Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Infiziert? (https://www.trojaner-board.de/75270-infiziert.html)

der_gizmo 14.07.2009 21:52
Infiziert?
 
Guten Abend!

Ich befürchte, ich habe mir heute Malware irgendeiner Art runtergezogen...
Seitdem ich einen Download abgeschlossen hatte, öffnet sich ständig (bis ich die Anwendung im Taskmanager beendet hatte) eine Fehlermeldung, ausgelöst von einer gewissen Datei "b.exe".
Diese Datei hab ich mittels msconfig beim Systemstart nun deaktiviert, das Problem wird damit aber wohl nicht behoben sein.

Ich würde gerne ein HiJackThis Log-File posten, aber da habe ich das Problem, dass ich dieses Programm gar nicht öffnen kann. Die installation lief - glaube ich - noch problemlos, aber beim Doppelklick auf die exe-Datei tut sich nichts.
Kann mir irgendjemand einen Vorschlag machen, was ich tun könnte (zunächst mal, um überhaupt ein Log-File erstellen zu können) ?

Mit freundlichen Grüßen
Matthias

Most 15.07.2009 07:23
hallo und :hallo:

Hol dir Mal Malwarebytes und installiere es. führe das programm aus und mach den Punkt bei "Vollständiger Scan". Danach drücke unten auf scan. das kann eine weile dauern. :)

MFG Most

der_gizmo 15.07.2009 14:48
Hallo, und erst einmal danke!

Hier habe ich das gleiche Problem... Die Installation verlief noch reibungslos, aber, wenn ich die exe-Datei anklicke, tut sich nichts.

Das Problem liegt nur bei diesen beiden Dateien vor, ansonsten ist mir am PC generell auch noch nichts negatives aufgefallen, außer den ständigen Fehlermeldungen.



Achja mein Anti-Virus Programm hat übrigens folgendes vermeldet:

In der Datei 'C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\a.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.

In der Datei 'C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\enfodamara.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.20480' [trojan] gefunden.

Larusso 15.07.2009 16:53
@ der_gizmo

Vista User? bitte alle Tools mit rechtsklick >> als Administrator starten

1.
Bitte downloade Dir trotzdem Malwarebytes und führe es nach Anleitung aus und poste die Logfile

2.
  • Lade Random's System Information Tool (RSIT) herunter,
  • speichere es auf Deinem Desktop.
  • Starte mit Doppelklick die RSIT.exe.
  • Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
  • Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
  • Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
  • Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt

der_gizmo 15.07.2009 18:52
Nein, bin XP-User. Aber mittels "Ausführen als" kam ich beim HijackThis immerhin schon dazu, den Lizenzvertrag zu akzeptieren, danach tat sich aber wieder nichts. Bei Anti-Malware auch keine Reaktion seitens des PC.

RSIT lief reibungslos, das Ergebnis liefer ich gleich nach.

der_gizmo 15.07.2009 19:07
Info Teil 2:
Der erste Teil (Uninstall list) überschreitet die 25.000-Zeichen-Beschränkung. Falls erwünscht, werde ich diesen aber auch in zwei Teile "zerlegen" und diese dann posten.

Code:

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: xxx-6D066A0E97
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 17236
Source Name: Service Control Manager
Time Written: 20090613172045.000000+120
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 17235
Source Name: Service Control Manager
Time Written: 20090613172039.000000+120
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 17234
Source Name: Service Control Manager
Time Written: 20090613172039.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: xxx-6D066A0E97
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 17233
Source Name: Service Control Manager
Time Written: 20090613171933.000000+120
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt".

Record Number: 17232
Source Name: Service Control Manager
Time Written: 20090613171931.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: xxx-6D066A0E97
Event Code: 1
Message:
Record Number: 1212
Source Name: OTi Card Reader Service
Time Written: 20090306124804.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 0
Message:
Record Number: 1211
Source Name: ICQ Service
Time Written: 20090306124758.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 105
Message: The service was started.

Record Number: 1210
Source Name: Creative Service for CDROM Access
Time Written: 20090306124758.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 1209
Source Name: Avira AntiVir
Time Written: 20090305201942.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: xxx-6D066A0E97
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1208
Source Name: SecurityCenter
Time Written: 20090305201941.000000+060
Event Type: Informationen
User:

der_gizmo 15.07.2009 19:09
Log Teil 1:

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by kwam at 2009-07-15 19:41:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 126 GB (53%) free of 238 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:46, on 15.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CardReader2.0\OTiReader.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\kwam\Desktop\RSIT.exe
C:\Programme\trend micro\kwam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Cognac] C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2833BB1A-0A93-49A6-A6B6-03EA4ACA14FF}: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{473DAA73-5AF5-4C71-958B-7C3901FA46A8}: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{E63F2240-5033-43F1-B121-7245E1BFFDBC}: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.202,85.255.112.190
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Programme\CardReader2.0\OTiReader.exe

--
End of file - 11504 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programme\google\googletoolbar1.dll [2008-10-24 2427968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-24 267592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar1.dll [2008-10-24 2427968]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-24 267592]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-13 7606272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-08-08 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2005-08-08 18944]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"D-Link AirPlus G"=C:\Programme\D-Link\AirPlus G\AirGCFG.exe [2005-07-22 1519616]
"ANIWZCS2Service"=C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-04-20 385024]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-04-24 1448960]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2009-02-25 37888]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"AdobeCS4ServiceManager"=C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
"Acrobat Assistant 8.0"=C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Creative Detector"=C:\Programme\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-02-16 405504]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]
"Cognac"=C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe [2009-07-14 161792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac]
C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe [2009-07-14 161792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CRBroadCasting]
C:\Programme\CardReader2.0\CRBroadCasting.exe [2004-07-27 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\FrostWire\FrostWire.exe"="C:\Programme\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Vuze\Azureus.exe"="C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Dokumente und Einstellungen\kwam\Eigene Dateien\Azureus Downloads\Age Of Empires 2 & The Conquerors Expansion -\empires2.exe"="C:\Dokumente und Einstellungen\kwam\Eigene Dateien\Azureus Downloads\Age Of Empires 2 & The Conquerors Expansion -\empires2.exe:*:Enabled:Age of Empires II"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Dokumente und Einstellungen\kwam\Eigene Dateien\Azureus Downloads\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe"="C:\Dokumente und Einstellungen\kwam\Eigene Dateien\Azureus Downloads\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Dokumente und Einstellungen\kwam\Desktop\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe"="C:\Dokumente und Einstellungen\kwam\Desktop\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Dokumente und Einstellungen\kwam\Desktop\Age Of Empires 2 & The Conquerors Expansion -\empires2.exe"="C:\Dokumente und Einstellungen\kwam\Desktop\Age Of Empires 2 & The Conquerors Expansion -\empires2.exe:*:Enabled:Age of Empires II"
"C:\Dokumente und Einstellungen\kwam\Desktop\dud\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe"="C:\Dokumente und Einstellungen\kwam\Desktop\dud\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

der_gizmo 15.07.2009 19:10
Log Teil II:

Code:
======List of files/folders created in the last 1 months======

2009-07-15 19:40:14 ----D---- C:\rsit
2009-07-15 15:15:13 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-07-15 15:15:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-14 22:35:27 ----D---- C:\Programme\Trend Micro
2009-07-14 20:46:52 ----D---- C:\WINDOWS\Minidump
2009-07-14 20:45:27 ----A---- C:\WINDOWS\system32\msxml71.dll
2009-07-14 20:38:41 ----A---- C:\WINDOWS\Robota.INI
2009-07-14 20:38:36 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\MAGIX
2009-07-14 20:23:09 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2009-07-14 20:23:07 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2009-07-14 20:22:19 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\TTIC32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\TTI32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\STRING32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\MXRestore.exe
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLIX.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2009-07-14 20:21:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2009-07-14 20:21:23 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
2009-07-14 20:21:10 ----D---- C:\WINDOWS\system32\MAGIX
2009-07-14 20:21:10 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-07-14 20:21:10 ----A---- C:\WINDOWS\mgxoschk.ini
2009-07-14 19:27:31 ----D---- C:\Programme\Audacity
2009-07-10 20:47:49 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-10 20:47:08 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-07-10 20:47:02 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-07-07 18:30:23 ----D---- C:\Programme\Avira
2009-07-07 18:30:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-07-06 22:52:05 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\com.adobe.ExMan
2009-07-02 21:11:46 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Apple Computer
2009-06-24 00:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-24 00:05:48 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-22 15:26:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2009-06-22 15:22:16 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe146.dll
2009-06-22 15:12:11 ----D---- C:\Programme\Gemeinsame Dateien\Sony Shared
2009-06-22 15:11:58 ----D---- C:\Programme\Sony
2009-06-22 15:09:10 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-06-22 15:09:08 ----D---- C:\Programme\QuickTime
2009-06-22 15:09:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-06-22 15:08:57 ----D---- C:\Programme\Apple Software Update
2009-06-22 15:08:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-06-22 15:08:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-06-22 15:08:00 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-06-22 15:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2009-06-22 15:05:58 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Sony

======List of files/folders modified in the last 1 months======

2009-07-15 19:38:12 ----D---- C:\Programme\Mozilla Firefox
2009-07-15 19:37:36 ----SD---- C:\WINDOWS\Tasks
2009-07-15 18:48:00 ----D---- C:\WINDOWS\Prefetch
2009-07-15 18:47:59 ----D---- C:\WINDOWS\Temp
2009-07-15 15:15:14 ----D---- C:\WINDOWS\system32\drivers
2009-07-15 15:15:13 ----RD---- C:\Programme
2009-07-15 15:10:42 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Winamp
2009-07-15 15:10:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-14 23:06:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-14 23:01:21 ----A---- C:\WINDOWS\win.ini
2009-07-14 22:33:11 ----SH---- C:\boot.ini
2009-07-14 22:33:11 ----A---- C:\WINDOWS\system.ini
2009-07-14 22:06:57 ----D---- C:\Programme\Warcraft III
2009-07-14 20:47:17 ----D---- C:\WINDOWS
2009-07-14 20:45:27 ----D---- C:\WINDOWS\system32
2009-07-14 20:23:18 ----SHD---- C:\WINDOWS\Installer
2009-07-14 20:23:18 ----D---- C:\WINDOWS\Help
2009-07-14 20:23:09 ----HD---- C:\WINDOWS\inf
2009-07-14 20:22:39 ----RSD---- C:\WINDOWS\Fonts
2009-07-14 20:21:11 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Azureus
2009-07-10 22:57:54 ----SD---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Microsoft
2009-07-10 21:15:47 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\FrostWire
2009-07-10 20:47:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-10 20:46:55 ----D---- C:\WINDOWS\system32\DirectX
2009-07-10 20:10:54 ----D---- C:\Programme\Microsoft Games
2009-07-10 16:06:56 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Skype
2009-07-10 16:01:01 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\skypePM
2009-07-07 19:11:49 ----D---- C:\WINDOWS\WinSxS
2009-07-06 22:54:36 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Adobe
2009-07-02 21:16:14 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2009-07-02 21:16:10 ----D---- C:\Programme\DVDVideoSoft
2009-06-24 00:06:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-22 15:28:08 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-06-22 15:22:02 ----HD---- C:\Programme\InstallShield Installation Information
2009-06-22 15:22:02 ----D---- C:\Programme\Sony Ericsson
2009-06-22 15:12:11 ----D---- C:\Programme\Gemeinsame Dateien
2009-06-22 15:09:29 ----D---- C:\Programme\Internet Explorer
2009-06-22 15:08:34 ----A---- C:\WINDOWS\imsins.BAK
2009-06-22 15:08:28 ----D---- C:\Programme\Windows Media Player
2009-06-22 15:08:08 ----D---- C:\WINDOWS\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-07-08 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-08 28520]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-08 55640]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-07 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-07 439424]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-07 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-07 142848]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-03 199168]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-07 77824]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 1093632]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-29 25280]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-13 3918176]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-07 114688]
R3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-06-04 319104]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 agvko7uw;agvko7uw; C:\WINDOWS\system32\drivers\agvko7uw.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-07-08 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-08 185089]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-13 155715]
R2 OTi Card Reader Service;OTi Card Reader Service; C:\Programme\CardReader2.0\OTiReader.exe [2004-07-26 139369]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe [2009-05-06 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-05 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Larusso 15.07.2009 19:55
Ich werde hier einen erfahreneren Helfer um Hilfe bitten
Bitte habe um etwas geduld
danke

john.doe 15.07.2009 20:15
Hallo und :hallo:

Das sieht übel aus, du hast u.a. eine Umleitung in die Ukraine drin. Alle deine Internetanfragen können beliebig umgeleitet und abgefangen werden. Kein Onlinebanking, ebay, Paypal o.ä., nach Abschluss alle Kennwörter von einem sauberen Rechner ändern. Du sparst dir eine Menge Zeit wenn du die schnelle und sichere Alternative wählst => http://www.trojaner-board.de/51262-a...sicherung.html

Ansonsten beginne mit Combofix.

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

    Sollte sich ComboFix nicht starten lassen, dann benenne es um in cofi.exe und versuche es nocheinmal.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

ciao, andreas

der_gizmo 15.07.2009 21:31
Ukraine? Oh Gott...

Zunächst Vielen Dank, auch an Gentlman.
Die Combofix.exe Datei lässt sich nicht öffnen, auch nicht, nachdem ich sie umbenannt habe.

Alternativen zum Formatieren habe ich nun also keine?

MfG

john.doe 15.07.2009 21:42
Doch, nur jetzt wird es noch länger dauern. :)

Scannen und Log posten => http://www.trojaner-board.de/74908-a...t-scanner.html

ciao, andreas

der_gizmo 15.07.2009 21:45
Danke, für die schnelle Antwort.

