStonePlusUG

CyberGhost VPN-->"C:\Programme\S.A.D\CyberGhost VPN\unins001.exe"

DesignPro 5.4 Limited Edition-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D} 

DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC

DSD Direct-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C27BF761-C499-488D-A964-A3718BC6EC3E}\setup.exe" -l0x7  -removeonly

DSD Playback Plug-In 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}\setup.exe" -l0x7 

DVD Shrink 3.2 deutsch-->"C:\Programme\DVD Shrink DE\unins000.exe"

DVgate Plus-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe" -l0x7 

e-Wörterbücher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}\setup.exe" anything

Exif Tag Remover 2.0-->"C:\Programme\Exif Tag Remover\unins000.exe"

Fences-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe" REMOVE=TRUE MODIFY=FALSE

Fences-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}\Fences.exe

Firebird SQL Server - MAGIX Edition-->C:\Programme\MAGIX\Common\Database\instslct.exe /p

Firmware Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{22CC52F5-A55A-48B6-A753-E217FFD5B11C}\setup.exe" -l0x7  anything

Flashnote 3.1-->C:\Programme\Flashnote\uninst.exe

Flickr Uploadr 3.2.1-->"C:\Programme\Flickr Uploadr\uninstall.exe"

Fotostory 3 für Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

Free DVD MP3 Ripper 1.12-->"C:\Programme\Free DVD MP3 Ripper\unins000.exe"

Free PDF to Word Doc Converter v1.1-->"C:\Programme\Free PDF to Word Doc Converter\unins000.exe"

GMX SMS-Manager-->C:\Programme\GMX\GMX SMS-Manager\Uninstall.exe

Google AFE-->regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll"

Google Desktop-->C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Earth-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly

Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

HappyFoto Bestellassistent (nur entfernen)-->"C:\Programme\HappyFoto\Bestellassistent\uninstall.exe"

HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Image Converter 2 Plus-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63B8FB69-A1B6-425D-B67D-5257B7A1F663}\setup.exe" -l0x7  /CONPANE

Image Mender 1.1-->C:\Programme\Image Mender\Uninstall.exe

Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}

InfraRecorder-->C:\Programme\InfraRecorder\uninstall.exe

Intel(R) PRO Network Connections Drivers-->Prounstl.exe

Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe

InterVideo WinDVD for VAIO-->"C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe

iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

KatMouse (remove only)-->"C:\Programme\KatMouse\uninst.exe"

LAN Setting Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5958CAC6-373E-402F-84FE-0A699AA920B9}\setup.exe" -l0x7 

Launchy 2.1.2-->"C:\Programme\Launchy\unins000.exe"

Lexmark Symbolleiste-->regsvr32.exe /s /u "C:\Programme\Lexmark Toolbar\toolband.dll"

Lexmark Tools for Office-->regsvr32.exe /s /u "C:\Programme\Lexmark Tools for Office\CustomOfficeRibbon.dll"

Lexmark Z2400 Series-->C:\Programme\Lexmark Z2400 Series\Install\x86\Uninst.exe

LimeWire 5.1.2-->"C:\Programme\LimeWire\uninstall.exe"

LingoPad 2.6 (Build 360)-->"C:\Programme\LingoPad\unins000.exe"

Logtool 0.3-->MsiExec.exe /X{F9C1DA7F-088A-4DDD-BD01-41FD072759FE}

Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5

MadTwitter-->MsiExec.exe /I{F3B10330-57D9-4F49-B9FE-188C370FAC19}

MAGIX Fotos auf CD & DVD 7 e-version 7.0.0.22 (D)-->C:\Programme\MAGIX\Fotos_auf_CD_DVD_7_e-version\instslct.exe /p

MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Programme\MAGIX\Online_Druck_Service\instslct.exe /p

MAGIX PC Visit-->C:\Programme\MAGIX\PCVisit\instslct.exe /p

Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"

mBackup-->MsiExec.exe /I{99E490B2-B604-4AFD-9622-58086A647F61}

mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}

Memory Stick Formatter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x7 /UNINSTALL

Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"

Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft SQL Server Desktop Engine (VAIO_VEDB)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

Mobile Connect-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x7  -removeonly

Mobile Partner-->C:\Programme\Mobile Partner\uninst.exe

Mozilla Firefox (3.5.5)-->C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Portable\Firefox\App\firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.23)-->C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Portable\Mail\App\thunderbird\uninstall\helper.exe

Mp3tag v2.44-->C:\Programme\Mp3tag\Mp3tagUninstall.EXE

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

My Club VAIO MCE (German) 1.0.1-->C:\Programme\Sony\MyClubVAIOMCE\unins000.exe

Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11031}

Norton Internet Security-->C:\Programme\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\7190B588\16.7.2.11\InstStub.exe /X

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OpenMG Limited Patch 4.4-06-13-19-01-->C:\Programme\Gemeinsame Dateien\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 4.4.00-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL

Pamela PCR Pro 4.5-->C:\Programme\PamelaPCR\Uninst.exe

PamFax 2.0.0.16-->"C:\Programme\PamFax\unins000.exe"

PDF reDirect (remove only)-->C:\Programme\PDF reDirect\Uninstall.exe

Phase 5 HTML-Editor-->MsiExec.exe /I{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}

Philips VLounge-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{89ACA875-BDB9-443C-B7C7-D74D3BDE8FE2}\Setup.exe" -l0x7 

Photomatix Pro version 3.0-->"C:\Programme\PhotomatixPro3\unins000.exe"

Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"

Pinnacle DistanTV Server-->MsiExec.exe /X{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}

Pinnacle TVCenter Pro-->"C:\Programme\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -runfromtemp -l0x0007 -removeonly

PixiePack Codec Pack-->MsiExec.exe /I{9C450606-ED24-4958-92BA-B8940C99D441}

Prio v1.9.7-->C:\WINDOWS\prio197uninstall.exe

Prish Image Resizer-->MsiExec.exe /I{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

RawShooter essentials 2006-->C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\UNWISE.EXE C:\PROGRA~1\PIXMAN~1\RAWSHO~1.0\INSTALL.LOG

Roxio DigitalMedia Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Roxio DigitalMedia Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Roxio DigitalMedia Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Setting Utility Series-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x7 UNINSTALL

ShellLess Explorer 1.24-->"C:\Programme\ShellLess\unins000.exe"

nyrk	11.11.2009 14:45

rsit info, Teil 2

Code:



Sicherheitsupdate für Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

SigmaTel Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly

Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Smart To-Do List 1.3 Trial-->C:\Programme\Smart To-Do List\Uninstall.exe

SonicStage 3.4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x7 UNINSTALL -removeonly

SonicStage Mastering Studio 2.2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\setup.exe" -l0x7 

SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x7 

SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AB467B85-4F52-48C2-AEED-0673D00417B0}\setup.exe" -l0x7 

SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\setup.exe" -l0x7 

Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x7  -removeonly

Sony USB Mouse-->Pmuninst.exe MouseSuite98

Sony Utilities DLL-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9 

Sony Video Shared Library-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x7  -removeonly

SPC 610NC Laptop Camera-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7D861519-AF7A-413C-835A-6F7BF2179A66}\setup.exe" 

SpeakLike-->MsiExec.exe /I{41C430C6-4082-4E4A-9039-F6A88791A976}

The Anonymous Mailer-->C:\WINDOWS\unin0407.exe -f"C:\Programme\LangerSoft\The Anonymous Mailer\DeIsL1.isu"  -c"C:\Programme\LangerSoft\The Anonymous Mailer\_ISREG32.DLL"

