Trojaner-Board - Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... (https://www.trojaner-board.de/76011-system-sicher-laptop-stuerzt-ab-kein-virus-finden.html)

blaxXxun

03.08.2009 11:14

Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...

Hallo, wäre nett wenn mir jemand sagen könnte ob irgendwo Viren im System sitzen:

seit einiger Zeit verhält sich mein Laptop seltsam, Virenscans (Antivir) stürzen ab, er ist teilweise sehr langsam, beim Video-Streaming hakt das Bild in regelmäßigen Abständen extrem und auf einer Externen Festplatte hat Antivir nach dem Anschließen Viren endeckt (der hier wars:
In der Datei 'H:\Downloads\inst(2).exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen).
Teilweise ließ sich nach Programmabsturz auch der Taskmanager über Strg+Alt+Entf nicht aufrufen. ("Das Sicherheitsdialogfenster kann nicht erstellt werden." (nur sinngemäß)) Das ist aber in letzter Zeit nicht mehr aufgetreten.
Außerdem Bluescreens "DRIVER POWER STATE FAILURE" sowie selbständiges Neustarten.

Dr. Web hat im abgesicherten Modus alle Festplatten samt externen gescannt und keine Viren gefunden.

Wenn ich mbr.exe vom Desktop starte reagiert der Laptop nicht mehr...

Vielen Dank für Eure Mühe

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:36:50, on 03.08.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal
 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe

D:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Trillian\trillian.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\system32\svchost.exe

D:\Program Files\Spyware Doctor\pctsAuxs.exe

D:\Program Files\Spyware Doctor\pctsSvc.exe

D:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Windows\system32\svchost.exe

D:\Program Files\Spyware Doctor\pctsTray.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\svchost.exe

D:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\blaxXxun\Documents\Downloads\9egd2it2.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\blaxXxun\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe

O13 - Gopher Prefix: 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\wmpnetwk.exe (file missing)
 

--

End of file - 10156 bytes

blaxXxun

03.08.2009 12:00

MAV ist eben abgeschmiert beim Scan...hier ist der log vom letzten der noch durchgegangen ist:

Code:

Malwarebytes' Anti-Malware 1.39

Datenbank Version: 2535

Windows 6.0.6001 Service Pack 1
 

31.07.2009 21:23:38

mbam-log-2009-07-31 (21-23-38).txt
 

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)

Durchsuchte Objekte: 345064

Laufzeit: 5 hour(s), 0 minute(s), 42 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

blaxXxun

03.08.2009 13:02

CCleaner, MAV und SUPERAntispyware sind wärend der Suche abgestürzt...

blaxXxun

03.08.2009 16:56

und einmal das RSIT:

Code:

Logfile of random's system information tool 1.06 (written by random/random)

Run by blaxXxun at 2009-08-03 17:50:51

Microsoft® Windows Vista™ Business  Service Pack 1

System drive C: has 2 GB (9%) free of 26 GB

Total RAM: 3062 MB (58% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:51:17, on 03.08.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal
 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

D:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\RtHDVCpl.exe

D:\Program Files\Java\jre6\bin\jusched.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

D:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Trillian\trillian.exe

D:\Program Files\Avira\AntiVir Desktop\avguard.exe

D:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe

D:\Program Files\Hotspot Shield\bin\openvpnas.exe

D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\PnkBstrB.exe

C:\Windows\system32\svchost.exe

D:\Program Files\Spyware Doctor\pctsAuxs.exe

D:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

D:\Program Files\Spyware Doctor\pctsTray.exe

D:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Windows\system32\svchost.exe

D:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe

D:\Program Files\SUPERAntiSpyware\f8156a32-6b6c-4c1a-9bed-fa9f7323779a.exe

D:\Program Files\Microsoft Office\Office12\POWERPNT.EXE

C:\Users\blaxXxun\Documents\Downloads\RSIT.exe

C:\Windows\system32\wbem\wmiprvse.exe

D:\Program Files\Trend Micro\HijackThis\blaxXxun.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Google Update] "C:\Users\blaxXxun\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe

O13 - Gopher Prefix: 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\wmpnetwk.exe (file missing)
 