Ich habe es jetzt allerdings bereits vor dem Download umbenannt, nun funktioniert es :)

Gruß

der_gizmo 15.07.2009 21:50
Zu früh gefreut...
Es erscheint ein Balken, vermutlich ein Ladebalken, der sich in einem grau getünchtes Feld befindet, der sich allerdings strikt weigert, irgendeinen Fortschritt anzuzeigen.

john.doe 15.07.2009 22:03
Dann Gmer, sollte der nicht laufen, dann Rootrepeal. :)

ciao, andreas

der_gizmo 15.07.2009 22:04
Das kam bei GMER heraus:

Code:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-15 23:00:43
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT      BAFA977E                                                                                                                                        ZwCreateKey
SSDT      BAFA9774                                                                                                                                        ZwCreateThread
SSDT      BAFA9783                                                                                                                                        ZwDeleteKey
SSDT      BAFA978D                                                                                                                                        ZwDeleteValueKey
SSDT      sprs.sys                                                                                                                                        ZwEnumerateKey [0xBA6C6CA2]
SSDT      sprs.sys                                                                                                                                        ZwEnumerateValueKey [0xBA6C7030]
SSDT      BAFA9792                                                                                                                                        ZwLoadKey
SSDT      sprs.sys                                                                                                                                        ZwOpenKey [0xBA6A80C0]
SSDT      BAFA9760                                                                                                                                        ZwOpenProcess
SSDT      BAFA9765                                                                                                                                        ZwOpenThread
SSDT      sprs.sys                                                                                                                                        ZwQueryKey [0xBA6C7108]
SSDT      sprs.sys                                                                                                                                        ZwQueryValueKey [0xBA6C6F88]
SSDT      BAFA979C                                                                                                                                        ZwReplaceKey
SSDT      BAFA9797                                                                                                                                        ZwRestoreKey
SSDT      BAFA9788                                                                                                                                        ZwSetValueKey
SSDT      BAFA976F                                                                                                                                        ZwTerminateProcess

INT 0x62  ?                                                                                                                                              8A613BF8
INT 0x63  ?                                                                                                                                              8A613BF8
INT 0x63  ?                                                                                                                                              8A613BF8
INT 0x63  ?                                                                                                                                              8A306BF8
INT 0x73  ?                                                                                                                                              8A5A5BF8
INT 0x73  ?                                                                                                                                              8A5A5BF8
INT 0x83  ?                                                                                                                                              8A306BF8
INT 0xA4  ?                                                                                                                                              8A306BF8
INT 0xB4  ?                                                                                                                                              8A306BF8

Code      8A0B8FD8                                                                                                                                        ZwFlushInstructionCache
Code      8A0B8E26                                                                                                                                        IofCallDriver
Code      88A32386                                                                                                                                        IofCompleteRequest
Code      8A0B90B5                                                                                                                                        ZwSaveKey
Code      8A0B918D                                                                                                                                        ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!IofCallDriver                                                                                                                      804EF1A6 5 Bytes  JMP 8A0B8E2B
.text    ntkrnlpa.exe!IofCompleteRequest                                                                                                                804EF236 5 Bytes  JMP 88A3238B
.text    ntkrnlpa.exe!ZwSaveKey                                                                                                                          80500D68 5 Bytes  JMP 8A0B90BA
.text    ntkrnlpa.exe!ZwSaveKeyEx                                                                                                                        80500D7C 5 Bytes  JMP 8A0B9192
PAGE      ntkrnlpa.exe!ZwFlushInstructionCache                                                                                                            805B6812 5 Bytes  JMP 8A0B8FDC
?        sprs.sys                                                                                                                                        Das System kann die angegebene Datei nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                                          B9A388AC 5 Bytes  JMP 8A3061D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                              [BA6A9040] sprs.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                      [BA6A913C] sprs.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                            [BA6A90BE] sprs.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                    [BA6A97FC] sprs.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                            [BA6A96D2] sprs.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                                          8A5A11F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{2833BB1A-0A93-49A6-A6B6-03EA4ACA14FF}                                                                        8A37B500
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                                                8A304500
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                                                8A304500
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                                                8A304500
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                                                8A304500
Device    \Driver\NetBT \Device\NetBT_Tcpip_{3ABE492C-1F38-465D-BD23-F6074506C18A}                                                                        8A37B500
Device    \Driver\usbehci \Device\USBPDO-4                                                                                                                8A323500
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                          8A5A31F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                                                          8A5A31F8
Device    \Driver\Cdrom \Device\CdRom1                                                                                                                    8A258430
Device    \Driver\usbstor \Device\00000080                                                                                                                8A0CC1F8
Device    \Driver\usbstor \Device\00000081                                                                                                                8A0CC1F8
Device    \Driver\usbstor \Device\00000082                                                                                                                8A0CC1F8
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                        8A37B500
Device    \Driver\PCI_PNP8880 \Device\0000004b                                                                                                            sprs.sys
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                                                8A37B500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                                                8A304500
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                                                8A304500
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                              89F78500
Device    \Driver\usbstor \Device\0000007b                                                                                                                8A0CC1F8
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                                                8A304500
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                    89F78500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                                                8A304500
Device    \Driver\usbehci \Device\USBFDO-4                                                                                                                8A323500
Device    \Driver\Ftdisk \Device\FtControl                                                                                                                8A5A31F8
Device    \Driver\usbstor \Device\0000007f                                                                                                                8A0CC1F8
Device    \Driver\sptd \Device\2065586380                                                                                                                sprs.sys
Device    \Driver\agvko7uw \Device\Scsi\agvko7uw1Port5Path0Target0Lun0                                                                                    8A2401F8
Device    \Driver\agvko7uw \Device\Scsi\agvko7uw1                                                                                                        8A2401F8
Device    \Driver\JRAID \Device\Scsi\JRAID1                                                                                                              8A5A21F8
Device    \FileSystem\Cdfs \Cdfs                                                                                                                          8A0CB1F8

---- Registry - GMER 1.0.15 ----

Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4253CC67-8266-6CC7-E300-0AFF8DB0ABBD}                               
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4253CC67-8266-6CC7-E300-0AFF8DB0ABBD}@oaekjkbfbepihimmfanddhhpkpmmmg  0x64 0x61 0x64 0x69 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4253CC67-8266-6CC7-E300-0AFF8DB0ABBD}@oailjhhlcmlbmnhbkmoclnfonplpan  0x6A 0x61 0x64 0x69 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4253CC67-8266-6CC7-E300-0AFF8DB0ABBD}@nacipnbaldjcfbiifafcoeinhgmo    0x6A 0x61 0x64 0x69 ...

---- Disk sectors - GMER 1.0.15 ----

Disk      \Device\Harddisk0\DR0                                                                                                                          sector 01: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 02: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 03: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 04: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 05: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 06: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 07: rootkit-like behavior; copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 08: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 09: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 10: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 11: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 12: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 13: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 14: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 15: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 16: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 17: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 18: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 19: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 20: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 21: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 22: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 23: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 24: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 25: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 26: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 27: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 28: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 29: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 30: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 31: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 32: rootkit-like behavior; copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 33: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 34: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 35: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 36: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 37: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 38: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 39: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 40: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 41: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 42: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 43: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 44: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 45: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 46: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 47: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 48: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 49: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 50: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 51: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 52: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 53: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 54: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 55: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 56: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 57: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 58: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 59: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 60: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 61: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 62: copy of MBR
Disk      \Device\Harddisk0\DR0                                                                                                                          sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

john.doe 15.07.2009 22:10
Dann schau mal, mit wem du es zu tun hast => ThreatExpert Report: Packed.Win32.Tdss.w, Trojan.Win32.Alureon..

Rootkitscan mit RootRepeal
  • Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
  • Entpacke die Datei auf Deinen Desktop.
  • Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
  • Klicke auf den Reiter Report und dann auf den Button Scan.
  • Mache einen Haken bei den folgenden Elementen und klicke Ok.
    .
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    .
  • Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
  • Wähle C:\ und klicke wieder Ok.
  • Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
  • Wenn der Suchlauf beendet ist, klicke auf Save Report.
  • Speichere das Logfile als RootRepeal.txt auf dem Desktop.
  • Kopiere den Inhalt hier in den Thread.

ciao, andreas

Edit: Poste bitte auch noch den ersten Teil von Info.txt, ich brauche deine Softwareliste.

der_gizmo 15.07.2009 22:18
Info Teil 1.1:

Code:
======Uninstall list======

-->"C:\Programme\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7  /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}

der_gizmo 15.07.2009 22:20
Info Teil 1.2

Code:
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Age of Empires III-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}
AirPlus G-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l1031
ANIO Service-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
BitComet FLV Converter 1.0-->C:\Programme\BitComet FLV Converter\uninst.exe
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x7 UNINST
CD Audio Reader Filter (remove only)-->"C:\Programme\CD Audio Reader Filter\uninstall.exe"
CDBurnerXP-->"C:\Programme\CDBurnerXP\unins000.exe"
CodecInstaller 2.10.2-->C:\Programme\JockerSoft\CodecInstaller\uninst.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Creative MediaSource-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x7  /remove
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7  /remove
DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe
DC-Bass Source 1.1.1-->"C:\Programme\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Programme\DirectVobSub\uninstall.exe"
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DScaler 5 Mpeg Decoders-->"C:\Programme\DScaler5\unins000.exe"
EPSON Attach To Email-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x7 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x7 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x7 -SYSTEM
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Stylus Photo R285_290 Handbuch-->C:\Programme\EPSON\TPMANUAL\ESPR285_290\DEU\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVGA Display Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x7  -removeonly
ffdshow [rev 1685] [2007-12-06]-->"C:\Programme\ffdshow\unins000.exe"
Firebird SQL Server - MAGIX Edition-->C:\Programme\MAGIX\Common\Database\unwise.exe
Free YouTube to iPod Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FrostWire 4.17.2-->C:\Programme\FrostWire\Uninstall.exe
FUSSBALL MANAGER 09-->C:\Programme\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programme\google\googletoolbar1.dll"
Gorilla 2-->C:\Programme\Gorilla 2\uninstall.exe
Haali Media Splitter-->"C:\Programme\Haali\MatroskaSplitter\uninstall.exe"
Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x7
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JRAID-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x7  -removeonly
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
MAGIX Music Maker 14 Producer Edition Trial 13.0.2.1 (US)-->C:\Programme\MAGIX\MusicMaker14PE_Download_version\unwise.exe
MAGIX Screenshare 4.3.6.1987 (US)-->C:\Programme\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Media Go-->MsiExec.exe /X{C9C13822-A638-4331-99A3-4498A5901693}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft .NET Framework 4 Client Profile Beta 1-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Client Profile Beta 1\Setup.exe /repair /x86
Microsoft .NET Framework 4 Client Profile Beta 1-->MsiExec.exe /X{1DF6A8F6-5048-323F-8758-DA533CE0F07E}
Microsoft .NET Framework 4 Extended Beta 1-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Extended Beta 1\Setup.exe /repair /x86
Microsoft .NET Framework 4 Extended Beta 1-->MsiExec.exe /X{19BD09BF-3BBD-3663-A5ED-50B6B2B07E45}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010  Beta 1 x86 Redistributable - 10.0.20506-->MsiExec.exe /X{FC92E32F-6AD6-38E7-AC11-83B639CEACD8}
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Programme\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.11)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
OpenSource Flash Video Splitter (remove only)-->"C:\Programme\OpenSource Flash Video Splitter\uninstall.exe"
OTiCardReader -->C:\Programme\CardReader2.0\AdvDrvIns.exe -u "C:\Programme\CardReader2.0"
PartyPoker-->"C:\Programme\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programme\PartyGaming\PartyPoker\install.log"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
QIP 8080 Jeak-Edition-->C:\Programme\QIP\uninstall.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Real Alternative 1.9.0-->"C:\Programme\Real Alternative\unins000.exe"
RealMedia (remove only)-->"C:\Programme\RealMedia\uninstall.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Rise Of Legends-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
SHOUTcast Source (remove only)-->"C:\Programme\SHOUTcast Source\uninstall.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Songbird 0.7.0 (20080819)-->"C:\Programme\Songbird\Songbird-Uninstall.exe"
Sony Ericsson PC Suite 5.007.01-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7  /remove
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Vuze-->C:\Programme\Vuze\uninstall.exe
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zoom Player (remove only)-->"C:\Programme\Zoom Player\uninstall.exe"

der_gizmo 15.07.2009 22:27
HIer kamen mehrere Fehlermeldungen, zum einen diese hier:

Could not read the boot sector. Try adjusting the Disk Acces Level in the OPtions dialog.
Diese kam mehrfach.
Desweiteren kam noch eine weitere, nach der der Scan beendet war. Ich wieß nun nicht, ob der Scan aufgrund dieser Fehlermeldung (den Inhalt kann ich leider nicht wiedergeben, da ich zunächst annahm, es wäre wieder die obige Fehelermeldung.) beendet wurde, oder, ob er schon abgeschlossen war.

Das Ergebnis lautet wiefolgt:

Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                        2009/07/15 23:22
Program Version:                Version 1.3.2.0
Windows Version:                Windows XP SP3
==================================================

Drivers
-------------------
Name: aujasnkj.sys
Image Path: C:\DOKUME~1\kwam\LOKALE~1\Temp\aujasnkj.sys
Address: 0xAB366000        Size: 81664        File Visible: No        Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2FEA000        Size: 98304        File Visible: No        Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADC6000        Size: 8192        File Visible: No        Signed: -
Status: -

Name: ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
Image Path: C:\WINDOWS\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
Address: 0xB325D000        Size: 192512        File Visible: -        Signed: -
Status: Hidden from the Windows API!