Toshiba VoIP Phone-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{283AE57D-DE13-493D-8B82-7D64B9A2853D}\setup.exe" -l0x7  -removeonly

TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

twhirl-->MsiExec.exe /X{B73BEEBE-3D94-2634-B5D1-28B8269489FF}

TwonkyMedia-->C:\Programme\TwonkyMedia\UninstallTwonkyMedia.exe

UltraMon-->MsiExec.exe /I{20A36691-B09B-4EF2-A371-64A5BD265E20}

Unlocker 1.8.7-->C:\Programme\Unlocker\uninst.exe

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}

Update für Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"

Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Update für Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"

Update Rollup 2 für Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe

VAIO Camera Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1417F599-1DBD-4499-9375-B2813E9F890C}\setup.exe" -l0x7 

VAIO Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC37C108-821D-4EDE-8F40-D5B497586805}\setup.exe" -l0x7 

VAIO Edit Components 6.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7C03E84-AF46-42F4-809D-D4127D9086D0}\setup.exe" -l0x7  -removeonly

VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe" -l0x7  -removeonly

VAIO Event Service-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x7 

VAIO Hardware Diagnostics-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A947C2B3-7445-42C4-9063-EE704CACCB22}\setup.exe" -l0x7 

VAIO Media 5.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x7 UNINSTALL -removeonly

VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x7 UNINSTALL

VAIO Media Integrated Server 5.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x7 UNINSTALL -removeonly

VAIO Media Redistribution 5.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x7 UNINSTALL -removeonly

VAIO Media Registration Tool 5.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x7 UNINSTALL -removeonly

VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}\setup.exe" -l0x7 

VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x7 

VAIO Power Management-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x7 UNINSTALL

VAIO Product Survey-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9080C5D2-82FA-452A-87FA-CBB4B05D67A5} /l1031 

VAIO Sea Wallpaper-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{00F8608F-BA6A-4B32-843A-1A568ACD1198}\setup.exe" -l0x7 

VAIO Starfish Wallpaper-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ABBD2A2E-2424-4078-966F-F319A88D5F21}\setup.exe" -l0x7 

VAIO Update 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\Setup.exe" -l0x7 

VAIO-Online-Registrierung (Deutsch)-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{668B1BD6-4593-4959-970E-249AFFE6F35C} /l1031 

Videora iPod touch Converter 4.07-->C:\Programme\Red Kawa\Video Converter App\uninstaller.exe

VLC iPhone Connection Utility-->MsiExec.exe /I{7C84E006-D044-4441-A294-E318B147476C}

VLC media player 0.9.9-->C:\Programme\VideoLAN\VLC\uninstall.exe

Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}

Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}

Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}

Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Wireless LAN Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}\setup.exe" -l0x7 

Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\Setup.exe" -l0x7 

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

YouTube Downloader App 1.02-->C:\Programme\Regensoft\Downloader App\uninstaller.exe
 

======Security center information======
 

AV: Norton Internet Security Online

FW: Norton Internet Security Online
 

======System event log======
 

Computer Name: NYRK

Event Code: 4201

Message: Netzwerkadapter "\DEVICE\TCPIP_{F524A8DB-FD84-407D-B77B-810706144F07}" wurde mit dem Netzwerk verbunden, und das

System wurde über das Netzwerk im normalen Zustand gestartet.
 

Record Number: 5

Source Name: Tcpip

Time Written: 20091019201836.000000+120

Event Type: Informationen

User: 
 

Computer Name: NYRK

Event Code: 4202

Message: Es wurde festgestellt, dass der Netzwerkadapter "Intel(R)...Network Connection - Paketplaner-Miniport" vom Netzwerk getrennt wurde,

und dass die Netzwerkkonfiguration des Adapters freigegeben wurde. Möglicherweise

ist der Adapter beschädigt, falls der Adapter nicht vom Netzwerk getrennt wurde.

Wenden Sie sich an den Hersteller bezüglich aktueller Treiber.
 

Record Number: 4

Source Name: Tcpip

Time Written: 20091019201831.000000+120

Event Type: Informationen

User: 
 

Computer Name: NYRK

Event Code: 19

Message: 

Record Number: 3

Source Name: E100B

Time Written: 20091019201831.000000+120

Event Type: Informationen

User: 
 

Computer Name: NYRK

Event Code: 6005

Message: Der Ereignisprotokolldienst wurde gestartet.
 

Record Number: 2

Source Name: EventLog

Time Written: 20091019201826.000000+120

Event Type: Informationen

User: 
 

Computer Name: NYRK

Event Code: 6009

Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
 

Record Number: 1

Source Name: EventLog

Time Written: 20091019201826.000000+120

Event Type: Informationen

User: 
 

=====Application event log=====
 

Computer Name: NYRK

Event Code: 35

Message: Der Dienst 'Norton Internet Security' wurde gestartet.
 

Record Number: 5

Source Name: Norton Internet Security

Time Written: 20090920213320.000000+120

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: NYRK

Event Code: 34

Message: Der Dienst 'Norton Internet Security' startet.
 

Record Number: 4

Source Name: Norton Internet Security

Time Written: 20090920213317.000000+120

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: NYRK

Event Code: 1

Message: 

Record Number: 3

Source Name: Bonjour Service

Time Written: 20090920213306.000000+120

Event Type: Informationen

User: 
 

Computer Name: NYRK

Event Code: 2570

Message: Der Adobe Active File-Monitor-Service wurde gestartet.
 

Record Number: 2

Source Name: Adobe Active File Monitor 4.0

Time Written: 20090920213305.000000+120

Event Type: 

User: 
 

Computer Name: NYRK

Event Code: 0

Message: 

Record Number: 1

Source Name: EvtEng

Time Written: 20090920213303.000000+120

Event Type: Informationen

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\Microsoft SQL Server\80\Tools\Binn\;C:\Programme\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel

"PROCESSOR_REVISION"=0e08

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"SonicCentral"=C:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\

"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
 

-----------------EOF-----------------

nyrk	11.11.2009 14:47

rsit log, Teil 1

Code:



Logfile of random's system information tool 1.06 (written by random/random)

Run by Alex at 2009-11-11 14:26:12

Microsoft Windows XP Professional Service Pack 3

System drive C: has 3 GB (6%) free of 48 GB

Total RAM: 1022 MB (5% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:27:55, on 11.11.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Intel\Wireless\Bin\EvtEng.exe

C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxdqcoms.exe

C:\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Sony\VAIO Event Service\VESMgr.exe

C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe

C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe

C:\Programme\Sony\VAIO Power Management\SPMgr.exe

C:\Programme\Sony\ISB Utility\ISBMgr.exe

C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Programme\Java\jre6\bin\jusched.exe

C:\Programme\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programme\Lexmark Z2400 Series\lxdqMsdMon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programme\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Portable\Firefox\App\firefox\firefox.exe

C:\Programme\iTunes\iTunes.exe

C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Portable\Mail\ThunderbirdPortable.exe

C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Portable\Mail\App\thunderbird\thunderbird.exe

C:\Dokumente und Einstellungen\Alex\Desktop\RSIT.exe

C:\Programme\trend micro\Alex.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com/de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/de/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.com/de/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O3 - Toolbar: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe"

O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [IntelliPoint] "c:\Programme\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Programme\Lexmark Z2400 Series\lxdqmon.exe"

O4 - HKLM\..\Run: [lxdqamon] "C:\Programme\Lexmark Z2400 Series\lxdqamon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Java Quick Start] C:\Dokumente und Einstellungen\Alex\jusched.exe

O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Documents and Settings\Default User\Local Settings\Temp\flgpxtryd\jc_all.htm