--

End of file - 10244 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\1-Klick-Wartung.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010233468-2457039331-4255296512-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010233468-2457039331-4255296512-1000UA.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - D:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-12 652784]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

Hotspot Shield Class - D:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-07-18 218160]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-12-14 159744]

"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2009-01-20 3563520]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-04 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-04 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-04 133656]

"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]

"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-04 4907008]

"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304]

"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

"GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"LogitechQuickCamRibbon"=D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]

"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

"Google Update"=C:\Users\blaxXxun\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

D:\Program Files\Logitech\QuickCam\Quickcam.exe /hide []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

D:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]

D:\Program Files\Voipwise.com\Voipwise\voipwise.exe -nosplash -minimized []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]

C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe  []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]

C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-08-22 6144]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^blaxXxun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

D:\PROGRA~1\MICROS~1\Office12\ONENOTEM.EXE [2008-10-25 98696]
 

C:\Users\blaxXxun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Trillian.lnk - D:\Program Files\Trillian\trillian.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-02-04 200704]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83eb7b62-d89e-11dc-9d32-001c23525248}]

shell\AutoRun\command - G:\START.EXE readme.HTM
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab720ed-09a3-11de-8351-c8cffa6774c7}]

shell\AutoRun\command - J:\LaunchU3.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d969cf86-6fb0-11dd-b94d-9395323aa5ad}]

shell\AutoRun\command - I:\Setup.EXE

blaxXxun

03.08.2009 16:58

Fortsetzung RSIT:

Code:

======File associations======
 

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.js - edit - 

.js - open - 

.txt - open - 
 

======List of files/folders created in the last 1 months======
 

2009-08-03 17:50:51 ----D---- C:\rsit

2009-08-02 17:18:12 ----D---- D:\Program Files\QuickTime

2009-08-02 17:18:12 ----D---- C:\ProgramData\Apple Computer

2009-08-02 17:16:22 ----D---- D:\Program Files\Apple Software Update

2009-08-02 17:16:22 ----D---- C:\ProgramData\Apple

2009-07-29 10:36:46 ----A---- C:\Windows\system32\mshtml.dll

2009-07-29 10:36:45 ----A---- C:\Windows\system32\wininet.dll

2009-07-29 10:36:45 ----A---- C:\Windows\system32\urlmon.dll

2009-07-29 10:36:45 ----A---- C:\Windows\system32\iertutil.dll

2009-07-29 10:36:45 ----A---- C:\Windows\system32\ieframe.dll

2009-07-29 10:36:44 ----A---- C:\Windows\system32\occache.dll

2009-07-29 10:36:44 ----A---- C:\Windows\system32\msfeeds.dll

2009-07-29 10:36:44 ----A---- C:\Windows\system32\iedkcs32.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\msfeedssync.exe

2009-07-29 10:36:43 ----A---- C:\Windows\system32\msfeedsbs.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\jsproxy.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\ieUnatt.exe

2009-07-29 10:36:43 ----A---- C:\Windows\system32\ieui.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\iesysprep.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\iesetup.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\iernonce.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\iepeers.dll

2009-07-29 10:36:43 ----A---- C:\Windows\system32\ie4uinit.exe

2009-07-25 19:36:25 ----D---- D:\Program Files\Trend Micro

2009-07-18 13:43:35 ----D---- C:\Hotspot Shield

2009-07-18 13:43:13 ----D---- D:\Program Files\Hotspot Shield

2009-07-17 21:08:32 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2009-07-17 21:08:18 ----D---- D:\Program Files\SUPERAntiSpyware

2009-07-17 21:08:18 ----D---- C:\Users\blaxXxun\AppData\Roaming\SUPERAntiSpyware.com