Name: PCI_PNP8880
Image Path: \Driver\PCI_PNP8880
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAB39A000        Size: 49152        File Visible: No        Signed: -
Status: -

Name: sprs.sys
Image Path: sprs.sys
Address: 0xBA6A7000        Size: 1048576        File Visible: No        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

SSDT
-------------------
#: 041        Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xbafa977e

#: 053        Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xbafa9774

#: 063        Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xbafa9783

#: 065        Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xbafa978d

#: 071        Function Name: NtEnumerateKey
Status: Hooked by "sprs.sys" at address 0xba6c6ca2

#: 073        Function Name: NtEnumerateValueKey
Status: Hooked by "sprs.sys" at address 0xba6c7030

#: 098        Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xbafa9792

#: 119        Function Name: NtOpenKey
Status: Hooked by "sprs.sys" at address 0xba6a80c0

#: 122        Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xbafa9760

#: 128        Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xbafa9765

#: 160        Function Name: NtQueryKey
Status: Hooked by "sprs.sys" at address 0xba6c7108

#: 177        Function Name: NtQueryValueKey
Status: Hooked by "sprs.sys" at address 0xba6c6f88

#: 193        Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xbafa979c

#: 204        Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xbafa9797

#: 247        Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xbafa9788

#: 257        Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xbafa976f

Stealth Objects
-------------------
Object: Hidden Module [Name: ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll]
Process: svchost.exe (PID: 1060)        Address: 0x10000000        Address: 57344

Object: Hidden Module [Name: ESQULjwoaypplxqliosrhdgapirxxdnowqyin.dll]
Process: firefox.exe (PID: 3016)        Address: 0x10000000        Address: 241664

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System        Address: 0x8a258430        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System        Address: 0x8a0cc1f8        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System        Address: 0x8a304500        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System        Address: 0x8a304500        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a304500        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a304500        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System        Address: 0x8a304500        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a304500        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System        Address: 0x8a304500        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System        Address: 0x8a37b500        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System        Address: 0x8a37b500        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a37b500        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a37b500        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System        Address: 0x8a37b500        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System        Address: 0x8a37b500        Address: 121

Object: Hidden Code [Driver: agvko7uwЅ敓Ёఈ浍浓訍Ā, IRP_MJ_CREATE]
Process: System        Address: 0x8a2401f8        Address: 121

Object: Hidden Code [Driver: agvko7uwЅ敓Ёఈ浍浓訍Ā, IRP_MJ_CLOSE]
Process: System        Address: 0x8a2401f8        Address: 121

Object: Hidden Code [Driver: agvko7uwЅ敓Ёఈ浍浓訍Ā, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a2401f8        Address: 121

Object: Hidden Code [Driver: agvko7uwЅ敓Ёఈ浍浓訍Ā, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a2401f8        Address: 121

Object: Hidden Code [Driver: agvko7uwЅ敓Ёఈ浍浓訍Ā, IRP_MJ_POWER]
Process: System        Address: 0x8a2401f8        Address: 121

Object: Hidden Code [Driver: agvko7uwЅ敓Ёఈ浍浓訍Ā, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a2401f8        Address: 121

Object: Hidden Code [Driver: agvko7uwЅ敓Ёఈ浍浓訍Ā, IRP_MJ_PNP]
Process: System        Address: 0x8a2401f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System        Address: 0x8a323500        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System        Address: 0x8a323500        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a323500        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a323500        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System        Address: 0x8a323500        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a323500        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System        Address: 0x8a323500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System        Address: 0x89f78500        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_CREATE]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_CLOSE]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_READ]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_CLEANUP]
Process: System        Address: 0x8a0cb1f8        Address: 121

Object: Hidden Code [Driver: Cdfsȅఈ灐畳ꅰ爠, IRP_MJ_PNP]
Process: System        Address: 0x8a0cb1f8        Address: 121

==EOF==

john.doe 15.07.2009 22:47
Zitat:
ob er schon abgeschlossen war.
EOF=End of file => abgeschlossen.

Jetzt haben wir ihn, endlich :), wieder ein Neuer. :(

1.) Kontrolliere bitte folgendes:
Start => Ausführen => devmgmt.msc eingeben und [Enter] drücken
Ansicht => Ausgeblendete Geräte anzeigen => Nicht-PNP-Treiber
Ist dort etwas zu sehen, dass mit ESQUL anfängt?

2.) Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
Drivers to delete:
aujasnkj.sys
ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
gusvc
GMSIPCI
agvko7uw

Registry keys to delete:
HKLM\SYSTEM\ControlSet001\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
HKLM\SYSTEM\ControlSet002\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
HKLM\SYSTEM\ControlSet003\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
HKLM\SYSTEM\ControlSet004\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys

Files to delete:
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe
C:\WINDOWS\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
C:\WINDOWS\system32\drivers\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll
C:\WINDOWS\system32\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll
http://saved.im/mzi3ndg3nta0/aven.jpg
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

3.) Poste ein neues Rootrepeal-Log.

der_gizmo 15.07.2009 23:06
Nein, nichts zu sehen. Gutes oder schlechtes Zeichen?

Wenn ich zum Avenger navigieren will, meldet AntiVir:
Achtung Fund!
C:\Avenger\b.exe
Ist das Trojanische Pferd TR/Dldr.Zlob.LL

der_gizmo 15.07.2009 23:08
Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ESQULserv.sys" found!
ImagePath:  \systemroot\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
Start Type:  1 (System)

Rootkit scan completed.


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\aujasnkj.sys" not found!
Deletion of driver "aujasnkj.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" not found!
Deletion of driver "ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Driver "gusvc" deleted successfully.
Driver "GMSIPCI" deleted successfully.

Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\agvko7uw" not found!
Deletion of driver "agvko7uw" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\SYSTEM\ControlSet001\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\SYSTEM\ControlSet002\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\SYSTEM\ControlSet003\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\SYSTEM\ControlSet004\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet004\Services\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\tasks\AppleSoftwareUpdate.job" deleted successfully.
File "C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job" deleted successfully.
File "C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job" deleted successfully.
File "C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe" deleted successfully.
File "C:\WINDOWS\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" deleted successfully.

Error:  file "C:\WINDOWS\system32\drivers\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll" not found!
Deletion of file "C:\WINDOWS\system32\drivers\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\system32\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

john.doe 15.07.2009 23:12
Code:
Gutes oder schlechtes Zeichen?
Schlecht, die ließen sich früher dort ganz einfach austricksen. Mittlerweile zeigt selbst Gmer nichts mehr an. Es wird immer schwieriger die zu finden.

Hast du mit Avenger schon gelöscht? Falls ja,

1.) Deaktiviere den Wächter von Avira.

2.) Im Ordner Avenger sollte eine backup.zip sein. Falls nicht, dann packe den kompletten Avengerordner mit Rar oder Zip, lade die Datei bei einem Filehoster hoch (z.B. www.materialordner.de) und schicke mir den Link als Private Nachricht.

3.) Aktiviere den Wächter von Avira.

ciao, andreas

der_gizmo 15.07.2009 23:15
Nein, ich hab noch nichts gemacht (Wüsste auch nicht, wie ich das anstell^^).

Ich warte momentan darauf, dass RootRepeal fertig wird, dauert dieses Mal bedeutend länger als vorhin.

john.doe 15.07.2009 23:21
Ich habe einen Fehler gemacht, neues Skript für Avenger.
Code:
Drivers to delete:
ESQULserv.sys

Registry keys to delete:
HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys
HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys
HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys
HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys

Files to delete:
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe
C:\WINDOWS\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys
C:\WINDOWS\system32\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll
Bitte sofort nach dem Log von Rootrepeal ausführen.

ciao, andreas

der_gizmo 15.07.2009 23:28
Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                        2009/07/16 00:17
Program Version:                Version 1.3.2.0
Windows Version:                Windows XP SP3
==================================================

Drivers
-------------------
Name: dpqo.sys
Image Path: dpqo.sys
Address: 0xBA8A8000        Size: 61440        File Visible: No        Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2D93000        Size: 98304        File Visible: No        Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE0E000        Size: 8192        File Visible: No        Signed: -
Status: -

Name: PCI_PNP8976
Image Path: \Driver\PCI_PNP8976
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBAAA8000        Size: 49152        File Visible: No        Signed: -
Status: -

Name: spaa.sys
Image Path: spaa.sys
Address: 0xBA6A7000        Size: 1048576        File Visible: No        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\dokumente und einstellungen\kwam\lokale einstellungen\anwendungsdaten\mozilla\firefox\profiles\rf06ey9t.default\cache\c2857b96d01
Status: Size mismatch (API: 34238, Raw: 36661)

SSDT
-------------------
#: 041        Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xbaf9a60e

#: 053        Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xbaf9a604

#: 063        Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xbaf9a613

#: 065        Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xbaf9a61d

#: 071        Function Name: NtEnumerateKey
Status: Hooked by "spaa.sys" at address 0xba6c6ca2

#: 073        Function Name: NtEnumerateValueKey
Status: Hooked by "spaa.sys" at address 0xba6c7030

#: 098        Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xbaf9a622

#: 119        Function Name: NtOpenKey
Status: Hooked by "spaa.sys" at address 0xba6a80c0

#: 122        Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xbaf9a5f0

#: 128        Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xbaf9a5f5

#: 160        Function Name: NtQueryKey
Status: Hooked by "spaa.sys" at address 0xba6c7108

#: 177        Function Name: NtQueryValueKey
Status: Hooked by "spaa.sys" at address 0xba6c6f88

#: 193        Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xbaf9a62c

#: 204        Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xbaf9a627

#: 247        Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xbaf9a618

#: 257        Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xbaf9a5ff

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System        Address: 0x8a5a11f8        Address: 121

Object: Hidden Code [Driver: a26nmpe8ࠅఈ浍浓着註C, IRP_MJ_CREATE]
Process: System        Address: 0x8a2741f8        Address: 121

Object: Hidden Code [Driver: a26nmpe8ࠅఈ浍浓着註C, IRP_MJ_CLOSE]
Process: System        Address: 0x8a2741f8        Address: 121

Object: Hidden Code [Driver: a26nmpe8ࠅఈ浍浓着註C, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a2741f8        Address: 121

Object: Hidden Code [Driver: a26nmpe8ࠅఈ浍浓着註C, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a2741f8        Address: 121

Object: Hidden Code [Driver: a26nmpe8ࠅఈ浍浓着註C, IRP_MJ_POWER]
Process: System        Address: 0x8a2741f8        Address: 121

Object: Hidden Code [Driver: a26nmpe8ࠅఈ浍浓着註C, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a2741f8        Address: 121

Object: Hidden Code [Driver: a26nmpe8ࠅఈ浍浓着註C, IRP_MJ_PNP]
Process: System        Address: 0x8a2741f8        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System        Address: 0x8a2b7400        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP]
Process: System        Address: 0x8a5a21f8        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System        Address: 0x8a0e7310        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System        Address: 0x8a33d1f8        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System        Address: 0x8a33d1f8        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a33d1f8        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a33d1f8        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System        Address: 0x8a33d1f8        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a33d1f8        Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System        Address: 0x8a33d1f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System        Address: 0x8a5a31f8        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System        Address: 0x882121f8        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System        Address: 0x882121f8        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x882121f8        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x882121f8        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System        Address: 0x882121f8        Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System        Address: 0x882121f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System        Address: 0x8a30f1f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System        Address: 0x8a30f1f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a30f1f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8a30f1f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System        Address: 0x8a30f1f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8a30f1f8        Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System        Address: 0x8a30f1f8        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System        Address: 0x899c3500        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_CREATE]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_CLOSE]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_READ]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_CLEANUP]
Process: System        Address: 0x8a0b92b8        Address: 121

Object: Hidden Code [Driver: Cdfsȅః杇獬ί, IRP_MJ_PNP]
Process: System        Address: 0x8a0b92b8        Address: 121

Hidden Services
-------------------
Service Name: ESQULserv.sys
Image PathC:\WINDOWS\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys

==EOF==
wird gemacht :)

der_gizmo 15.07.2009 23:35
Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "ESQULserv.sys" deleted successfully.

Error:  registry key "HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet003\Services\ESQULserv.sys" deleted successfully.

Error:  registry key "HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job" not found!
Deletion of file "C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job" not found!
Deletion of file "C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe" not found!
Deletion of file "C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\ESQULfilmctpitjlkdnwynadxrykqgxtfhmto.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll" not found!
Deletion of file "C:\WINDOWS\system32\ESQULcrlbgpsvaxtvndqqnxxoquvgvupxtvyk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

john.doe 15.07.2009 23:42
Jetzt arbeite bitte das ab => http://www.trojaner-board.de/448377-post24.html

Die Programme sollten jetzt wieder alle laufen. Kannst mit ComboFix anfangen, danach Malwarebytes.

ciao, andreas

der_gizmo 16.07.2009 00:03
Also, ComboFix lief nun prima :)
Hier der Report:

Code:
ComboFix 09-07-14.08 - kwam 16.07.2009  0:53.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1510 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\kwam\Desktop\combo-fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\windows\system32\ESQULjwoaypplxqliosrhdgapirxxdnowqyin.dll
c:\windows\system32\ic32.dll
c:\windows\system32\msxml71.dll
c:\windows\system32\wk32.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2009-06-15 bis 2009-07-15  ))))))))))))))))))))))))))))))
.

2009-07-15 22:29 . 2009-07-15 22:29        574        ----a-w-        C:\cleanup.bat
2009-07-15 22:29 . 2009-07-15 22:29        135168        ----a-w-        C:\zip.exe
2009-07-15 20:13 . 2009-07-15 20:13        --------        d-----w-        c:\programme\CCleaner
2009-07-15 17:40 . 2009-07-15 17:40        --------        d-----w-        C:\rsit
2009-07-15 13:15 . 2009-07-13 11:36        38160        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 13:15 . 2009-07-15 13:15        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2009-07-15 13:15 . 2009-07-15 13:15        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-15 13:15 . 2009-07-13 11:36        19096        ----a-w-        c:\windows\system32\drivers\mbam.sys
2009-07-14 20:35 . 2009-07-15 17:41        --------        d-----w-        c:\programme\Trend Micro
2009-07-14 18:45 . 2009-07-14 18:45        69632        ----a-w-        c:\windows\system32\drivers\geyekrvtjiqjml.sys
2009-07-14 18:38 . 2009-07-14 18:38        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\MAGIX
2009-07-14 18:23 . 2001-05-11 11:18        420240        ----a-w-        c:\windows\system32\mpg4c32.dll
2009-07-14 18:23 . 2001-05-16 15:54        309616        ----a-w-        c:\windows\system32\wmv8dmod.dll
2009-07-14 18:21 . 2007-04-27 08:43        120200        ----a-w-        c:\windows\system32\DLLDEV32i.dll
2009-07-14 18:21 . 2009-07-14 18:22        --------        d-----w-        c:\windows\system32\MAGIX
2009-07-14 18:21 . 2008-04-15 14:14        700416        ----a-w-        c:\windows\system32\mgxoschk.dll
2009-07-14 17:27 . 2009-07-14 17:27        --------        d-----w-        c:\programme\Audacity
2009-07-09 21:09 . 2009-07-09 21:09        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
2009-07-07 16:30 . 2009-07-08 14:16        96104        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2009-07-07 16:30 . 2009-07-08 14:16        55640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2009-07-07 16:30 . 2009-02-13 09:29        22360        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2009-07-07 16:30 . 2009-02-13 09:17        45416        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2009-07-07 16:30 . 2009-07-07 16:30        --------        d-----w-        c:\programme\Avira
2009-07-07 16:30 . 2009-07-07 16:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-07-06 20:52 . 2009-07-06 20:52        --------        d-----w-        c:\dokumente und einstellungen\kwam\Library
2009-07-06 20:52 . 2009-07-06 20:52        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\com.adobe.ExMan
2009-07-02 19:11 . 2009-07-02 19:11        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Apple Computer
2009-06-22 13:26 . 2009-06-22 13:26        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\BVRP Software
2009-06-22 13:15 . 2009-06-22 13:15        --------        d-----w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\Sony
2009-06-22 13:12 . 2009-06-22 13:12        --------        d-----w-        c:\programme\Gemeinsame Dateien\Sony Shared
2009-06-22 13:11 . 2009-06-22 13:11        --------        d-----w-        c:\programme\Sony
2009-06-22 13:09 . 2009-06-22 13:09        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2009-06-22 13:09 . 2009-06-22 13:09        --------        d-----w-        c:\programme\QuickTime
2009-06-22 13:09 . 2009-06-22 13:09        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\Apple
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\programme\Apple Software Update
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2009-06-22 13:08 . 2009-06-22 13:28        --------        d-----w-        c:\windows\system32\drivers\UMDF
2009-06-22 13:05 . 2009-06-22 13:05        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Sony