O8 - Extra context menu item: &Mit FlashGet laden - C:\Documents and Settings\Default User\Local Settings\Temp\flgpxtryd\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238576885765

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O20 - AppInit_DLLs: prio.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Programme\Stardock\Fences\FencesMenu.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Programme\Creative\Shared Files\CTDevSrv.exe (file missing)

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe

O23 - Service: lxdq_device -   - C:\WINDOWS\system32\lxdqcoms.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
 

--

End of file - 13083 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\1-Klick-Wartung.job

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]

Lexmark Symbolleiste - C:\Programme\Lexmark Toolbar\toolband.dll [2009-05-06 372736]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Programme\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2009-04-01 320920]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-21 256112]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-25 762864]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-21 458736]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll [2005-12-19 90112]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-04-01 34816]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-01 73728]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Programme\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Symbolleiste - C:\Programme\Lexmark Toolbar\toolband.dll [2009-05-06 372736]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-21 256112]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-06 7557120]

"Apoint"=C:\Programme\Apoint\Apoint.exe [2004-11-17 118784]

"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

"VAIOCameraUtility"=C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe [2005-12-27 69632]

"SonyPowerCfg"=C:\Programme\Sony\VAIO Power Management\SPMgr.exe [2005-12-13 217088]

"ISBMgr.exe"=C:\Programme\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]

"Switcher.exe"=C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe [2006-02-14 176128]

"VAIO Update 2"=C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe [2005-10-11 151552]

"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-04-01 136600]

"IntelliPoint"=c:\Programme\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]

"lxdqmon.exe"=C:\Programme\Lexmark Z2400 Series\lxdqmon.exe [2007-12-17 656040]

"lxdqamon"=C:\Programme\Lexmark Z2400 Series\lxdqamon.exe [2007-12-17 16040]

"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-10-28 141600]

"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"Java Quick Start"=C:\Dokumente und Einstellungen\Alex\jusched.exe []
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-17 68856]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-03-03 483328]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Actual Window Minimizer]

C:\Programme\Actual Window Minimizer\ActualWindowMinimizerCenter.exe [2009-07-09 798720]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2009-10-19 3087296]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppCallBurner]

C:\Programme\CallBurner\callburner.exe [2009-07-01 5687296]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2006-10-09 139264]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clipdiary]

C:\Programme\Clipdiary\clipdiary.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]

C:\Programme\ClocX\ClocX.exe [2007-07-26 270336]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashnote]

C:\Programme\Flashnote\flashnote.exe [2008-05-22 1921024]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-02 169472]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Java Quick Start]

C:\Dokumente und Einstellungen\Alex\jusched.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logtool]

C:\Programme\Gemeinsame Dateien\Skype\Logtool\Logtool.exe [2009-09-14 1446400]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MadTwitter]

C:\Programme\MadTwitter\madtwitter.exe [2007-04-24 561152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]

C:\WINDOWS\system32\ICO.EXE [2002-03-14 45056]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pamelaPCR.exe]

C:\Programme\PamelaPCR\PamelaPCR.exe [2009-07-09 5436416]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]

 []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShellLess]

C:\Programme\ShellLess\ShellLess.exe [2009-05-08 1968640]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Programme\Skype\Phone\Skype.exe [2009-10-12 26298152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-08-17 68856]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboNet]

C:\DOKUME~1\Alex\LOKALE~1\Temp\b.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Alex^Startmenü^Programme^Autostart^Skype secondary.lnk]

C:\PROGRA~1\Skype\Phone\Skype.exe [2009-10-12 26298152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Alex^Startmenü^Programme^Autostart^Verknüpfung mit KatMouse.lnk]

C:\PROGRA~1\KatMouse\KatMouse.exe [2007-05-30 50688]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Air Mouse.lnk]

C:\PROGRA~1\AIRMOU~1\AIRMOU~1\AIRMOU~1.EXE [2009-02-16 269824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk]

C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe [2005-12-07 1744896]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Launchy.lnk]

C:\PROGRA~1\Launchy\Launchy.exe [2008-08-05 286720]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Streaming Server.lnk]

C:\PROGRA~1\Pinnacle\SHARED~1\Programs\STRMSE~1\STRMSE~1.EXE [2008-03-25 603408]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Toshiba VoIP Phone.lnk]

C:\PROGRA~1\Toshiba\TOSHIB~1\TOSHIB~1.EXE [2006-08-07 262144]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^UltraMon.lnk]

C:\WINDOWS\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico [2009-10-09 29310]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VProperty.lnk]

C:\WINDOWS\VPro610.exe  []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"odserv"=3

"CGVPNCliSrvc"=2

"TuneUp.Defrag"=3

"VzFw"=2

"TwonkyMedia"=2

"FirebirdServerMAGIXInstance"=3

"Bonjour Service"=2

nyrk	11.11.2009 14:49

rsit log, Teil 2

Code:



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="prio.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]

C:\WINDOWS\system32\VESWinlogon.dll [2005-05-20 73728]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Programme\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=91000000
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe"="C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"

"C:\Programme\TwonkyMedia\TwonkyMediaServer.exe"="C:\Programme\TwonkyMedia\TwonkyMediaServer.exe:*:Enabled:TwonkyMediaServer"

"C:\Programme\TwonkyMedia\TwonkyMedia.exe"="C:\Programme\TwonkyMedia\TwonkyMedia.exe:*:Enabled:TwonkyMedia"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"G:\Software\Limewire\App\LimeWire.exe"="G:\Software\Limewire\App\LimeWire.exe:*:Enabled:LimeWire"

"C:\WINDOWS\system32\lxdqcoms.exe"="C:\WINDOWS\system32\lxdqcoms.exe:*:Enabled:Z2400 Series Server"

"C:\Programme\Lexmark Z2400 Series\lxdqmon.exe"="C:\Programme\Lexmark Z2400 Series\lxdqmon.exe:*:Enabled:Printer Device Monitor"

"C:\WINDOWS\system32\lxdqcfg.exe"="C:\WINDOWS\system32\lxdqcfg.exe:*:Enabled:Printer Communication System"

"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqpswx.exe:*:Enabled:Printer Status Window Interface"

"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqtime.exe:*:Enabled:Lexmark Connect Time Executable"

"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqjswx.exe:*:Enabled:Job Status Window Interface"

"C:\Programme\Lexmark Z2400 Series\Diagnostics\LXDQdiag.exe"="C:\Programme\Lexmark Z2400 Series\Diagnostics\LXDQdiag.exe:*:Enabled: "

"C:\Programme\FRITZ!\fboxset.exe"="C:\Programme\FRITZ!\fboxset.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - fboxset.exe"

"C:\Programme\FRITZ!\igd_finder.exe"="C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe"