2009-07-15 22:48:34 ----D---- D:\Program Files\ICQ6.5

2009-07-15 15:16:18 ----A---- C:\Windows\system32\t2embed.dll

2009-07-15 15:16:18 ----A---- C:\Windows\system32\fontsub.dll

2009-07-15 15:16:18 ----A---- C:\Windows\system32\dciman32.dll

2009-07-15 15:16:18 ----A---- C:\Windows\system32\atmfd.dll

2009-07-10 19:32:10 ----D---- C:\Users\blaxXxun\AppData\Roaming\Malwarebytes

2009-07-10 19:32:01 ----D---- D:\Program Files\Malwarebytes' Anti-Malware

2009-07-10 19:32:01 ----D---- C:\ProgramData\Malwarebytes
 

======List of files/folders modified in the last 1 months======
 

2009-08-03 17:50:41 ----D---- C:\Windows\temp

2009-08-03 14:15:30 ----AD---- C:\ProgramData\TEMP

2009-08-03 14:06:15 ----D---- C:\Windows\System32

2009-08-03 14:06:15 ----D---- C:\Windows\inf

2009-08-03 14:06:15 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-08-03 14:00:21 ----D---- C:\Windows\system32\drivers

2009-08-03 12:37:28 ----D---- C:\Users\blaxXxun\AppData\Roaming\EndNote

2009-08-03 04:10:25 ----D---- D:\Program Files\Spyware Doctor

2009-08-03 02:24:09 ----A---- C:\Windows\ntbtlog.txt

2009-08-02 17:31:54 ----D---- D:\Program Files\Mozilla Firefox

2009-08-02 17:22:38 ----SHD---- C:\Windows\Installer

2009-08-02 17:22:17 ----SHD---- C:\System Volume Information

2009-08-02 17:21:35 ----D---- D:\Program Files\Winamp

2009-08-02 17:21:22 ----D---- C:\Windows\Prefetch

2009-08-02 17:20:56 ----D---- C:\Users\blaxXxun\AppData\Roaming\Winamp

2009-08-02 17:18:12 ----HD---- C:\ProgramData

2009-08-02 17:16:25 ----D---- C:\Windows\system32\Tasks

2009-08-01 10:46:42 ----D---- D:\Program Files\Microsoft Silverlight

2009-08-01 01:29:19 ----D---- C:\Users\blaxXxun\AppData\Roaming\Skype

2009-08-01 00:08:55 ----D---- C:\Users\blaxXxun\AppData\Roaming\skypePM

2009-07-30 02:05:06 ----D---- C:\Windows\system32\migration

2009-07-30 02:05:05 ----D---- D:\Program Files\Internet Explorer

2009-07-30 01:40:57 ----D---- C:\Windows\winsxs

2009-07-30 01:39:47 ----D---- D:\Program Files\Trillian

2009-07-29 17:41:23 ----D---- C:\Windows\Minidump

2009-07-29 17:41:04 ----D---- C:\Windows

2009-07-29 10:36:00 ----D---- C:\Windows\system32\catroot2

2009-07-29 10:36:00 ----D---- C:\Windows\system32\catroot

2009-07-17 21:06:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-07-17 20:47:12 ----D---- C:\Windows\system32\config

2009-07-15 22:49:19 ----D---- D:\Program Files\ICQ6

2009-07-15 19:32:11 ----D---- C:\Program Files\Common Files\LogiShrd

2009-07-15 19:31:57 ----D---- D:\Program Files\Logitech

2009-07-15 19:27:59 ----D---- C:\ProgramData\Microsoft Help

2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]

R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]

R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]

R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2008-04-17 306299]

R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2009-01-20 18424]

R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-06-02 1207288]

R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]

R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328]

R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-06-01 33840]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-04 2016256]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-04 2054872]

R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624]

R3 LVRS;Logicool RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 264856]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752]

R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-02-14 48472]

R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-14 43480]

R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2009-04-30 13336]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2686872]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 106496]

R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688]

R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]

R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

S1 OMCI;OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS []

S3 aid89bee;aid89bee; C:\Windows\system32\drivers\aid89bee.sys []

S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-14 155136]

S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2008-02-06 95384]

S3 LVUVC;QuickCam for Notebooks Pro(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2008-02-06 4658456]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872]

S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]

S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-21 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; D:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 HotspotShieldService;Hotspot Shield Service; D:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-01 94256]

R2 HssSrv;Hotspot Shield Routing Service; D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-06-01 331312]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136]

R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2008-02-14 65536]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-03-12 75064]

R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-03-12 189784]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

R2 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]

R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2009-01-20 24064]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-22 655624]

S3 getPlus(R) Helper;getPlus(R) Helper; D:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