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 19:51 . 2009-03-03 19:47        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Winamp
2009-07-15 13:40 . 2008-10-23 15:51        42360        ----a-w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-07-14 20:06 . 2008-10-23 15:52        --------        d-----w-        c:\programme\Warcraft III
2009-07-14 18:22 . 2009-07-14 18:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MAGIX
2009-07-14 18:21 . 2008-12-23 22:40        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Azureus
2009-07-10 19:15 . 2008-10-24 20:20        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\FrostWire
2009-07-10 18:10 . 2008-10-25 00:11        --------        d-----w-        c:\programme\Microsoft Games
2009-07-10 14:06 . 2008-12-23 16:31        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Skype
2009-07-10 14:01 . 2008-12-23 16:32        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\skypePM
2009-07-02 19:16 . 2009-03-08 20:51        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-07-02 19:16 . 2009-03-08 20:51        --------        d-----w-        c:\programme\DVDVideoSoft
2009-06-22 13:22 . 2009-06-22 13:22        148736        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe146.dll
2009-06-22 13:22 . 2009-06-22 13:22        148736        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe146.dll
2009-06-22 13:22 . 2008-10-24 20:01        --------        d-----w-        c:\programme\Sony Ericsson
2009-06-22 13:22 . 2008-10-22 17:32        --------        d--h--w-        c:\programme\InstallShield Installation Information
2009-06-11 17:33 . 2009-06-11 17:33        --------        d-sh--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\System Restore
2009-06-11 01:41 . 2009-06-11 01:41        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Canneverbe_Limited
2009-06-11 01:41 . 2009-06-11 01:41        --------        d-----w-        c:\programme\CDBurnerXP
2009-06-05 23:05 . 2008-10-31 16:23        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe
2009-06-05 18:05 . 2009-06-05 18:05        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2009-06-05 17:41 . 2009-06-05 17:41        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ALM
2009-06-05 17:15 . 2009-06-05 17:15        --------        d-----w-        c:\programme\Adobe Media Player
2009-06-05 17:13 . 2009-06-05 17:13        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe AIR
2009-06-05 17:07 . 2009-06-05 17:07        --------        d-----w-        c:\programme\Gemeinsame Dateien\Macrovision Shared
2009-06-05 16:56 . 2006-02-28 12:00        96862        ----a-w-        c:\windows\system32\perfc007.dat
2009-06-05 16:56 . 2006-02-28 12:00        505988        ----a-w-        c:\windows\system32\perfh007.dat
2009-06-05 16:56 . 2009-06-05 16:56        64312        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-06-05 16:55 . 2009-06-05 16:55        --------        d-----w-        c:\programme\MSBuild
2009-06-04 22:58 . 2009-06-04 22:58        --------        d-----w-        c:\programme\Reference Assemblies
2009-05-07 15:32 . 2006-02-28 12:00        348160        ----a-w-        c:\windows\system32\localspl.dll
2009-05-06 09:29 . 2009-05-06 09:29        17744        ----a-w-        c:\windows\system32\aspnet_counters.dll
2009-05-06 07:08 . 2009-05-06 07:08        70456        ----a-w-        c:\windows\system32\dxva2.dll
2009-05-06 07:08 . 2009-05-06 07:08        489800        ----a-w-        c:\windows\system32\evr.dll
2009-05-06 07:08 . 2009-05-06 07:08        13120        ----a-w-        c:\windows\system32\mscorier.dll
2009-05-06 07:08 . 2009-05-06 07:08        103304        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0400.dll
2009-05-06 06:13 . 2009-05-06 06:13        76648        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2009-05-06 06:13 . 2009-05-06 06:13        404320        ----a-w-        c:\windows\system32\PresentationHost.exe
2009-05-06 06:13 . 2009-05-06 06:13        291152        ----a-w-        c:\windows\system32\mscoree.dll
2009-05-06 06:13 . 2009-05-06 06:13        158048        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2009-05-06 06:13 . 2009-05-06 06:13        14160        ----a-w-        c:\windows\system32\netfxperf.dll
2009-05-06 06:13 . 2009-05-06 06:13        1083720        ----a-w-        c:\windows\system32\dfshim.dll
2009-04-29 04:33 . 2006-02-28 12:00        672256        ----a-w-        c:\windows\system32\wininet.dll
2009-04-29 04:33 . 2006-02-28 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2009-04-19 19:46 . 2006-02-28 12:00        1847296        ----a-w-        c:\windows\system32\win32k.sys
2009-06-12 17:33 . 2008-10-24 17:38        134648        ----a-w-        c:\programme\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative Detector"="c:\programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-02-16 405504]
"ICQ"="c:\programme\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-13 7606272]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"D-Link AirPlus G"="c:\programme\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
"ANIWZCS2Service"="c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-20 385024]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-02-25 37888]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-13 1519616]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-05-13 86016]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-07 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2005-08-07 18944]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-04 16206848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\FrostWire\\FrostWire.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Dokumente und Einstellungen\\kwam\\Desktop\\dud\\Age Of Empires 2 & The Conquerors Expansion -\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [07.07.2009 18:30 108289]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [08.12.2008 20:23 222456]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22.06.2009 15:22 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22.06.2009 15:22 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22.06.2009 15:22 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [22.06.2009 15:22 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [22.06.2009 15:22 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22.06.2009 15:22 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22.06.2009 15:22 109736]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 05:46 284016]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [06.05.2009 09:08 104272]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe --> c:\programme\MAGIX\Common\Database\bin\fbserver.exe [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com/?o=101677&l=dis
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
FF - ProfilePath - c:\dokumente und einstellungen\kwam\Anwendungsdaten\Mozilla\Firefox\Profiles\rf06ey9t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.startup.homepage - www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programme\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 00:59
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-602162358-861567501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4253CC67-8266-6CC7-E300-0AFF8DB0ABBD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaekjkbfbepihimmfanddhhpkpmmmg"=hex:64,61,64,69,70,62,61,63,00,85
"oailjhhlcmlbmnhbkmoclnfonplpan"=hex:6a,61,64,69,70,62,6f,63,6c,70,62,6a,6b,69,
  6a,6e,6c,61,69,6a,00,0f
"nacipnbaldjcfbiifafcoeinhgmo"=hex:6a,61,64,69,70,62,6f,63,6c,70,62,6a,6b,69,
  6a,6e,6c,61,69,6a,00,02
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2009-07-15  1:01
ComboFix-quarantined-files.txt  2009-07-15 23:01

Vor Suchlauf: 8 Verzeichnis(se), 134.340.575.232 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 134.466.969.600 Bytes frei

221        --- E O F ---        2009-06-23 22:06

john.doe 16.07.2009 00:11
Stop. Malwarebytes noch nicht einsetzen. Wir müssen erstmal Scripten. Morgen geht es weiter.

ciao, andreas

der_gizmo 16.07.2009 00:14
Ok, Scan ist abgebrochen. Gute nacht!

john.doe 16.07.2009 17:55
1.) Deinstalliere:
  • AdAware (Schrott)
  • Frostwire (Virenschleuder)
  • uTorrent (Virenschleuder)
  • Vuze (Virenschleuder)
2.) Scripten mit Combofix
  • Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:
Code:
KILLALL::

RegNull::
[HKEY_USERS\S-1-5-21-602162358-861567501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4253CC67-8266-6CC7-E300-0AFF8DB0ABBD}*]

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=-
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
"Adobe Acrobat Speed Launcher"=-
"QuickTime Task"=-
"nwiz"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\FrostWire\\FrostWire.exe"=-
"c:\\Programme\\uTorrent\\uTorrent.exe"=-
"c:\\Programme\\Vuze\\Azureus.exe"=-

Folder::
C:\rsit
C:\avenger

File::
C:\cleanup.bat
C:\zip.exe
c:\windows\system32\drivers\geyekrvtjiqjml.sys

DirLook::
C:\WINDOWS\system32\driver

Dirlook::
C:\WINDOWS\system32
Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt
  • Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!
http://users.pandora.be/bluepatchy/m...s/CFScript.gif
  • Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.


Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

der_gizmo 16.07.2009 19:24
Uff, 955213 Zeichen...
Gibt es bestimmte Bereiche, die ich außen vor lassen kann?
Knapp ne Million Zeichen, d.h. ich müsste 40 Posts erstellen, um das gesamte Log zu posten.

Oder soll ich den Report eventuell irgendwo hosten und dir dann den Link per PN schicken?

john.doe 16.07.2009 19:55
Ja. Lade es hoch, den Link kannst du diesesmal posten. Hier lesen ja noch andere mit. Da du etwas ganz Neues hast, bist du ein interessanter Fall.

Du hast ja schon gemerkt, dass wir etwas am Schwimmen sind, weil wir noch nicht wissen, mit welchen Programmen wir die aufspüren und kleinkriegen.

Erstelle bitte ein neues Gmer-Log, das sollte jetzt wieder vernünftig funktionieren. Da ist ein Fund, der auf mehr hindeutet.

ciao, andreas

der_gizmo 16.07.2009 20:02
http://www.materialordner.de/ui9IOUV7VYEGTYjwftLVb41S6rAIsR3.html

ComboFix ist beim ersten Start nach knapp 5 Minuten abgestürzt, im zweiten Anlauf hat es dann geklappt. Ich hoffe, dieser Umstand beeinflusste das Log nicht in irgendeiner Weise.

john.doe 16.07.2009 21:14
Zitat:
Ich hoffe, dieser Umstand beeinflusste das Log nicht in irgendeiner Weise.
Nein, Log ist OK.

Sobald Gmer fertig ist, füttere Combofix mit diesem Script:

Code:
KILLALL::

Rootkit::
c:\windows\system32\drivers\geyekrvtjiqjml.sys

File::
c:\windows\system32\drivers\geyekrvtjiqjml.sys
c:\windows\system32\ESQULzcounter
ciao, andreas

der_gizmo 16.07.2009 21:14
Ich bin gerade von einem Laptop aus online.
Der GMER-Scan dauert nun bereits eine Stunde. Ich muss nun aber außer Haus, ich lasse das Programm weiterlaufen und liefer morgen das Ergebnis nach.

Gruß

john.doe 16.07.2009 21:22
Alles klar.

Gute Nacht, andreas

der_gizmo 17.07.2009 05:52
Code:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-17 06:50:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT      BAF485C6                                                                                                ZwCreateKey
SSDT      BAF485BC                                                                                                ZwCreateThread
SSDT      BAF485CB                                                                                                ZwDeleteKey
SSDT      BAF485D5                                                                                                ZwDeleteValueKey
SSDT      spat.sys                                                                                                ZwEnumerateKey [0xBA6C6CA2]
SSDT      spat.sys                                                                                                ZwEnumerateValueKey [0xBA6C7030]
SSDT      BAF485DA                                                                                                ZwLoadKey
SSDT      spat.sys                                                                                                ZwOpenKey [0xBA6A80C0]
SSDT      BAF485A8                                                                                                ZwOpenProcess
SSDT      BAF485AD                                                                                                ZwOpenThread
SSDT      spat.sys                                                                                                ZwQueryKey [0xBA6C7108]
SSDT      spat.sys                                                                                                ZwQueryValueKey [0xBA6C6F88]
SSDT      BAF485E4                                                                                                ZwReplaceKey
SSDT      BAF485DF                                                                                                ZwRestoreKey
SSDT      BAF485D0                                                                                                ZwSetValueKey
SSDT      BAF485B7                                                                                                ZwTerminateProcess

INT 0x62  ?                                                                                                        8A613BF8
INT 0x63  ?                                                                                                        8A613BF8
INT 0x63  ?                                                                                                        8A613BF8
INT 0x63  ?                                                                                                        8A347BF8
INT 0x73  ?                                                                                                        8A5A5BF8
INT 0x73  ?                                                                                                        8A5A5BF8
INT 0x83  ?                                                                                                        8A347BF8
INT 0xA4  ?                                                                                                        8A347BF8
INT 0xB4  ?                                                                                                        8A347BF8

Code      \??\C:\DOKUME~1\kwam\LOKALE~1\Temp\catchme.sys                                                          pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?        spat.sys                                                                                                Das System kann die angegebene Datei nicht finden. !
?        Combo-Fix.sys                                                                                            Das System kann die angegebene Datei nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                    B9B918AC 5 Bytes  JMP 8A3471D8
.text    a0z37rxp.SYS                                                                                            B99FB386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text    a0z37rxp.SYS                                                                                            B99FB3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text    a0z37rxp.SYS                                                                                            B99FB3C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text    a0z37rxp.SYS                                                                                            B99FB3C9 1 Byte  [2E]
.text    a0z37rxp.SYS                                                                                            B99FB3C9 11 Bytes  [2E, 00, 00, 00, 5A, 02, 00, ...]
.text    ...                                                                                                     
?        C:\DOKUME~1\kwam\LOKALE~1\Temp\catchme.sys                                                              Das System kann die angegebene Datei nicht finden. !
?        C:\WINDOWS\system32\Drivers\PROCEXP90.SYS                                                                Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text    C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3940] USER32.dll!DefWindowProcA + 11A    7E37C298 7 Bytes  JMP 10034820 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text    C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3940] USER32.dll!SetWindowRgn + 2BD      7E37E7E5 7 Bytes  JMP 10034790 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text    C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[3940] USER32.dll!SetClipboardData + 19D  7E38113B 7 Bytes  JMP 10034800 C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                      [BA6A9040] spat.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                              [BA6A913C] spat.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                      [BA6A90BE] spat.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                              [BA6A97FC] spat.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                      [BA6A96D2] spat.sys
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!KfAcquireSpinLock]                                    C0840CEC
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!READ_PORT_UCHAR]                                      053C0D74
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!KeGetCurrentIrql]                                      57B80974
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!KfRaiseIrql]                                          8B000000
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!KfLowerIrql]                                          56C35DE5
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!HalGetInterruptVector]                                8D08758B
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!HalTranslateBusAddress]                                8D51FC4D
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!KeStallExecutionProcessor]                            8D52FD55
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!KfReleaseSpinLock]                                    8D51FE4D
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                              8D52FF55
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!READ_PORT_USHORT]                                      8D51F84D
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                              5052F455
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[HAL.dll!WRITE_PORT_UCHAR]                                      EACAE856
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[WMILIB.SYS!WmiSystemControl]                                  0FC08520
IAT      \SystemRoot\System32\Drivers\a0z37rxp.SYS[WMILIB.SYS!WmiCompleteRequest]                                0001B185