"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe"="C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Dokumente und Einstellungen\Alex\Desktop\SkypePortable\App\Skype\Phone\Skype.exe"="C:\Dokumente und Einstellungen\Alex\Desktop\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01c1a901-1eff-11de-a94b-00130265c4ca}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{070b8e32-2425-11de-a94e-0013a908759e}]

shell\1\command - .\recycled\info.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185189e9-a6e9-11de-a998-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{185189ed-a6e9-11de-a998-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd180b8-81c3-11de-a985-0002c7e86886}]

shell\AutoRun\command - H:\.\Autorun.exe AUTORUN=1
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd180ba-81c3-11de-a985-0013a908759e}]

shell\AutoRun\command - H:\.\Autorun.exe AUTORUN=1
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae610a84-1e29-11de-a946-00130265c4ca}]

shell\AutoRun\command - G:\PStart.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b65f9bac-6dea-11de-a979-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b65f9bad-6dea-11de-a979-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbac71fd-80d7-11de-a983-0013a908759e}]

shell\AutoRun\command - H:\.\Autorun.exe AUTORUN=1
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1a70e42-36f4-11de-a95b-0013a908759e}]

shell\AutoRun\command - G:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1a70e92-36f4-11de-a95b-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d24fb2a6-b51c-11de-a99f-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d92c5ddc-6d54-11de-a978-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d92c5dde-6d54-11de-a978-0013a908759e}]

shell\AutoRun\command - G:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d92c5de0-6d54-11de-a978-0013a908759e}]

shell\AutoRun\command - G:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d92c5de1-6d54-11de-a978-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d92c5de2-6d54-11de-a978-0013a908759e}]

shell\AutoRun\command - G:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d92c5de6-6d54-11de-a978-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebe2f6-b50a-11de-a99e-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebe2f7-b50a-11de-a99e-0013a908759e}]

shell\AutoRun\command - H:\AutoRun.exe
 
 

======List of files/folders created in the last 1 months======
 

2009-11-11 14:27:04 ----D---- C:\Programme\trend micro

2009-11-11 14:26:12 ----D---- C:\rsit

2009-11-11 14:03:10 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Thunderbird

2009-11-11 13:29:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2009-11-11 13:29:01 ----A---- C:\WINDOWS\gmer.dll

2009-11-11 13:28:59 ----A---- C:\WINDOWS\gmer.exe

2009-11-11 13:08:16 ----D---- C:\WINDOWS\LastGood

2009-11-10 23:51:31 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

2009-11-10 23:50:29 ----D---- C:\Programme\Lavasoft

2009-11-10 13:53:00 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Malwarebytes

2009-11-10 13:52:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2009-11-10 13:52:21 ----D---- C:\Programme\Malwarebytes' Anti-Malware

2009-11-10 00:57:02 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Ahead

2009-11-10 00:50:23 ----D---- C:\Programme\Nero

2009-11-10 00:50:23 ----D---- C:\Programme\Gemeinsame Dateien\Ahead

2009-11-10 00:49:43 ----A---- C:\WINDOWS\system32\d3dx9_30.dll

2009-11-10 00:49:41 ----A---- C:\WINDOWS\system32\d3dx9_28.dll

2009-11-06 01:13:11 ----D---- C:\Programme\FlashGet Network

2009-11-05 10:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$

2009-11-02 13:55:56 ----D---- C:\Programme\iPod

2009-11-02 13:54:43 ----D---- C:\Programme\iTunes

2009-11-02 11:25:44 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\HappyFoto

2009-11-02 11:25:23 ----D---- C:\Programme\HappyFoto

2009-11-01 23:01:06 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\InternetOwl

2009-10-30 18:09:00 ----D---- C:\Programme\SpeakLike

2009-10-27 12:48:56 ----A---- C:\WINDOWS\Podcasts.INI

2009-10-27 00:56:08 ----D---- C:\Programme\PixiePack Codec Pack

2009-10-27 00:49:15 ----D---- C:\Programme\RapidSolution

2009-10-24 23:12:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8ySeven

2009-10-24 23:04:23 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Apowersoft

2009-10-22 00:08:00 ----D---- C:\Programme\LangerSoft

2009-10-22 00:07:37 ----A---- C:\WINDOWS\unin0407.exe

2009-10-20 09:19:19 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}

2009-10-20 09:19:16 ----D---- C:\Programme\Stardock

2009-10-19 17:00:20 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Launchy

2009-10-19 16:59:42 ----D---- C:\Programme\Launchy

2009-10-18 10:02:09 ----D---- C:\WINDOWS\Performance

2009-10-18 09:58:46 ----D---- C:\Programme\Microsoft Windows 7 Upgrade Advisor

2009-10-17 09:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$

2009-10-17 09:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2009-10-17 09:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2009-10-17 09:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2009-10-17 09:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2009-10-17 09:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2009-10-17 09:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2009-10-16 23:56:11 ----D---- C:\WINDOWS\system32\CallBurner

2009-10-16 23:56:10 ----D---- C:\Programme\CallBurner

2009-10-16 11:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2009-10-16 11:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2009-10-16 11:30:35 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$

2009-10-16 11:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2009-10-15 13:18:13 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\gnupg

2009-10-14 11:19:57 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Uniblue

2009-10-14 11:11:09 ----D---- C:\Programme\AnVir Task Manager

2009-10-13 15:39:57 ----D---- C:\Programme\Photo Story 3 for Windows
 

======List of files/folders modified in the last 1 months======
 

2009-11-11 14:27:04 ----D---- C:\Programme

2009-11-11 14:26:40 ----D---- C:\WINDOWS\Temp

2009-11-11 13:29:02 ----D---- C:\WINDOWS\system32\drivers

2009-11-11 13:29:02 ----D---- C:\WINDOWS

2009-11-11 13:10:18 ----HD---- C:\WINDOWS\inf

2009-11-11 13:08:18 ----HD---- C:\WINDOWS\$hf_mig$

2009-11-11 12:53:25 ----A---- C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt

2009-11-11 00:02:08 ----D---- C:\WINDOWS\system32\CatRoot2

2009-11-11 00:00:14 ----SD---- C:\WINDOWS\Tasks

2009-11-10 23:57:10 ----D---- C:\WINDOWS\Registration

2009-11-10 23:54:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-11-10 23:52:45 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-11-10 23:52:30 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Skype

2009-11-10 23:51:31 ----SHD---- C:\WINDOWS\Installer

2009-11-10 23:50:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft

2009-11-10 23:43:33 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\skypePM

2009-11-10 22:28:57 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\uTorrent

2009-11-10 20:43:53 ----D---- C:\WINDOWS\system32

2009-11-10 14:51:12 ----D---- C:\WINDOWS\Minidump

2009-11-10 14:51:12 ----D---- C:\WINDOWS\Debug

2009-11-10 14:45:55 ----RSH---- C:\boot.ini

2009-11-10 14:45:55 ----A---- C:\WINDOWS\win.ini

2009-11-10 14:45:55 ----A---- C:\WINDOWS\system.ini

2009-11-10 14:41:27 ----D---- C:\WINDOWS\pss

2009-11-10 13:51:57 ----D---- C:\WINDOWS\ehome

2009-11-10 00:55:36 ----RD---- C:\Programme\Skype

2009-11-10 00:50:23 ----D---- C:\Programme\Gemeinsame Dateien

2009-11-10 00:49:45 ----D---- C:\WINDOWS\system32\DirectX

2009-11-10 00:45:44 ----D---- C:\TEMP

2009-11-10 00:41:02 ----D---- C:\WINDOWS\Prefetch

2009-11-10 00:38:12 ----D---- C:\Programme\Pamela

2009-11-05 23:52:43 ----D---- C:\Documents and Settings

2009-11-05 10:46:35 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-11-02 13:55:52 ----D---- C:\Programme\Gemeinsame Dateien\Apple

2009-11-02 00:15:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help

2009-11-02 00:15:05 ----RSD---- C:\WINDOWS\assembly

2009-11-02 00:13:22 ----RSD---- C:\WINDOWS\Fonts

2009-11-02 00:13:15 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared

2009-11-02 00:12:45 ----D---- C:\Programme\Microsoft Works

2009-10-30 13:14:04 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla

2009-10-29 10:31:38 ----D---- C:\WINDOWS\Help

2009-10-27 00:54:41 ----D---- C:\WINDOWS\WinSxS

2009-10-27 00:49:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rapidsolution