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                  8A5A11F8
Device    \Driver\NetBT \Device\NetBT_Tcpip_{2833BB1A-0A93-49A6-A6B6-03EA4ACA14FF}                                881631F8
Device    \Driver\usbuhci \Device\USBPDO-0                                                                        8A3461F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                        8A3461F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                        8A3461F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                        8A3461F8
Device    \Driver\usbehci \Device\USBPDO-4                                                                        8A3191F8
Device    \Driver\sptd \Device\504281998                                                                          spat.sys
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                  8A5A31F8
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                  8A5A31F8
Device    \Driver\Cdrom \Device\CdRom0                                                                            8A2B3500
Device    \Driver\Cdrom \Device\CdRom1                                                                            8A2B3500
Device    \Driver\Cdrom \Device\CdRom2                                                                            8A2B3500
Device    \Driver\usbstor \Device\00000081                                                                        89D38500
Device    \Driver\usbstor \Device\00000082                                                                        89D38500
Device    \Driver\usbstor \Device\00000083                                                                        89D38500
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                  881631F8
Device    \Driver\usbstor \Device\00000084                                                                        89D38500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                        881631F8
Device    \Driver\PCI_PNP3248 \Device\0000004c                                                                    spat.sys
Device    \Driver\usbuhci \Device\USBFDO-0                                                                        8A3461F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                        8A3461F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                        8813C1F8
Device    \Driver\usbuhci \Device\USBFDO-2                                                                        8A3461F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                              8813C1F8
Device    \Driver\usbstor \Device\0000007c                                                                        89D38500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                        8A3461F8
Device    \Driver\usbehci \Device\USBFDO-4                                                                        8A3191F8
Device    \Driver\Ftdisk \Device\FtControl                                                                        8A5A31F8
Device    \Driver\a0z37rxp \Device\Scsi\a0z37rxp1Port5Path0Target0Lun0                                            8A21E1F8
Device    \Driver\a0z37rxp \Device\Scsi\a0z37rxp1                                                                  8A21E1F8
Device    \Driver\JRAID \Device\Scsi\JRAID1                                                                        8A5A21F8
Device    \FileSystem\Cdfs \Cdfs                                                                                  89D26500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                      771343423
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                      285507792
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                      1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                      C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                      0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                  0x72 0x96 0xB4 0xD9 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001               
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh          0x87 0x4C 0xCA 0xDF ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh    0xD6 0x9B 0x68 0x63 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                           
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                          C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                          0
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                      0x72 0x96 0xB4 0xD9 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                   
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh              0x87 0x4C 0xCA 0xDF ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40             
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh        0xD6 0x9B 0x68 0x63 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                           
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                          C:\Programme\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                          0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                      0x72 0x96 0xB4 0xD9 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                   
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh              0x87 0x4C 0xCA 0xDF ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40             
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh        0xD6 0x9B 0x68 0x63 ...

---- EOF - GMER 1.0.15 ----
Combofix ist heute mittag wieder an der Reihe :)

der_gizmo 17.07.2009 12:50
Code:
ComboFix 09-07-14.08 - kwam 17.07.2009  9:36.4.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2046.1466 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\kwam\Desktop\combo-fix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\kwam\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\drivers\geyekrvtjiqjml.sys"
"c:\windows\system32\ESQULzcounter"
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ESQULzcounter

.
(((((((((((((((((((((((  Dateien erstellt von 2009-06-17 bis 2009-07-17  ))))))))))))))))))))))))))))))
.

2009-07-15 23:03 . 2009-07-15 23:03        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Malwarebytes
2009-07-15 20:13 . 2009-07-15 20:13        --------        d-----w-        c:\programme\CCleaner
2009-07-15 13:15 . 2009-07-13 11:36        38160        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 13:15 . 2009-07-15 13:15        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2009-07-15 13:15 . 2009-07-15 13:15        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-15 13:15 . 2009-07-13 11:36        19096        ----a-w-        c:\windows\system32\drivers\mbam.sys
2009-07-14 20:35 . 2009-07-15 17:41        --------        d-----w-        c:\programme\Trend Micro
2009-07-14 18:38 . 2009-07-14 18:38        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\MAGIX
2009-07-14 18:23 . 2001-05-11 11:18        420240        ----a-w-        c:\windows\system32\mpg4c32.dll
2009-07-14 18:23 . 2001-05-16 15:54        309616        ----a-w-        c:\windows\system32\wmv8dmod.dll
2009-07-14 18:21 . 2007-04-27 08:43        120200        ----a-w-        c:\windows\system32\DLLDEV32i.dll
2009-07-14 18:21 . 2009-07-14 18:22        --------        d-----w-        c:\windows\system32\MAGIX
2009-07-14 18:21 . 2008-04-15 14:14        700416        ----a-w-        c:\windows\system32\mgxoschk.dll
2009-07-14 17:27 . 2009-07-14 17:27        --------        d-----w-        c:\programme\Audacity
2009-07-09 21:09 . 2009-07-09 21:09        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
2009-07-07 16:30 . 2009-07-08 14:16        96104        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2009-07-07 16:30 . 2009-07-08 14:16        55640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2009-07-07 16:30 . 2009-02-13 09:29        22360        ----a-w-        c:\windows\system32\drivers\avgntmgr.sys
2009-07-07 16:30 . 2009-02-13 09:17        45416        ----a-w-        c:\windows\system32\drivers\avgntdd.sys
2009-07-07 16:30 . 2009-07-07 16:30        --------        d-----w-        c:\programme\Avira
2009-07-07 16:30 . 2009-07-07 16:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-07-06 20:52 . 2009-07-06 20:52        --------        d-----w-        c:\dokumente und einstellungen\kwam\Library
2009-07-06 20:52 . 2009-07-06 20:52        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\com.adobe.ExMan
2009-07-02 19:11 . 2009-07-02 19:11        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Apple Computer
2009-06-22 13:26 . 2009-06-22 13:26        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\BVRP Software
2009-06-22 13:15 . 2009-06-22 13:15        --------        d-----w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\Sony
2009-06-22 13:12 . 2009-06-22 13:12        --------        d-----w-        c:\programme\Gemeinsame Dateien\Sony Shared
2009-06-22 13:11 . 2009-06-22 13:11        --------        d-----w-        c:\programme\Sony
2009-06-22 13:09 . 2009-06-22 13:09        --------        d-----w-        c:\programme\Gemeinsame Dateien\Apple
2009-06-22 13:09 . 2009-06-22 13:09        --------        d-----w-        c:\programme\QuickTime
2009-06-22 13:09 . 2009-06-22 13:09        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\Apple
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\programme\Apple Software Update
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2009-06-22 13:08 . 2009-06-22 13:08        --------        d-----w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2009-06-22 13:08 . 2009-06-22 13:28        --------        d-----w-        c:\windows\system32\drivers\UMDF
2009-06-22 13:05 . 2009-06-22 13:05        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Sony

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 18:25 . 2009-03-03 19:47        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Winamp
2009-07-16 17:38 . 2008-11-22 01:09        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-07-16 13:52 . 2008-10-24 20:20        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\FrostWire
2009-07-15 13:40 . 2008-10-23 15:51        42360        ----a-w-        c:\dokumente und einstellungen\kwam\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-07-14 20:06 . 2008-10-23 15:52        --------        d-----w-        c:\programme\Warcraft III
2009-07-14 18:22 . 2009-07-14 18:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\MAGIX
2009-07-14 18:21 . 2008-12-23 22:40        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Azureus
2009-07-10 18:10 . 2008-10-25 00:11        --------        d-----w-        c:\programme\Microsoft Games
2009-07-10 14:06 . 2008-12-23 16:31        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Skype
2009-07-10 14:01 . 2008-12-23 16:32        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\skypePM
2009-07-02 19:16 . 2009-03-08 20:51        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-07-02 19:16 . 2009-03-08 20:51        --------        d-----w-        c:\programme\DVDVideoSoft
2009-06-22 13:22 . 2009-06-22 13:22        148736        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe146.dll
2009-06-22 13:22 . 2009-06-22 13:22        148736        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe146.dll
2009-06-22 13:22 . 2008-10-24 20:01        --------        d-----w-        c:\programme\Sony Ericsson
2009-06-22 13:22 . 2008-10-22 17:32        --------        d--h--w-        c:\programme\InstallShield Installation Information
2009-06-16 14:36 . 2006-02-28 12:00        81920        ----a-w-        c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00        119808        ----a-w-        c:\windows\system32\t2embed.dll
2009-06-11 17:33 . 2009-06-11 17:33        --------        d-sh--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\System Restore
2009-06-11 01:41 . 2009-06-11 01:41        --------        d-----w-        c:\dokumente und einstellungen\kwam\Anwendungsdaten\Canneverbe_Limited
2009-06-11 01:41 . 2009-06-11 01:41        --------        d-----w-        c:\programme\CDBurnerXP
2009-06-05 23:05 . 2008-10-31 16:23        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe
2009-06-05 18:05 . 2009-06-05 18:05        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2009-06-05 17:41 . 2009-06-05 17:41        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ALM
2009-06-05 17:15 . 2009-06-05 17:15        --------        d-----w-        c:\programme\Adobe Media Player
2009-06-05 17:13 . 2009-06-05 17:13        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe AIR
2009-06-05 17:07 . 2009-06-05 17:07        --------        d-----w-        c:\programme\Gemeinsame Dateien\Macrovision Shared
2009-06-05 16:56 . 2006-02-28 12:00        96862        ----a-w-        c:\windows\system32\perfc007.dat
2009-06-05 16:56 . 2006-02-28 12:00        505988        ----a-w-        c:\windows\system32\perfh007.dat
2009-06-05 16:56 . 2009-06-05 16:56        64312        ----a-w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-06-05 16:55 . 2009-06-05 16:55        --------        d-----w-        c:\programme\MSBuild
2009-06-04 22:58 . 2009-06-04 22:58        --------        d-----w-        c:\programme\Reference Assemblies
2009-06-03 19:09 . 2006-02-28 12:00        1296896        ----a-w-        c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2006-02-28 12:00        348160        ----a-w-        c:\windows\system32\localspl.dll
2009-05-06 09:29 . 2009-05-06 09:29        17744        ----a-w-        c:\windows\system32\aspnet_counters.dll
2009-05-06 07:08 . 2009-05-06 07:08        70456        ----a-w-        c:\windows\system32\dxva2.dll
2009-05-06 07:08 . 2009-05-06 07:08        489800        ----a-w-        c:\windows\system32\evr.dll
2009-05-06 07:08 . 2009-05-06 07:08        13120        ----a-w-        c:\windows\system32\mscorier.dll
2009-05-06 07:08 . 2009-05-06 07:08        103304        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0400.dll
2009-05-06 06:13 . 2009-05-06 06:13        76648        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2009-05-06 06:13 . 2009-05-06 06:13        404320        ----a-w-        c:\windows\system32\PresentationHost.exe
2009-05-06 06:13 . 2009-05-06 06:13        291152        ----a-w-        c:\windows\system32\mscoree.dll
2009-05-06 06:13 . 2009-05-06 06:13        158048        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2009-05-06 06:13 . 2009-05-06 06:13        14160        ----a-w-        c:\windows\system32\netfxperf.dll
2009-05-06 06:13 . 2009-05-06 06:13        1083720        ----a-w-        c:\windows\system32\dfshim.dll
2009-04-29 04:33 . 2006-02-28 12:00        672256        ----a-w-        c:\windows\system32\wininet.dll
2009-04-29 04:33 . 2006-02-28 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2009-04-19 19:46 . 2006-02-28 12:00        1847296        ----a-w-        c:\windows\system32\win32k.sys
2009-06-12 17:33 . 2008-10-24 17:38        134648        ----a-w-        c:\programme\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((  SnapShot@2009-07-15_22.59.31  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-17 07:58 . 2009-07-17 07:58        16384              c:\windows\temp\Perflib_Perfdata_730.dat
+ 2009-06-23 22:05 . 2008-07-08 13:00        18808              c:\windows\system32\spmsg.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36        81920              c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36        119808              c:\windows\system32\dllcache\t2embed.dll
+ 2008-05-07 05:10 . 2009-06-03 19:09        1296896              c:\windows\system32\dllcache\quartz.dll
+ 2008-10-24 17:32 . 2009-07-07 15:10        24539592              c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Creative Detector"="c:\programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-02-16 405504]
"ICQ"="c:\programme\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-13 7606272]
"D-Link AirPlus G"="c:\programme\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]
"ANIWZCS2Service"="c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-20 385024]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2009-02-25 37888]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-05-13 86016]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-08-07 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2005-08-07 18944]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-04 16206848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Dokumente und Einstellungen\\kwam\\Desktop\\dud\\Age Of Empires 2 & The Conquerors Expansion -\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [07.07.2009 18:30 108289]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [08.12.2008 20:23 222456]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 05:46 284016]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86;c:\windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [06.05.2009 09:08 104272]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\MAGIX\Common\Database\bin\fbserver.exe --> c:\programme\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22.06.2009 15:22 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22.06.2009 15:22 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22.06.2009 15:22 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [22.06.2009 15:22 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [22.06.2009 15:22 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22.06.2009 15:22 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22.06.2009 15:22 109736]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com/?o=101677&l=dis
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
FF - ProfilePath - c:\dokumente und einstellungen\kwam\Anwendungsdaten\Mozilla\Firefox\Profiles\rf06ey9t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.startup.homepage - www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programme\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\NPWPF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 09:58
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\programme\CardReader2.0\OTiReader.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\CTXFISPI.EXE
c:\programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
c:\programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-17 10:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2009-07-17 08:11
ComboFix2.txt  2009-07-16 18:11
ComboFix3.txt  2009-07-15 23:01

Vor Suchlauf: 6 Verzeichnis(se), 134.369.574.912 Bytes frei
Nach Suchlauf: 6 Verzeichnis(se), 134.354.055.168 Bytes frei

230        --- E O F ---        2009-07-15 23:34

john.doe 17.07.2009 16:10
Geschafft, Rootkits sind endgültig tot. :daumenhoc

Kennst du den Verursacher für die Infektion? Falls ja, dann schicke mir bitte einen Downloadlink als PN.