2009-10-26 23:07:57 ----D---- C:\Dokumente und Einstellungen

2009-10-25 11:12:17 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\dvdcss

2009-10-24 21:34:29 ----D---- C:\Programme\SlySoft

2009-10-20 00:51:39 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-10-19 23:41:39 ----SHD---- C:\RECYCLER

2009-10-19 23:27:26 ----D---- C:\WINDOWS\system

2009-10-17 12:58:29 ----D---- C:\Programme\noTRAXX

2009-10-17 10:28:00 ----D---- C:\WINDOWS\Microsoft.NET

2009-10-17 10:03:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-17 09:58:32 ----D---- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Adobe

2009-10-17 00:00:24 ----A---- C:\WINDOWS\eSellerateEngine.dll

2009-10-16 22:43:23 ----D---- C:\Programme\Gemeinsame Dateien\Skype

2009-10-16 22:43:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype

2009-10-16 11:24:10 ----D---- C:\Programme\Adobe

nyrk	11.11.2009 14:50

rsit log, Teil 3

Code:



======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys [2009-08-22 259632]

R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys [2009-09-17 482432]

R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]

R1 IDSxpx86;IDSxpx86; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091105.001\IDSxpx86.sys []

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS [2009-08-22 43696]

R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS [2009-08-22 217136]

R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-16 21275]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]

R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]

R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-10-17 104512]

R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]

R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]

R3 NAVENG;NAVENG; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091110.023\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091110.023\NAVEX15.SYS []

R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-06 3644160]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-12-04 27784]

R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]

R3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-27 29184]

R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS [2009-08-22 308272]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-13 1106888]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [2009-08-22 89904]

R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS [2009-08-22 33072]

R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]

R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS [2009-08-22 36400]

R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-11-19 25216]

R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]

R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 usbvm321;Sony Visual Communication Camera VGP-VCC1; C:\WINDOWS\System32\Drivers\usbvm321.sys [2005-12-29 234496]

R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]

S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-07-06 176128]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-11-11 85969]

S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]

S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2008-03-17 103168]

S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 mod7700;DiBcom DIB7700 based TV tuner device; C:\WINDOWS\System32\Drivers\mod7700.sys [2008-03-16 872192]

S3 MODRC;DiBcom Infrared Receiver; C:\WINDOWS\system32\DRIVERS\modrc.sys [2007-10-19 13824]

S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]

S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072]

S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SPC610NC;SPC 610NC Laptop Camera; C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS [2005-10-13 156800]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []

S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]

S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []

S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]

S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-11-22 108800]

S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]

S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2005-12-01 62848]

S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]

S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]

S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2005-11-15 36736]

S3 ugldqpoc;ugldqpoc; \??\C:\DOKUME~1\Alex\LOKALE~1\Temp\ugldqpoc.sys []

S3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400]

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 CGVPNCliSrvc;CyberGhost VPN Client; C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2009-10-28 2211328]

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]

R2 ehSched;Media Center-Planerdienst; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]

R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-04-01 152984]

R2 lxdq_device;lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [2007-12-04 594600]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB; C:\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]

R2 Norton Internet Security;Norton Internet Security; C:\Programme\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-06 143428]

R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]

R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]

R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]

R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 VAIO Event Service;VAIO Event Service; C:\Programme\Sony\VAIO Event Service\VESMgr.exe [2005-05-20 153600]

R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-11-28 167936]

R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568]

R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-11-28 270336]

S2 CTDevice_Srv;CT Device Query service; C:\Programme\Creative\Shared Files\CTDevSrv.exe []

S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [2007-12-04 98984]

S2 VCI;VAIO Cooporated Initialisation; C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe [2005-01-04 398336]

S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-02 72704]

S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-21 182768]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Programme\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 32768]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-09-24 1169232]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 MSCSPTISRV;MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]

S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]

S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]

S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]

S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB; C:\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]

S3 SSScsiSV;SonicStage SCSI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]

S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-11-25 73728]

S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-01-16 2084864]

S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-10-11 57344]

S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-10-11 770048]

S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-12-21 155648]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-04-13 361728]

S4 TwonkyMedia;TwonkyMedia; C:\Programme\TwonkyMedia\TwonkyMedia.exe [2008-05-07 106496]

S4 VzFw;VAIO Entertainment File Import Service; C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-11-28 135168]
 

-----------------EOF-----------------

nyrk	11.11.2009 14:51

GMER log

Code:



GMER 1.0.15.15220 - http://www.gmer.net

Rootkit scan 2009-11-11 14:40:00

Windows 5.1.2600 Service Pack 3

Running: ds86r5xw.exe; Driver: C:\DOKUME~1\Alex\LOKALE~1\Temp\ugldqpoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            85F46058                                                                                                            ZwAlertResumeThread

SSDT            85FA9058                                                                                                            ZwAlertThread

SSDT            86CF50A0                                                                                                            ZwAllocateVirtualMemory

SSDT            868961C8                                                                                                            ZwAssignProcessToJobObject

SSDT            86B603E8                                                                                                            ZwConnectPort

SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwCreateKey [0xF4387130]

SSDT            85EBC130                                                                                                            ZwCreateMutant

SSDT            8688A008                                                                                                            ZwCreateSymbolicLinkObject

SSDT            85E4D008                                                                                                            ZwCreateThread

SSDT            86C69058                                                                                                            ZwDebugActiveProcess

SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwDeleteKey [0xF43873B0]

SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwDeleteValueKey [0xF4387910]

SSDT            86CF51F8                                                                                                            ZwDuplicateObject

SSDT            86CF3128                                                                                                            ZwFreeVirtualMemory

SSDT            86B543B0                                                                                                            ZwImpersonateAnonymousToken

SSDT            860211A8                                                                                                            ZwImpersonateThread

SSDT            86B559F0                                                                                                            ZwLoadDriver

SSDT            86B78008                                                                                                            ZwMapViewOfSection

SSDT            868A5768                                                                                                            ZwOpenEvent

SSDT            86B801B8                                                                                                            ZwOpenProcess

SSDT            85FF1058                                                                                                            ZwOpenProcessToken

SSDT            85F31058                                                                                                            ZwOpenSection

SSDT            86B800E8                                                                                                            ZwOpenThread

SSDT            868960F8                                                                                                            ZwProtectVirtualMemory

SSDT            85FD5208                                                                                                            ZwResumeThread

SSDT            85F74058                                                                                                            ZwSetContextThread

SSDT            86B78130                                                                                                            ZwSetInformationProcess

SSDT            85FA8058                                                                                                            ZwSetSystemInformation

SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                          ZwSetValueKey [0xF4387B60]

SSDT            8690F058                                                                                                            ZwSuspendProcess

SSDT            85FA3058                                                                                                            ZwSuspendThread

SSDT            85F48058                                                                                                            ZwTerminateProcess

SSDT            8600F058                                                                                                            ZwTerminateThread

SSDT            85E7E058                                                                                                            ZwUnmapViewOfSection

SSDT            86CF31F8                                                                                                            ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           TUKERNEL.EXE!ZwYieldExecution + F2                                                                                  804E492C 4 Bytes  CALL ADD4FF34 

.text           TUKERNEL.EXE!ZwYieldExecution + 276                                                                                 804E4AB0 4 Bytes  CALL 43D502B5 

.rsrc           C:\WINDOWS\system32\drivers\atapi.sys                                                                               entry point in ".rsrc" section [0xF74847AC]

?               SYMEFA.SYS                                                                                                          Das System kann die angegebene Datei nicht finden. !
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                            SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                           SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
 

Device                                                                                                                              mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

Device          \Driver\00001878 -> \Driver\atapi \Device\Harddisk0\DR0                                                             86EED50C
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x25 0xDA 0xEC 0x7E ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x3E 0x1E 0x9E 0xE0 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xCD 0x44 0xCD 0xB9 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xDF 0x20 0x58 0x62 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x83 0x6C 0x56 0x8B ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0xB2 0x46 0x9A 0xE2 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x37 0xA4 0xAA 0xC3 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL

Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...
 