1.) Deaktiviere den Wächter von Avira.

2.) Packe den Ordner c:\qoobox mit Zip oder Rar, lade das Archiv bei einem Filehoster hoch und schicke mir den Link als PN.

3.) Aktiviere den Wächter von Avira.

4.) Start => Ausführen => combofix /u => OK

5.) http://www.trojaner-board.de/51187-a...i-malware.html

6.) http://www.trojaner-board.de/51871-a...tispyware.html (nur Punkt 1-3 der Anleitung)

ciao, andreas

der_gizmo 17.07.2009 18:39
Prima, das hört sich doch shcon einmal vielversprechend an :)

Code:
Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2421
Windows 5.1.2600 Service Pack 3

17.07.2009 19:32:56
mbam-log-2009-07-17 (19-32-56).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 289120
Laufzeit: 1 hour(s), 20 minute(s), 35 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.
C:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Delete on reboot.
C:\Programme\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
c:\dokumente und einstellungen\kwam\Desktop\Hopsassa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\kwam\lokale einstellungen\anwendungsdaten\Mozilla\Firefox\Profiles\rf06ey9t.default\Cache\AB6774E1d01 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programme\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programme\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

john.doe 17.07.2009 18:43
Die gehen immer mehr auf den Firefox los. :(

ciao, andreas

der_gizmo 17.07.2009 21:22
Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/17/2009 at 10:14 PM

Application Version : 4.26.1006

Core Rules Database Version : 4002
Trace Rules Database Version: 1942

Scan type      : Complete Scan
Total Scan Time : 01:58:34

Memory items scanned      : 727
Memory threats detected  : 0
Registry items scanned    : 4935
Registry threats detected : 0
File items scanned        : 217593
File threats detected    : 4

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\kwam\Cookies\kwam@de.at.atwola[1].txt
        C:\Dokumente und Einstellungen\kwam\Cookies\kwam@atwola[1].txt
        C:\Dokumente und Einstellungen\kwam\Cookies\kwam@doubleclick[1].txt
        C:\Dokumente und Einstellungen\kwam\Cookies\kwam@adserver.71i[1].txt

john.doe 17.07.2009 21:29
Schau dir das VT-Ergebnis an:
Code:
Datei ESQULcrlbgpsvaxtvndqqnxxoquvgvupx empfangen 2009.07.15 23:03:05 (UTC)
Status:    Beendet
Ergebnis: 3/41 (7.32%)
 Filter
Drucken der Ergebnisse  Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        4.5.0.24        2009.07.15        -
AhnLab-V3        5.0.0.2        2009.07.15        -
AntiVir        7.9.0.215        2009.07.15        -
Antiy-AVL        2.0.3.7        2009.07.15        -
Authentium        5.1.2.4        2009.07.16        -
Avast        4.8.1335.0        2009.07.15        -
AVG        8.5.0.387        2009.07.15        -
BitDefender        7.2        2009.07.16        -
CAT-QuickHeal        10.00        2009.07.15        -
ClamAV        0.94.1        2009.07.15        -
Comodo        1663        2009.07.16        -
DrWeb        5.0.0.12182        2009.07.15        -
eSafe        7.0.17.0        2009.07.15        -
eTrust-Vet        31.6.6617        2009.07.15        -
F-Prot        4.4.4.56        2009.07.16        -
F-Secure        8.0.14470.0        2009.07.15        -
Fortinet        3.120.0.0        2009.07.15        -
GData        19        2009.07.15        -
Ikarus        T3.1.1.64.0        2009.07.15        -
Jiangmin        11.0.706        2009.07.15        -
K7AntiVirus        7.10.793        2009.07.15        -
Kaspersky        7.0.0.125        2009.07.16        -
McAfee        5677        2009.07.15        -
McAfee+Artemis        5677        2009.07.15        -
McAfee-GW-Edition        6.8.5        2009.07.15        -
Microsoft        1.4803        2009.07.16        VirTool:Win32/Obfuscator.ER
NOD32        4247        2009.07.15        -
Norman        6.01.09        2009.07.15        -
nProtect        2009.1.8.0        2009.07.15        -
Panda        10.0.0.14        2009.07.15        -
PCTools        4.4.2.0        2009.07.15        -
Prevx        3.0        2009.07.16        High Risk Cloaked Malware
Rising        21.38.24.00        2009.07.15        -
Sophos        4.43.0        2009.07.15        -
Sunbelt        3.2.1858.2        2009.07.15        -
Symantec        1.4.4.12        2009.07.16        Suspicious.Vundo.2
TheHacker        6.3.4.3.368        2009.07.15        -
TrendMicro        8.950.0.1094        2009.07.15        -
VBA32        3.12.10.8        2009.07.15        -
ViRobot        2009.7.15.1837        2009.07.15        -
VirusBuster        4.6.5.0        2009.07.15        -
weitere Informationen
File size: 23552 bytes
MD5...: db4997444d76434e325050c090b2efd0
SHA1..: 18bbb4ce71310704533018075cc0c96423717878
SHA256: 51bdd7a2cc1ba343884e4bc6b6c8015719c162d72f405e65a95b3748b00b0d9c
ssdeep: 384:U8Y+Y+GmLiTwYRd5miLiIMhv2zP7n6OTu8JuGrj1:U8wmLiTwYr5m7IMhuz5
Tuur
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1ba0
timedatestamp.....: 0x4588ab51 (Wed Dec 20 03:17:37 2006)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x246c 0x2000 5.67 ef3748688ff1ad621c4440174d387826
.data 0x4000 0x1863 0x800 2.53 a700095863e2c6898515aa6560eca25c
.rdata 0x6000 0x383c 0x1400 5.42 8855869c1ce8c2329da8cab68783b134
.edata 0xa000 0x28ad 0xc00 3.05 bb966077cbc634aa3da2a3bd54723d6e
.rsrc 0xd000 0x862 0x800 0.00 c99a74c555371a433d121f551d6c6398
.reloc 0xe000 0x82f 0x800 3.95 07f5f5e06c84805c990e53240827ad5f

( 6 imports )
> KERNEL32.DLL: VirtualFree, GetCurrentProcess, GetModuleHandleW, VirtualAlloc, ExitProcess, GlobalAlloc, FindFirstFileA, GetFileType, ResumeThread, GetProcessHeap
> msvcrt.dll: __p__fmode, realloc, __p__commode, __set_app_type
> GDI32.DLL: AngleArc, GdiGetDC, GetCurrentObject, ExcludeClipRect
> OLE32.DLL: CoGetInterfaceAndReleaseStream, OleLoadFromStream
> ADVAPI32.DLL: QueryServiceStatus, OpenSCManagerW, RegFlushKey, EqualSid, GetUserNameA, OpenServiceW, RegCreateKeyW, StartServiceCtrlDispatcherA
> version.dll: VerQueryValueA, GetFileVersionInfoW, GetFileVersionInfoSizeA, GetFileVersionInfoA

( 2 exports )
DzrcJqTHbbgrgf, ZriWYSvxIgg
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=12A3CABE0000AA245C6F00259D6ABA00ABB30703' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=12A3CABE0000AA245C6F00259D6ABA00ABB30703</a>
Noch Fragen? :D

1.) Deinstalliere SuperAntiSpyware

2.) Panda Active Scan
Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.
3.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte.

ciao, andreas

der_gizmo 17.07.2009 22:01
7% ?
Wo fang ich mir nur immer so Dinger ein (vor zwei Wochen H1N1... jetzt sowas... ich fang so langsam schon an zu glauben, dass ich meinen PC angesteckt hab... :affe: )

Da ich morgen (an einem Samstag...) aber zeitig raus muss, werd ich mich nun schlafen legen, das Scan-Ergebnis liefer ich morgen früh nach, falls ich aus irgendeinem Grund Schlafstörungen habe, eventuell schon früher... ;)

john.doe 17.07.2009 22:07
http://www.hofnik.omb-systems.com/pics/abinsbett.JPG

ciao, andreas

der_gizmo 18.07.2009 11:35
Panda:

Code:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-18 12:33:33
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                      Active    Updated
;===================================================================================================================================================================================
AntiVir Desktop                              9.0.1.30                      No        Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00041402  Exploit/MS04-022.gen              HackTools          No        0        Yes            No          C:\WINDOWS\Installer\29566.msp[unk_0007]
00139061  Cookie/Doubleclick                TrackingCookie      No        0        Yes            No          C:\Dokumente und Einstellungen\kwam\Cookies\kwam@doubleclick[1].txt
00139061  Cookie/Doubleclick                TrackingCookie      No        0        Yes            No          C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
00145393  Cookie/Tradedoubler                TrackingCookie      No        0        Yes            No          C:\Dokumente und Einstellungen\kwam\Cookies\kwam@tradedoubler[1].txt
00149116  Cookie/Ccbill                      TrackingCookie      No        0        Yes            No          C:\Dokumente und Einstellungen\kwam\Cookies\kwam@ccbill[1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0        Yes            No          C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[2].txt
00168109  Cookie/Adtech                      TrackingCookie      No        0        Yes            No          C:\WINDOWS\system32\config\systemprofile\Cookies\system@adtech[1].txt
00168109  Cookie/Adtech                      TrackingCookie      No        0        Yes            No          C:\Dokumente und Einstellungen\kwam\Cookies\kwam@adtech[1].txt
00262020  Cookie/Atwola                      TrackingCookie      No        0        Yes            No          C:\Dokumente und Einstellungen\kwam\Cookies\kwam@atwola[1].txt
00590315  Rootkit/Agent.LNB                  HackTools          No        0        Yes            No          C:\System Volume Information\_restore{B7ABC265-EE74-42B4-8042-29A10BC5CEA1}\RP274\A0089106.sys
01675833  Trj/SMSlock.C                      Virus/Trojan        No        0        No            No          C:\Dokumente und Einstellungen\kwam\Desktop\Qoobox.rar[Qoobox\Quarantine\C\cleanup.exe.vir]
03074964  Trj/CI.A                          Virus/Trojan        No        0        No            No          C:\Dokumente und Einstellungen\kwam\Desktop\Qoobox.rar[Qoobox\Quarantine\C\WINDOWS\system32\ESQULjwoaypplxqliosrhdgapirxxdnowqyin.dll.vir]
03432103  Bck/Ciadoor.FQ                    Virus/Trojan        No        1        Yes            No          C:\Dokumente und Einstellungen\kwam\Desktop\dud\ICQ Status Checker.exe
03738701  Generic Malware                    Virus/Trojan        No        0        Yes            No          C:\Programme\QIP\uninstall.exe
03912402  Bck/Ciadoor.FQ                    Virus/Trojan        No        1        Yes            No          C:\Dokumente und Einstellungen\kwam\Desktop\dud\ICQ Ignore Checker.exe
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              `
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity  Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                `
;===================================================================================================================================================================================
;===================================================================================================================================================================================

der_gizmo 18.07.2009 11:40
PrevXCSI ging ja schnell. Hat auf jeden Fall nichts entdeckt.

john.doe 18.07.2009 11:47
1.) Lösche Qoobox.rar von deinem Desktop, die Dateien wurden schon an die AVP-Hersteller verschickt.

2.) Folgende Dateien würde ich dir auch dringend zum Löschen empfehlen:
Zitat:
C:\Dokumente und Einstellungen\kwam\Desktop\dud\ICQ Status Checker.exe
C:\Dokumente und Einstellungen\kwam\Desktop\dud\ICQ Ignore Checker.exe
3.) Die Datei
Zitat:
C:\Programme\QIP\uninstall.exe
bitte bei www.virustotal.com überprüfen lassen und hier den kompletten Bericht posten. Benutze bitte [ code]Bericht[ /code]-Befehle, dann ist die Darstellung besser. Alternativ kannst du in der Symbolleiste dass 4. Symbol von rechts => # benutzen.