---- Files - GMER 1.0.15 ----
 

File            C:\WINDOWS\system32\drivers\atapi.sys                                                                               suspicious modification
 

---- EOF - GMER 1.0.15 ----

Larusso

11.11.2009 14:54

Gefällt mir nicht.

Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Rootkitscan mit RootRepeal

Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
Entpacke die Datei auf Deinen Desktop.
Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:filefind atapi*
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

nyrk	11.11.2009 14:54

zu den logs

Das sind jetzt alle logs, rsit leider in Teilen, da zu groß.

Ich bin erstaunt, dass sich jemand die Mühe macht, einem Fremden in solch einem Ausmaß zu helfen. Das Auswerten dieser mir großteils unverständlichen logs muss dich doch einige Zeit beanspruchen?

Umso mehr: vielen Dank, dass du dem Problem, das ich selbst ja gar nicht erkannt hätte, auf den Grund gehen möchtest!

nyrk	11.11.2009 14:56

Antivirus war deaktiviert, ebenso WLAN. Lediglich auf den Neustart zwischen rsit und gmer habe ich vergessen :(

Ich werde jetzt neu starten und dann laut deinen Anweisungen mit rootrepeal scannen.

nyrk	11.11.2009 15:11

Rootrepeal log

Code:



ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2009/11/11 15:09

Program Version:                Version 1.3.5.0

Windows Version:                Windows XP Media Center Edition SP3

==================================================
 

Drivers

-------------------

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB5003000        Size: 49152        File Visible: No        Signed: -

Status: -
 

Name: SYMEFA.SYS

Image Path: SYMEFA.SYS

Address: 0xF73C4000        Size: 323584        File Visible: No        Signed: -

Status: -
 

SSDT

-------------------

#: 002        Function Name: NtAccessCheckAndAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0f35
 

#: 003        Function Name: NtAccessCheckByType

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dac47
 

#: 004        Function Name: NtAccessCheckByTypeAndAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0fbc
 

#: 005        Function Name: NtAccessCheckByTypeResultList

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063fcc4
 

#: 006        Function Name: NtAccessCheckByTypeResultListAndAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641e55
 

#: 007        Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641e9e
 

#: 009        Function Name: NtAddBootEntry

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf
 

#: 010        Function Name: NtAdjustGroupsToken

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063f483
 

#: 011        Function Name: NtAdjustPrivilegesToken

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0787
 

#: 012        Function Name: NtAlertResumeThread

Status: Hooked by "<unknown>" at address 0x86d0c650
 

#: 013        Function Name: NtAlertThread

Status: Hooked by "<unknown>" at address 0x86d0c710
 

#: 014        Function Name: NtAllocateLocallyUniqueId

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805df8e8
 

#: 015        Function Name: NtAllocateUserPhysicalPages

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e442
 

#: 016        Function Name: NtAllocateUuids

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d8781
 

#: 017        Function Name: NtAllocateVirtualMemory

Status: Hooked by "<unknown>" at address 0x85f6a890
 

#: 018        Function Name: NtAreMappedFilesTheSame

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7258
 

#: 019        Function Name: NtAssignProcessToJobObject

Status: Hooked by "<unknown>" at address 0x85fddce0
 

#: 021        Function Name: NtCancelDeviceWakeupRequest

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb9b
 

#: 022        Function Name: NtCancelIoFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc537
 

#: 026        Function Name: NtCloseObjectAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0b65
 

#: 027        Function Name: NtCompactKeys

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655cf4
 

#: 028        Function Name: NtCompareTokens

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfff3
 

#: 030        Function Name: NtCompressKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655f61
 

#: 031        Function Name: NtConnectPort

Status: Hooked by "<unknown>" at address 0x86e4bfb0
 

#: 033        Function Name: NtCreateDebugObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661378
 

#: 036        Function Name: NtCreateEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650200
 

#: 038        Function Name: NtCreateIoCompletion

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805da662
 

#: 039        Function Name: NtCreateJobObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5cd6
 

#: 040        Function Name: NtCreateJobSet

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637c43
 

#: 041        Function Name: NtCreateKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf4293130
 

#: 042        Function Name: NtCreateMailslotFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6e7f
 

#: 043        Function Name: NtCreateMutant

Status: Hooked by "<unknown>" at address 0x85fc2b28
 

#: 045        Function Name: NtCreatePagingFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b4823
 

#: 049        Function Name: NtCreateProfile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650837
 

#: 052        Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "<unknown>" at address 0x85f63650
 

#: 053        Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0x85fefed8
 

#: 057        Function Name: NtDebugActiveProcess

Status: Hooked by "<unknown>" at address 0x86c76e68
 

#: 058        Function Name: NtDebugContinue

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8066264b
 

#: 059        Function Name: NtDelayExecution

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb07
 

#: 060        Function Name: NtDeleteAtom

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dcc8b
 

#: 061        Function Name: NtDeleteBootEntry

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb9b
 

#: 062        Function Name: NtDeleteFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d54ac
 

#: 063        Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf42933b0
 

#: 064        Function Name: NtDeleteObjectAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641ef5
 

#: 065        Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf4293910
 

#: 067        Function Name: NtDisplayString

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b5cd8
 

#: 068        Function Name: NtDuplicateObject

Status: Hooked by "<unknown>" at address 0x85fe7630
 

#: 070        Function Name: NtEnumerateBootEntries

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf
 

#: 072        Function Name: NtEnumerateSystemEnvironmentValuesEx

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb87
 

#: 074        Function Name: NtExtendSection

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062d3f9
 

#: 075        Function Name: NtFilterToken

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce473
 

#: 076        Function Name: NtFindAtom

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e26f2
 

#: 079        Function Name: NtFlushKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d93bb
 

#: 080        Function Name: NtFlushVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e8ab6
 

#: 081        Function Name: NtFlushWriteBuffer

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062eca1
 

#: 082        Function Name: NtFreeUserPhysicalPages

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e7f7
 

#: 083        Function Name: NtFreeVirtualMemory

Status: Hooked by "<unknown>" at address 0x86c765c0
 

#: 085        Function Name: NtGetContextThread

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80635721
 

#: 086        Function Name: NtGetDevicePowerState

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633bf7
 

#: 089        Function Name: NtImpersonateAnonymousToken

Status: Hooked by "<unknown>" at address 0x85efcd50
 

#: 090        Function Name: NtImpersonateClientOfPort

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfd66
 

#: 091        Function Name: NtImpersonateThread

Status: Hooked by "<unknown>" at address 0x86d0c5d0
 

#: 093        Function Name: NtInitiatePowerAction

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806339c3
 

#: 094        Function Name: NtIsProcessInJob

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637af7
 

#: 095        Function Name: NtIsSystemResumeAutomatic

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633bde
 

#: 097        Function Name: NtLoadDriver

Status: Hooked by "<unknown>" at address 0x86b83200
 

#: 098        Function Name: NtLoadKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce7e5
 

#: 099        Function Name: NtLoadKey2

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce944
 

#: 100        Function Name: NtLockFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd058
 

#: 101        Function Name: NtLockProductActivationKeys

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdce7
 

#: 102        Function Name: NtLockRegistryKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c7155
 