4.) Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des System durch einen Wiederherstellungspunkt das System wahrscheinlich wieder infizieren würde.
Nach Neustart kann sie wieder aktiviert werden.

ciao, andreas

der_gizmo 18.07.2009 16:28
Die Dateiüberprüfung läuft nun bereits über 3h. Kann das sein, oder lief da irgendetwas schief?

john.doe 18.07.2009 16:32
Zitat:
Kann das sein, oder lief da irgendetwas schief?
Ganz sicher, klicke auf aktualisieren. Sollte das nicht helfen und die Datei kleiner als 3MB sein, kannst du sie auch bei uns uploaden => http://www.trojaner-board.de/54791-a...ner-board.html

ciao, andreas

der_gizmo 18.07.2009 16:39
Ok, F5 hat geholfen ;)


Code:
Antivirus        Version        letzte aktualisierung        Ergebnis
a-squared        4.5.0.24        2009.07.18        -
AhnLab-V3        5.0.0.2        2009.07.18        -
AntiVir        7.9.0.220        2009.07.17        -
Antiy-AVL        2.0.3.7        2009.07.17        -
Authentium        5.1.2.4        2009.07.18        -
Avast        4.8.1335.0        2009.07.17        -
AVG        8.5.0.387        2009.07.18        -
BitDefender        7.2        2009.07.18        -
CAT-QuickHeal        10.00        2009.07.17        -
ClamAV        0.94.1        2009.07.18        -
Comodo        1690        2009.07.18        -
DrWeb        5.0.0.12182        2009.07.18        -
eSafe        7.0.17.0        2009.07.16        Suspicious File
eTrust-Vet        31.6.6623        2009.07.18        -
F-Prot        4.4.4.56        2009.07.17        -
F-Secure        8.0.14470.0        2009.07.17        -
Fortinet        3.120.0.0        2009.07.18        -
GData        19        2009.07.18        -
Ikarus        T3.1.1.64.0        2009.07.18        -
Jiangmin        11.0.800        2009.07.18        -
K7AntiVirus        7.10.794        2009.07.16        Trojan.Win32.Malware.1
Kaspersky        7.0.0.125        2009.07.18        -
McAfee        5679        2009.07.17        -
McAfee+Artemis        5679        2009.07.17        -
McAfee-GW-Edition        6.8.5        2009.07.18        -
Microsoft        1.4803        2009.07.18        -
NOD32        4256        2009.07.18        -
Norman        6.01.09        2009.07.17        -
nProtect        2009.1.8.0        2009.07.18        -
Panda        10.0.0.14        2009.07.17        Generic Malware
PCTools        4.4.2.0        2009.07.17        -
Prevx        3.0        2009.07.18        High Risk Worm
Rising        21.38.52.00        2009.07.18        -
Sophos        4.43.0        2009.07.18        -
Sunbelt        3.2.1858.2        2009.07.18        -
Symantec        1.4.4.12        2009.07.18        -
TheHacker        6.3.4.3.370        2009.07.17        -
TrendMicro        8.950.0.1094        2009.07.17        PAK_Generic.001
VBA32        3.12.10.8        2009.07.17        -
ViRobot        2009.7.17.1841        2009.07.17        -
VirusBuster        4.6.5.0        2009.07.16        -
weitere Informationen
File size: 10752 bytes
MD5  : 25116b532484c18ec775bc26914da309
SHA1  : 34313cc8e85585206167a14ccb5868060a569806
SHA256: b88e752f1647e7e10cd72ff49212a701f5b2b5445f93d46f0dd375bcd67c074b
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9C90
timedatestamp.....: 0x43F654A2 (Fri Feb 17 23:56:34 2006)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x7000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x8000 0x2000 0x1E00 7.83 fc4ef447659b59cf04c5f06c45607d5f
.rsrc 0xA000 0x1000 0x800 3.36 c160677f97d54879bdc87533f8c2c760

( 7 imports )

> advapi32.dll: RegCloseKey
> kernel32.dll: LoadLibraryA, GetProcAddress, ExitProcess
> msvcp60.dll: __1_Winit@std@@QAE@XZ
> msvcrt.dll: exit
> ole32.dll: CoInitialize
> shell32.dll: SHGetMalloc
> user32.dll: GetFocus

( 0 exports )
TrID  : File type identification
39.5% (.EXE) UPX compressed Win32 Executable (30569/9/7)
34.3% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
11.0% (.EXE) Win32 Executable Generic (8527/13/3)
9.8% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
2.5% (.EXE) Generic Win/DOS Executable (2002/3)
ssdeep: 192:agMMw34x7j4Dsw7zPTeCB04u9N2cQZMa+3EGrfaTsPI32hZP7C9WU5y:D/rdjsw9McQmpUGrjQGHP7Doy
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=14183E20004B4AA72A13005869B4930050768941
PEiD  : UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (Kaspersky): UPX
packers (F-Prot): UPX
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=25116b532484c18ec775bc26914da309
RDS  : NSRL Reference Data Set

der_gizmo 18.07.2009 16:41
Liste der Anhänge anzeigen (Anzahl: 1)
Diesen S-Shot wollte ich eigentlich noch annhängen. Warum er nun nicht angezeigt wird, weiß ich nicht.

john.doe 18.07.2009 16:56
Die gleichen Dateien, die Panda auch angenörgelt hat, lösche beide, dann ist Ruhe.

1.) Wie geht es dem Rechner? Noch irgendwelche Auffälligkeiten?

2.) Poste neue RSIT-Logs => http://www.trojaner-board.de/74910-a...tion-tool.html

3.) Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Online Scanner
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen

ciao, andreas

der_gizmo 18.07.2009 17:00
Nein, ich merke nichts mehr, allerdings ist das schon seit dem Avengerdurchlauf so der Fall.

der_gizmo 18.07.2009 17:05
Log, Teil I:

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by kwam at 2009-07-18 18:03:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 132 GB (55%) free of 238 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:56, on 18.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CardReader2.0\OTiReader.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Prevx\prevx.exe
C:\Programme\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Winamp\winamp.exe
C:\Dokumente und Einstellungen\kwam\Desktop\RSIT(2).exe
C:\Programme\trend micro\kwam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101677&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Programme\CardReader2.0\OTiReader.exe

--
End of file - 9681 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programme\google\googletoolbar1.dll [2008-10-24 2427968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-12-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar1.dll [2008-10-24 2427968]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-13 7606272]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-08-08 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2005-08-08 18944]
"D-Link AirPlus G"=C:\Programme\D-Link\AirPlus G\AirGCFG.exe [2005-07-22 1519616]
"ANIWZCS2Service"=C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-12-16 49152]
"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-04-20 385024]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-04-24 1448960]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2009-02-25 37888]
"AdobeCS4ServiceManager"=C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Acrobat Assistant 8.0"=C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Creative Detector"=C:\Programme\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-02-16 405504]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cognac]
C:\DOKUME~1\kwam\LOKALE~1\Temp\b.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CRBroadCasting]
C:\Programme\CardReader2.0\CRBroadCasting.exe [2004-07-27 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Dokumente und Einstellungen\kwam\Desktop\dud\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe"="C:\Dokumente und Einstellungen\kwam\Desktop\dud\Age Of Empires 2 & The Conquerors Expansion -\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-07-18 18:01:25 ----D---- C:\rsit
2009-07-18 12:36:18 ----D---- C:\Programme\Prevx
2009-07-18 12:36:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI
2009-07-18 12:36:14 ----A---- C:\WINDOWS\wininit.ini
2009-07-17 22:37:32 ----D---- C:\Programme\Panda Security
2009-07-17 22:35:59 ----SHD---- C:\Config.Msi
2009-07-17 20:08:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-07-17 20:08:22 ----D---- C:\Programme\SUPERAntiSpyware
2009-07-17 20:08:22 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\SUPERAntiSpyware.com
2009-07-17 18:10:00 ----SD---- C:\combo-fix
2009-07-17 10:11:31 ----A---- C:\ComboFix.txt
2009-07-17 09:56:36 ----D---- C:\WINDOWS\temp
2009-07-16 01:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 01:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 01:33:18 ----A---- C:\WINDOWS\imsins.BAK
2009-07-16 01:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-16 01:03:54 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Malwarebytes
2009-07-16 00:51:18 ----A---- C:\Boot.bak
2009-07-16 00:51:10 ----D---- C:\cmdcons
2009-07-16 00:47:56 ----D---- C:\WINDOWS\ERDNT
2009-07-16 00:26:58 ----A---- C:\RootRepeal report 07-16-09 (00-26-58).txt
2009-07-15 23:23:19 ----A---- C:\RootRepeal report 07-15-09 (23-23-19).txt
2009-07-15 22:13:21 ----D---- C:\Programme\CCleaner
2009-07-15 15:15:13 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-07-15 15:15:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-14 22:35:27 ----D---- C:\Programme\Trend Micro
2009-07-14 20:46:52 ----D---- C:\WINDOWS\Minidump
2009-07-14 20:38:41 ----A---- C:\WINDOWS\Robota.INI
2009-07-14 20:38:36 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\MAGIX
2009-07-14 20:23:09 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2009-07-14 20:23:07 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2009-07-14 20:22:19 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\TTIC32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\TTI32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\STRING32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\MXRestore.exe
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\mgxasio2.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2009-07-14 20:22:17 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLIX.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2009-07-14 20:22:16 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2009-07-14 20:21:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2009-07-14 20:21:23 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
2009-07-14 20:21:10 ----D---- C:\WINDOWS\system32\MAGIX
2009-07-14 20:21:10 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-07-14 20:21:10 ----A---- C:\WINDOWS\mgxoschk.ini
2009-07-14 19:27:31 ----D---- C:\Programme\Audacity
2009-07-10 20:47:49 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-10 20:47:08 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-07-10 20:47:02 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-07-07 18:30:23 ----D---- C:\Programme\Avira
2009-07-07 18:30:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-07-06 22:52:05 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\com.adobe.ExMan
2009-07-02 21:11:46 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Apple Computer
2009-06-24 00:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-24 00:05:48 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-22 15:26:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2009-06-22 15:22:16 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe146.dll
2009-06-22 15:12:11 ----D---- C:\Programme\Gemeinsame Dateien\Sony Shared
2009-06-22 15:11:58 ----D---- C:\Programme\Sony
2009-06-22 15:09:10 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-06-22 15:09:08 ----D---- C:\Programme\QuickTime
2009-06-22 15:09:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-06-22 15:08:57 ----D---- C:\Programme\Apple Software Update
2009-06-22 15:08:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-06-22 15:08:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-06-22 15:08:00 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-06-22 15:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2009-06-22 15:05:58 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Sony

der_gizmo 18.07.2009 17:07
Log, Teil II:
Code:

======List of files/folders modified in the last 1 months======

2009-07-18 18:03:37 ----RD---- C:\Programme
2009-07-18 18:03:27 ----D---- C:\WINDOWS\Prefetch
2009-07-18 18:03:27 ----D---- C:\Programme\Vuze
2009-07-18 17:52:18 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Winamp
2009-07-18 12:36:18 ----D---- C:\WINDOWS\system32\drivers
2009-07-18 12:36:14 ----D---- C:\WINDOWS
2009-07-18 07:54:32 ----D---- C:\Programme\Mozilla Firefox
2009-07-18 07:53:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 01:09:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-17 22:43:40 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\temp
2009-07-17 22:42:18 ----D---- C:\WINDOWS\system32
2009-07-17 22:39:47 ----HD---- C:\WINDOWS\inf
2009-07-17 22:36:09 ----SHD---- C:\WINDOWS\Installer
2009-07-17 22:36:02 ----D---- C:\Programme\Gemeinsame Dateien
2009-07-17 22:29:12 ----D---- C:\Programme\PartyGaming
2009-07-17 18:10:30 ----SHD---- C:\System Volume Information
2009-07-17 18:10:30 ----D---- C:\WINDOWS\system32\Restore
2009-07-17 09:58:51 ----A---- C:\WINDOWS\system.ini
2009-07-17 09:50:44 ----D---- C:\WINDOWS\AppPatch
2009-07-16 19:38:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-07-16 15:52:56 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\FrostWire
2009-07-16 01:34:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-16 01:34:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-16 01:33:24 ----D---- C:\WINDOWS\Debug
2009-07-16 00:51:18 ----RASH---- C:\boot.ini
2009-07-15 23:59:29 ----SD---- C:\WINDOWS\Tasks
2009-07-14 23:01:21 ----A---- C:\WINDOWS\win.ini
2009-07-14 22:06:57 ----D---- C:\Programme\Warcraft III
2009-07-14 20:23:18 ----D---- C:\WINDOWS\Help
2009-07-14 20:22:39 ----RSD---- C:\WINDOWS\Fonts
2009-07-14 20:21:11 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Azureus
2009-07-10 22:57:54 ----SD---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Microsoft
2009-07-10 20:46:55 ----D---- C:\WINDOWS\system32\DirectX
2009-07-10 20:10:54 ----D---- C:\Programme\Microsoft Games
2009-07-10 16:06:56 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Skype
2009-07-10 16:01:01 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\skypePM
2009-07-07 19:11:49 ----D---- C:\WINDOWS\WinSxS
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 22:54:36 ----D---- C:\Dokumente und Einstellungen\kwam\Anwendungsdaten\Adobe
2009-07-02 21:16:14 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2009-07-02 21:16:10 ----D---- C:\Programme\DVDVideoSoft
2009-06-24 00:06:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-22 15:28:08 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-06-22 15:22:02 ----HD---- C:\Programme\InstallShield Installation Information
2009-06-22 15:22:02 ----D---- C:\Programme\Sony Ericsson
2009-06-22 15:09:29 ----D---- C:\Programme\Internet Explorer
2009-06-22 15:08:28 ----D---- C:\Programme\Windows Media Player
2009-06-22 15:08:08 ----D---- C:\WINDOWS\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-07-08 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-08 28520]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-08 55640]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-07 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-07 439424]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-07 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-07 142848]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-03 199168]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-07 77824]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-08-07 1093632]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-13 3918176]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-07 114688]
R3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-06-04 319104]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ab7p2ig4;ab7p2ig4; C:\WINDOWS\system32\drivers\ab7p2ig4.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOKUME~1\kwam\LOKALE~1\Temp\catchme.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-29 25280]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-07-08 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-08 185089]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 CSIScanner;CSIScanner; C:\Programme\Prevx\prevx.exe [2009-07-18 4368952]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-13 155715]
R2 OTi Card Reader Service;OTi Card Reader Service; C:\Programme\CardReader2.0\OTiReader.exe [2004-07-26 139369]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2004-10-22 49152]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe [2009-05-06 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 clr_optimization_v4.0.20506_32;.NET Runtime Optimization Service v4.0.20506_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe [2009-05-06 104272]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-05 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

der_gizmo 18.07.2009 17:08
Info, Teil I.a:

Code:
info.txt logfile of random's system information tool 1.06 2009-07-18 18:01:28

======Uninstall list======

-->"C:\Programme\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7  /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}

der_gizmo 18.07.2009 17:10
Info, Teil I.b:

Code:
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Age of Empires III-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}
AirPlus G-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l1031
ANIO Service-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x7 UNINST
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only)-->"C:\Programme\CD Audio Reader Filter\uninstall.exe"
CDBurnerXP-->"C:\Programme\CDBurnerXP\unins000.exe"
CodecInstaller 2.10.2-->C:\Programme\JockerSoft\CodecInstaller\uninst.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Creative MediaSource-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x7  /remove
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7  /remove
DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe
DC-Bass Source 1.1.1-->"C:\Programme\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Programme\DirectVobSub\uninstall.exe"
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DScaler 5 Mpeg Decoders-->"C:\Programme\DScaler5\unins000.exe"
EPSON Attach To Email-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x7 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x7 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x7 -SYSTEM
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Stylus Photo R285_290 Handbuch-->C:\Programme\EPSON\TPMANUAL\ESPR285_290\DEU\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVGA Display Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x7  -removeonly
ffdshow [rev 1685] [2007-12-06]-->"C:\Programme\ffdshow\unins000.exe"
Free YouTube to iPod Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FrostWire 4.17.2-->C:\Programme\FrostWire\Uninstall.exe
FUSSBALL MANAGER 09-->C:\Programme\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programme\google\googletoolbar1.dll"
Haali Media Splitter-->"C:\Programme\Haali\MatroskaSplitter\uninstall.exe"
Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JRAID-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x7  -removeonly
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Media Go-->MsiExec.exe /X{C9C13822-A638-4331-99A3-4498A5901693}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft .NET Framework 4 Client Profile Beta 1-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Client Profile Beta 1\Setup.exe /repair /x86
Microsoft .NET Framework 4 Client Profile Beta 1-->MsiExec.exe /X{1DF6A8F6-5048-323F-8758-DA533CE0F07E}
Microsoft .NET Framework 4 Extended Beta 1-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Extended Beta 1\Setup.exe /repair /x86
Microsoft .NET Framework 4 Extended Beta 1-->MsiExec.exe /X{19BD09BF-3BBD-3663-A5ED-50B6B2B07E45}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010  Beta 1 x86 Redistributable - 10.0.20506-->MsiExec.exe /X{FC92E32F-6AD6-38E7-AC11-83B639CEACD8}
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Programme\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.11)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
OpenSource Flash Video Splitter (remove only)-->"C:\Programme\OpenSource Flash Video Splitter\uninstall.exe"
OTiCardReader -->C:\Programme\CardReader2.0\AdvDrvIns.exe -u "C:\Programme\CardReader2.0"
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Prevx 3.0-->"C:\Programme\Prevx\prevx.exe" /prop UNINSTALL=Y
QIP 8080 Jeak-Edition-->C:\Programme\QIP\uninstall.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealMedia (remove only)-->"C:\Programme\RealMedia\uninstall.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Rise Of Legends-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
SHOUTcast Source (remove only)-->"C:\Programme\SHOUTcast Source\uninstall.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 5.007.01-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7  /remove
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Vuze-->C:\Programme\Vuze\uninstall.exe
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

der_gizmo 18.07.2009 17:12
Info, Teil II:

Code:

======Security center information======

AV: AntiVir Desktop (disabled)

======System event log======

Computer Name: xxx-6D066A0E97
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\CdRom1.