#: 104        Function Name: NtMakePermanentObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e704c
 

#: 105        Function Name: NtMakeTemporaryObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7113
 

#: 106        Function Name: NtMapUserPhysicalPages

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062da9e
 

#: 107        Function Name: NtMapUserPhysicalPagesScatter

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062def7
 

#: 108        Function Name: NtMapViewOfSection

Status: Hooked by "<unknown>" at address 0x86c764e0
 

#: 109        Function Name: NtModifyBootEntry

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb9b
 

#: 110        Function Name: NtNotifyChangeDirectoryFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd2ef
 

#: 111        Function Name: NtNotifyChangeKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e218f
 

#: 112        Function Name: NtNotifyChangeMultipleKeys

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e1fa1
 

#: 114        Function Name: NtOpenEvent

Status: Hooked by "<unknown>" at address 0x85fc2a68
 

#: 115        Function Name: NtOpenEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806502f3
 

#: 117        Function Name: NtOpenIoCompletion

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806210b3
 

#: 118        Function Name: NtOpenJobObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637e9b
 

#: 121        Function Name: NtOpenObjectAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e9252
 

#: 122        Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0x85fe7a90
 

#: 123        Function Name: NtOpenProcessToken

Status: Hooked by "<unknown>" at address 0x85f6a960
 

#: 125        Function Name: NtOpenSection

Status: Hooked by "<unknown>" at address 0x85fd2d90
 

#: 126        Function Name: NtOpenSemaphore

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e71ca
 

#: 128        Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0x85fe7700
 

#: 131        Function Name: NtOpenTimer

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650129
 

#: 135        Function Name: NtPrivilegeObjectAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d88c7
 

#: 136        Function Name: NtPrivilegedServiceAuditAlarm

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cd91a
 

#: 137        Function Name: NtProtectVirtualMemory

Status: Hooked by "<unknown>" at address 0x85fddbf0
 

#: 140        Function Name: NtQueryBootEntryOrder

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf
 

#: 141        Function Name: NtQueryBootOptions

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf
 

#: 147        Function Name: NtQueryEaFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621300
 

#: 153        Function Name: NtQueryInformationPort

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b0a5
 

#: 158        Function Name: NtQueryIntervalProfile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650ce7
 

#: 159        Function Name: NtQueryIoCompletion

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621174
 

#: 161        Function Name: NtQueryMultipleValueKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806556d8
 

#: 162        Function Name: NtQueryMutant

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065066c
 

#: 164        Function Name: NtQueryOpenSubKeys

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806558e1
 

#: 166        Function Name: NtQueryQuotaInformationFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621bb7
 

#: 168        Function Name: NtQuerySecurityObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9eab
 

#: 169        Function Name: NtQuerySemaphore

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f459
 

#: 171        Function Name: NtQuerySystemEnvironmentValue

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbd7
 

#: 172        Function Name: NtQuerySystemEnvironmentValueEx

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb73
 

#: 175        Function Name: NtQueryTimer

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3c32
 

#: 180        Function Name: NtQueueApcThread

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3b8d
 

#: 182        Function Name: NtRaiseHardError

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f195
 

#: 184        Function Name: NtReadFileScatter

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062248f
 

#: 185        Function Name: NtReadRequestData

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e050e
 

#: 188        Function Name: NtReleaseMutant

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb72
 

#: 191        Function Name: NtRemoveProcessDebug

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806625c6
 

#: 192        Function Name: NtRenameKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655b56
 

#: 193        Function Name: NtReplaceKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806564b2
 

#: 197        Function Name: NtReplyWaitReplyPort

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b184
 

#: 198        Function Name: NtRequestDeviceWakeup

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633b6b
 

#: 199        Function Name: NtRequestPort

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e94d0
 

#: 201        Function Name: NtRequestWakeupLatency

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633964
 

#: 204        Function Name: NtRestoreKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656049
 

#: 205        Function Name: NtResumeProcess

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063773a
 

#: 206        Function Name: NtResumeThread

Status: Hooked by "<unknown>" at address 0x8600c7d8
 

#: 207        Function Name: NtSaveKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065614a
 

#: 208        Function Name: NtSaveKeyEx

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656235
 

#: 209        Function Name: NtSaveMergedKeys

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656362
 

#: 211        Function Name: NtSetBootEntryOrder

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf
 

#: 212        Function Name: NtSetBootOptions

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf
 

#: 213        Function Name: NtSetContextThread

Status: Hooked by "<unknown>" at address 0x85f81758
 

#: 214        Function Name: NtSetDebugFilterState

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80663fa8
 

#: 216        Function Name: NtSetDefaultLocale

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6343
 

#: 217        Function Name: NtSetDefaultUILanguage

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d62ea
 

#: 218        Function Name: NtSetEaFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621847
 

#: 221        Function Name: NtSetHighEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806505f3
 

#: 222        Function Name: NtSetHighWaitLowEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650513
 

#: 223        Function Name: NtSetInformationDebugObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661f67
 

#: 225        Function Name: NtSetInformationJobObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5e2a
 

#: 226        Function Name: NtSetInformationKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065523b
 

#: 228        Function Name: NtSetInformationProcess

Status: Hooked by "<unknown>" at address 0x85f953b0
 

#: 231        Function Name: NtSetIntervalProfile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650813
 

#: 233        Function Name: NtSetLdtEntries

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80636653
 

#: 234        Function Name: NtSetLowEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650587
 

#: 235        Function Name: NtSetLowWaitHighEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065049f
 

#: 236        Function Name: NtSetQuotaInformationFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621b8f
 

#: 237        Function Name: NtSetSecurityObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9cac
 

#: 238        Function Name: NtSetSystemEnvironmentValue

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fe74
 

#: 239        Function Name: NtSetSystemEnvironmentValueEx

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb73
 

#: 240        Function Name: NtSetSystemInformation

Status: Hooked by "<unknown>" at address 0x86c76fd0
 

#: 242        Function Name: NtSetSystemTime

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064ee49
 

#: 243        Function Name: NtSetThreadExecutionState

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb0b7
 

#: 245        Function Name: NtSetTimerResolution

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb37e
 

#: 246        Function Name: NtSetUuidSeed

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdac6
 

#: 247        Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf4293b60
 

#: 248        Function Name: NtSetVolumeInformationFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806220cd
 

#: 249        Function Name: NtShutdownSystem

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064e597
 

#: 251        Function Name: NtStartProfile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650a7e
 

#: 252        Function Name: NtStopProfile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650c37
 

#: 253        Function Name: NtSuspendProcess

Status: Hooked by "<unknown>" at address 0x85fc2988
 

#: 254        Function Name: NtSuspendThread

Status: Hooked by "<unknown>" at address 0x85f815d8
 

#: 255        Function Name: NtSystemDebugControl

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650d97
 

#: 256        Function Name: NtTerminateJobObject

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063800d
 

#: 257        Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0x85fe7ba8
 

#: 258        Function Name: NtTerminateThread

Status: Hooked by "<unknown>" at address 0x85f81698
 

#: 261        Function Name: NtTranslateFilePath

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbc3
 

#: 262        Function Name: NtUnloadDriver

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80624780
 

#: 263        Function Name: NtUnloadKey

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654db2
 

#: 264        Function Name: NtUnloadKeyEx

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654fdb
 

#: 265        Function Name: NtUnlockFile

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd1b8
 

#: 266        Function Name: NtUnlockVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062ed15
 

#: 267        Function Name: NtUnmapViewOfSection

Status: Hooked by "<unknown>" at address 0x85f95480
 

#: 269        Function Name: NtWaitForDebugEvent

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661cb2
 

#: 270        Function Name: NtWaitForMultipleObjects

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056ec4d
 

#: 272        Function Name: NtWaitHighEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650433
 

#: 273        Function Name: NtWaitLowEventPair

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806503c7
 

#: 275        Function Name: NtWriteFileGather

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc824
 

#: 276        Function Name: NtWriteRequestData

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0592
 

#: 277        Function Name: NtWriteVirtualMemory

Status: Hooked by "<unknown>" at address 0x86c76690
 

#: 279        Function Name: NtCreateKeyedEvent

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c291a
 

#: 281        Function Name: NtReleaseKeyedEvent

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065120b
 

#: 282        Function Name: NtWaitForKeyedEvent

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80651476
 

#: 283        Function Name: NtQueryPortInformationProcess

Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80634f55
 

Shadow SSDT

-------------------

#: 307        Function Name: NtUserAttachThreadInput

Status: Hooked by "<unknown>" at address 0x85fcfd00
 

#: 383        Function Name: NtUserGetAsyncKeyState

Status: Hooked by "<unknown>" at address 0x86a5b560
 

#: 414        Function Name: NtUserGetKeyboardState

Status: Hooked by "<unknown>" at address 0x86a3a050
 

#: 416        Function Name: NtUserGetKeyState

Status: Hooked by "<unknown>" at address 0x86a8e050
 

#: 428        Function Name: NtUserGetRawInputData

Status: Hooked by "<unknown>" at address 0x86b7e4a0
 

#: 460        Function Name: NtUserMessageCall

Status: Hooked by "<unknown>" at address 0x86b86350
 

#: 475        Function Name: NtUserPostMessage

Status: Hooked by "<unknown>" at address 0x86a42240
 

#: 476        Function Name: NtUserPostThreadMessage

Status: Hooked by "<unknown>" at address 0x86bb98e8
 

#: 549        Function Name: NtUserSetWindowsHookEx

Status: Hooked by "<unknown>" at address 0x86c99a30
 

#: 552        Function Name: NtUserSetWinEventHook

Status: Hooked by "<unknown>" at address 0x86de8608
 

==EOF==

nyrk	11.11.2009 15:12

Systemlook log folgt nach Neustart! :dankeschoen:

nyrk	11.11.2009 15:27

Systemlook log

Code:



SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 15:19 on 11/11/2009 by Alex (Administrator - Elevation successful)
 

========== filefind ==========
 

Searching for "atapi*"

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys        -----c 95360 bytes        [10:13 01/04/2009]        [21:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

C:\WINDOWS\I386\ATAPI.SY_        -ra--- 49558 bytes        [14:20 16/03/2006]        [12:00 10/08/2004] 28541D14647BB58502D09D1CEAEE6684

C:\WINDOWS\ServicePackFiles\i386\atapi.sys        ------ 96512 bytes        [18:40 13/04/2008]        [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\system32\drivers\atapi.sys        --a--- 96512 bytes        [22:59 03/08/2004]        [18:40 13/04/2008] 96522988E7AE6BC2311BAAD4C84EC299

C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys        --a--- 95360 bytes        [16:20 16/03/2006]        [12:00 10/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys        --a--- 95360 bytes        [16:20 16/03/2006]        [21:59 03/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
 

-=End Of File=-

Larusso

11.11.2009 15:32

Okay, Rootkit infektion :(

Was spricht gegen ein neu aufsetzen ?

nyrk	11.11.2009 15:35

Aufsetzen

Nein, es spricht an sich nichts dagegen, ich spiele auch schon mit dem Gedanken, weil mein Sony Vaio schon recht langsam ist. Bisher habe ich immer die recovery utility verwendet, die dabei ist.
Ist die "recovery" gleichbedeutend mit neu aufsetzen, oder sollte ich komplett formatieren?

Vielleicht lege ich mir nach ca. 5 Jahren auch wieder einen neuen Laptop zu, dann würde ich diesen Vaio, der sonst noch recht gut ist, gerne meinem Vater als Zweitcomputer schenken, und das wenn möglich virenfrei. Also werde ich um das Neuaufsetzen nicht herumkommen, sei es nun durch recovery oder Formatieren (?).

Siehst du, welche Gefahren dieses Rootkit birgt? Gibt es kein Tool, das es entfernen könnte?

Danke, danke, danke !!!

Larusso

11.11.2009 15:47

Ja kann ich entfernen.

Aber formatieren wäre sicherer ;)

nyrk	11.11.2009 15:51

Ok, dann werde ich das asap machen!

Gibt es eine verlässliche Möglichkeit, sich gegen solche rootkits zu schützen?
Mein AV hat es nicht bemerkt, ebensowenig wie Malwarebytes. Wer weiß, wie lange ich das schon mit herumschleppe :(

Danke für deine Hilfe. Was bin ich schuldig? :daumenhoc

Larusso

11.11.2009 15:57

Also Format C: :daumenhoc

Was du mir schuldest? 10000000000 € :uglyhammer:
Natürlich nichts :)

Schutz vor solch Sachen beginnt damit, mit etwas Hirn zu surfen :)
Nicht immer auf alles klicken, wo Klick mich steht.

nyrk	11.11.2009 17:46

Danke, Larusso!

Ich habe nun bereits ein Backup des Großteils meiner Daten erstellt und werde dann formatieren.

Mich würde interessieren, woran du die rootkits erkannt hast? U.a. daran, dass gewisse Prozesse by "unknown" hooked sind?

Ich würde mir auch gern ein profundes Verständnis für diese Dinge aneignen - zum Selbstschutz, aber auch, um anderen (zuerst einmal im Freundes- und Familienkreis) bei Bedarf helfen zu können. Woher hast du dein Wissen zu Malware? Einfach "learning by doing" ? Bücher, websites?

Ich spreche zwar keinerlei Programmiersprache, noch verstehe ich, was hinter den Anwendungen steht, doch ich sitze schon recht viel am Computer und helfe hie und da anderen bei - ganz offensichtlich weniger gravierenden - Problemchen.
Dass ich unvorsichtig gesurft sein könnte und mir dabei etwas eingefangen habe, überrascht mich, da ich meines Wissens nie Seiten aufrufe oder Links folge, die ich überhaupt nicht kenne.
Aber um das "Kennen" zu beurteilen braucht es vermutlich mehr als die Laienkenntnisse eines heavy users, der aber kein heavy knower ist. :P

Würde mich freuen, wenn du mich noch - ohne großen Aufwand für dich - auf einen "Pfad der Erleuchtung" stupsen könntest :)

Liebe Grüße aus Wien
Alex

Larusso

11.11.2009 23:33

Hallo Alex

Das Helfen bei Malware Problemen kann man lernen :)
Es gibt dazu eigene "Schulen", aber dafür benötigt es viel Zeit und vor allem den Willen es zu lernen.
Thats not easy.
Vorkenntnisse im Umgang mit einem PC sind zwar vom Vorteil, jedoch nicht Pflicht.
Ich fing damit an, als ich 2 Tage mit einem PC zu tun hatte ;)

Vorzuziehen sind english sprachige Schulen
Unite
aber es gibt auch eine deutschsprachige Schule.
HijackThis.de

Bitte sei Dir (und alle Mitleser) dabei eins im klaren.
Es erfordert sehr viel Zeit und Geduld.
Wenn Du/ Ihr schon jetzt weist/ wiss, dass Deine/ Eure Freizeit schon verplant ist, bitte ich Dich/ Euch nicht zu bewerben :)

Alle Zeitangaben in WEZ +1. Es ist jetzt 08:51 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130