Record Number: 19934
Source Name: Cdrom
Time Written: 20090718010234.000000+120
Event Type: Fehler
User:

Computer Name: xxx-6D066A0E97
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\CdRom1.

Record Number: 19933
Source Name: Cdrom
Time Written: 20090718010231.000000+120
Event Type: Fehler
User:

Computer Name: xxx-6D066A0E97
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\CdRom1.

Record Number: 19932
Source Name: Cdrom
Time Written: 20090718010228.000000+120
Event Type: Fehler
User:

Computer Name: xxx-6D066A0E97
Event Code: 7
Message: Fehlerhafter Block bei Gerät \Device\CdRom1.

Record Number: 19931
Source Name: Cdrom
Time Written: 20090718010225.000000+120
Event Type: Fehler
User:

Computer Name: xxx-6D066A0E97
Event Code: 18
Message: TIMEOUT<firefox.exe> J:\00002.tmp

Record Number: 19930
Source Name: avgntflt
Time Written: 20090718010223.000000+120
Event Type: Warnung
User:

=====Application event log=====

Computer Name: xxx-6D066A0E97
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 1247
Source Name: Avira AntiVir
Time Written: 20090311170224.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: xxx-6D066A0E97
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1246
Source Name: SecurityCenter
Time Written: 20090311170222.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 1
Message:
Record Number: 1245
Source Name: OTi Card Reader Service
Time Written: 20090311170221.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 0
Message:
Record Number: 1244
Source Name: ICQ Service
Time Written: 20090311170215.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 105
Message: The service was started.

Record Number: 1243
Source Name: Creative Service for CDROM Access
Time Written: 20090311170215.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
PS: Antivir ist nun wieder aktiviert, hatte ganz vergessen, es zu reaktivieren, aber RSIT hilft ;)

der_gizmo 18.07.2009 17:13
Hmm, warum stehen da immernoch Frostwire und Vuze, dachte, ich hätte die deinstalliert...

Edit: Bei mir im Explorer sind die auch nicht mehr zu finden.

john.doe 18.07.2009 17:25
Du kannst tote Einträge mit HJT entfernen. Die Ask-Toolbar dürfte sich auch nicht mehr deinstallieren lassen. :D

Was ist dein Laufwerk J:?

ciao, andreas

der_gizmo 18.07.2009 17:31
DVD-RW-Laufwerk. Da lag noch ne Disc drin, falls dich das irgendwie irritiert haben sollte ;)

john.doe 18.07.2009 17:40
Im Systemlog sind einige merkwürdige Einträge, die gefallen mir gar nicht.

Nimm die CD raus, mache einen Neustart und erstelle nochmal ein neues Log. Ich brauche nur die info.txt.

ciao, andreas

der_gizmo 18.07.2009 18:22
Hmm, wenn ich scanne, zeigt der mir jetzt nur noch log.txt an, von info keine Spur. :confused:

john.doe 18.07.2009 18:30
Schau mal in die Taskleiste, die info.txt ist minimiert. Solltest du sie nicht finden, dann

Start => Ausführen => c:\rsit\info.txt => OK

ciao, andreas

Edit: Ich wurde gerade darauf hingewiesen, dass du die beiden Dateien im C:\RSIT-Ordner erst löschen musst, bevor du RSIT nochmal startest, sonst erscheint keine info.txt.

der_gizmo 18.07.2009 18:53
...der Übersicht halber...

der_gizmo 18.07.2009 18:54
... das gleiche in grün ...

der_gizmo 18.07.2009 18:56
Ok, dann die neue:
Code:
info.txt logfile of random's system information tool 1.06 2009-07-18 19:55:48

======Uninstall list======

-->"C:\Programme\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7  /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Age of Empires III-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}
AirPlus G-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l1031
ANIO Service-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x7 UNINST
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only)-->"C:\Programme\CD Audio Reader Filter\uninstall.exe"
CDBurnerXP-->"C:\Programme\CDBurnerXP\unins000.exe"
CodecInstaller 2.10.2-->C:\Programme\JockerSoft\CodecInstaller\uninst.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Creative MediaSource-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x7  /remove
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7  /remove
DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe
DC-Bass Source 1.1.1-->"C:\Programme\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Programme\DirectVobSub\uninstall.exe"
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DScaler 5 Mpeg Decoders-->"C:\Programme\DScaler5\unins000.exe"
EPSON Attach To Email-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x7 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x7 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x7 -SYSTEM
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Stylus Photo R285_290 Handbuch-->C:\Programme\EPSON\TPMANUAL\ESPR285_290\DEU\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVGA Display Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x7  -removeonly
ffdshow [rev 1685] [2007-12-06]-->"C:\Programme\ffdshow\unins000.exe"
Free YouTube to iPod Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FUSSBALL MANAGER 09-->C:\Programme\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programme\google\googletoolbar1.dll"
Haali Media Splitter-->"C:\Programme\Haali\MatroskaSplitter\uninstall.exe"
Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JRAID-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x7  -removeonly
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"

der_gizmo 18.07.2009 18:58
Code:
Media Go-->MsiExec.exe /X{C9C13822-A638-4331-99A3-4498A5901693}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft .NET Framework 4 Client Profile Beta 1-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Client Profile Beta 1\Setup.exe /repair /x86
Microsoft .NET Framework 4 Client Profile Beta 1-->MsiExec.exe /X{1DF6A8F6-5048-323F-8758-DA533CE0F07E}
Microsoft .NET Framework 4 Extended Beta 1-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.20506\SetupCache\Microsoft .NET Framework 4 Extended Beta 1\Setup.exe /repair /x86
Microsoft .NET Framework 4 Extended Beta 1-->MsiExec.exe /X{19BD09BF-3BBD-3663-A5ED-50B6B2B07E45}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010  Beta 1 x86 Redistributable - 10.0.20506-->MsiExec.exe /X{FC92E32F-6AD6-38E7-AC11-83B639CEACD8}
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Programme\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.11)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
OpenSource Flash Video Splitter (remove only)-->"C:\Programme\OpenSource Flash Video Splitter\uninstall.exe"
OTiCardReader -->C:\Programme\CardReader2.0\AdvDrvIns.exe -u "C:\Programme\CardReader2.0"
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Prevx 3.0-->"C:\Programme\Prevx\prevx.exe" /prop UNINSTALL=Y
QIP 8080 Jeak-Edition-->C:\Programme\QIP\uninstall.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealMedia (remove only)-->"C:\Programme\RealMedia\uninstall.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Rise Of Legends-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
SHOUTcast Source (remove only)-->"C:\Programme\SHOUTcast Source\uninstall.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 5.007.01-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite-->MsiExec.exe /I{FE6397C1-CECA-4EC3-B064-42AED7676898}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7  /remove
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: xxx-6D066A0E97
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.

Record Number: 19850
Source Name: Service Control Manager
Time Written: 20090717134801.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: xxx-6D066A0E97
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 19849
Source Name: Service Control Manager
Time Written: 20090717134801.000000+120
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 19848
Source Name: Service Control Manager
Time Written: 20090717134801.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: xxx-6D066A0E97
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 19847
Source Name: Service Control Manager
Time Written: 20090717134801.000000+120
Event Type: Informationen
User: xxx-6D066A0E97\kwam

Computer Name: xxx-6D066A0E97
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".

Record Number: 19846
Source Name: Service Control Manager
Time Written: 20090717134801.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: xxx-6D066A0E97
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 1247
Source Name: Avira AntiVir
Time Written: 20090311170224.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: xxx-6D066A0E97
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1246
Source Name: SecurityCenter
Time Written: 20090311170222.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 1
Message:
Record Number: 1245
Source Name: OTi Card Reader Service
Time Written: 20090311170221.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 0
Message:
Record Number: 1244
Source Name: ICQ Service
Time Written: 20090311170215.000000+060
Event Type: Informationen
User:

Computer Name: xxx-6D066A0E97
Event Code: 105
Message: The service was started.

Record Number: 1243
Source Name: Creative Service for CDROM Access
Time Written: 20090311170215.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

john.doe 18.07.2009 19:19
So ist viel besser. :daumenhoc

1.) Deinstalliere:
  • Apple Software Update
  • Google Toolbar for Internet Explorer
  • ICQ Toolbar
  • Java(TM) 6 Update 3
  • Java(TM) 6 Update 7
  • Java(TM) 6 Update 13
  • Mozilla Firefox (3.0.11)
  • Panda ActiveScan 2.0
  • Prevx 3.0
  • Skype™ 3.8
2.) Installiere:3.) Starte HJT => Do a system scan only => Markiere:
Code:
Alle R0, R1, R3, O2, O3, O8, O9 und O16-Einträge
=> Fix checked

ciao, andreas

der_gizmo 18.07.2009 19:39
Tut mir leid, wenn ich mich jetzt irgendwie doof anstelle.... , aber wie kann ich das Java-Zeugs und Apple deinstallieren?

john.doe 18.07.2009 19:54
Start => Einstellungen => Systemsteuerung => Software => Das richtige aussuchen => Entfernen

ciao, andreas

der_gizmo 19.07.2009 15:44
So, hab nun alles ausgeführt. Der Kapersky-Scan macht bisschen Probleme. Mit FF ließ er sich gar nicht ausführen und beim IE hat er irgendwann resigniert...
Vielleicht klappts ja mit FF 3.5.1

john.doe 19.07.2009 15:46
Vergiss es, das war nur ein zusätzliches Netz, der Kasper macht häufiger Probleme.

Wie geht es dem Rechner? Gibt es noch irgendwelche Auffälligkeiten?

ciao, andreas

der_gizmo 19.07.2009 15:52
Nein, alles wunderbar :)

john.doe 19.07.2009 15:57
Dann bist du entlassen. :)

ciao, andreas

der_gizmo 19.07.2009 16:00
Klasse :)
Vielen, vielen Dank, alleine hät ich das im Leben nicht hingekreigt :)

Muss ich hier jetzt irgendetwas markieren, oder übernehmen das die Moderatoren?

john.doe 19.07.2009 16:42
Das machen die Moderatoren. :)

Schönen Sonntag noch,
Andreas

der_gizmo 19.07.2009 16:54
Alles klar.

Dann verabschiede ich mich hiermit!
Nichts für ungut, aber ich hoffe, dass ich nie wieder in die Lage gerate, dass ich hier im Forum nach Rat suchen muss :cool:

Noch einmal vielen Dank, dir auch einen schönen Tag! :)

Matthias

Basti_02 04.08.2009 18:56
Hi!

Ich wollte nicht extra einen neuen Thread aufmachen, da mir die Symptome der Malware, wie der_gizmo sie beschrieb, ziemlich identisch zu sein scheinen mit meinen Erfahrungen (konstantes Aufpoppen von Fehlermeldung durch eine b.exe. Bei mir kamen noch einige zusätzliche, sehr aggressive Viren hinzu). Ich habe versucht mit verschiedener Software (wie z.B. RegRun) der Sache wieder Herr zu werden und bin irgendwann auf die Datei 'aujasnkj.sys' gestoßen, die mich in regelmäßigen Abständen zu einem bluescreen schickte. Eine Dateisuche findet aber keine solche Datei auf der Festplatte. Ein bisschen Googlen hat mich dann zu diesem Thread geführt und ich habe probiert zumindest einige Schritte zu imitieren. Auch die Avenger Scripts auf Seite 3 habe ich benutzt, unklug wie es auch vielleicht war.
Momentan sieht es so aus als wäre das Schlimmste überstanden. Zumindest gibt es keine Spontanabstürze mehr und Google hat aufgehört mich zu Pornoseiten weiterzuleiten. Wenn ich allerdings versuche einen Scan mit GMER durchzuführen lande ich wieder wegen 'aujasnkj.sys' bei einem bluescreen. Bevor ich nun mit meinen amateurhaften Versuchen mein Laptop noch weiter zerschieße wende ich mich also lieber an Leute mit Ahnung. Wie schlimm muss ich die Lage noch einschätzen?
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:05, on 04.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\HP\QuickPlay\QPService.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\avmwlanstick\FRITZWLanMini.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programme\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programme\bonjour\mdnsnsp.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=64&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: Inquisit by Millisecond Software - http://www.millisecond.com/setup/ax/2_0_61004_2/InquisitAx.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174242282454
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174242410510
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

--
End of file - 8171 bytes

john.doe 04.08.2009 19:28
Hallo und :hallo:
Zitat:
Ich wollte nicht extra einen neuen Thread aufmachen
So gehört sich das aber, weil es so in den Regeln steht. Bitte eröffne deinen eigenen Thread und benutze niemals Skripte, die für einen bestimmten User geschrieben wurden.

ciao, andreas

Basti_02 04.08.2009 19:37
Wird gemacht. 'Tschuldigung :(


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131