S3 HssTrayService;Hotspot Shield Tray Service; D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-06-01 34352]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-28 361728]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]

S4 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-02-04 77824]

S4 CVPND;Cisco Systems, Inc. VPN Service; D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608]

S4 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 168432]

S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]

S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
 

-----------------EOF-----------------

blaxXxun

03.08.2009 17:00

Code:

info.txt logfile of random's system information tool 1.06 2009-08-03 17:51:21
 

======Uninstall list======
 

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->D:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}

Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}

Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}

Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}

Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}

Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}

Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}

Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}

Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}

Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}

Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}

Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}

Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}

Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}

Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}

Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}

Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}

Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1

Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}

Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}

Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}

Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}

Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}

Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}

Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}

Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}

Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}

AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}

AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Aspell 0.6 Dictionary (Language: de)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-de.exe"

Aspell 0.6 Dictionary (Language: en)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-en.exe"

Aspell 0.6 Dictionary (Language: pt_BR)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-pt_BR.exe"

Aspell Data-->"C:\ProgramData\Aspell\Uninstall-AspellData.exe"

Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->D:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409

Call of Duty(R) 4 - Modern Warfare(TM)-->D:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407

CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Cisco EAP-FAST Module-->MsiExec.exe /I{6D3963B0-E13B-4FC3-B0FF-506A304BB043}

Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}

Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}

Cisco Systems VPN Client 5.0.03.0530-->MsiExec.exe /X{4C271126-C295-4828-A901-5910AE0C258B}

Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}

Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}

Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE

Dienstprogramm für Dell Wireless WLAN Karte-->"D:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="D:\Program Files\Dell\Dell Wireless WLAN Card"

DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->D:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

EndNote X2-->MsiExec.exe /I{002B1E90-3241-4D45-8831-E89020F8E7E6}

EPSON Scan-->D:\Program Files\epson\escndv\setup\setup.exe /r

EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\Setup.exe" -l0x7 

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Updater-->"D:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotspot Shield 1.17-->D:\Program Files\Hotspot Shield\Uninstall.exe

ICQ6.5-->"D:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE

Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Codec Pack 4.6.2 (Full)-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"

kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}

Logitech QuickCam-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress

Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC}

LyX 1.5.6-1-->"D:\Program Files\LyX15\Uninstall-LyX.exe"

Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}

Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}

Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0407-0000-0000000FF1CE}

Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}

Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}

Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}

Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}

Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

MiKTeX 2.7-->"D:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "D:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"

Mozilla Firefox (3.5.1)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 8 Trial-->MsiExec.exe /X{8410B358-107A-4FB7-AB2B-6FD952F15A8F}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Notepad++-->D:\Program Files\Notepad++\uninstall.exe

O2Micro Flash Memory Card Reader Driver (x86)-->MsiExec.exe /X{372B31CF-77FB-4E29-860C-A0EA2985AB7F}

Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}

Panda ActiveScan 2.0-->D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

Paragon Partition Manager 9.0 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x9 

PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}

Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}

Photosynth 2.0.1519.16-->MsiExec.exe /X{366E24C6-9097-4F63-BF42-3F3EF356A960}

Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}

PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u

Quake Live Mozilla Plugin-->MsiExec.exe /I{DE08F927-6261-4A43-8D50-FCFDB3EFAC6D}

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7  -removeonly

Reference Manager 11.0.1-->MsiExec.exe /I{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

SPORE™-->"D:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly

Spyware Doctor 6.0-->D:\Program Files\Spyware Doctor\unins000.exe /LOG

Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Synaptics Pointing Device Driver-->rundll32.exe "D:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TeamSpeak 2 RC2-->"D:\Program Files\Teamspeak2_RC2\unins000.exe"

TeXnicCenter Version 1 Beta 7.50-->"D:\Program Files\TeXnicCenter\unins000.exe"

Trillian-->D:\Program Files\Trillian\trillian.exe /uninstall

TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

TweakVI-->"C:\Windows\TweakVI\uninstall.exe" "/U:D:\Program Files\TweakVI\Uninstall\uninstall.xml"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}

Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {40EDB4D3-A95E-413F-9578-F2E01A3D209B}

Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}

Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}

Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}

Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VLC media player 0.9.9-->D:\Program Files\VideoLAN\VLC\uninstall.exe

Winamp-->"D:\Program Files\Winamp\UninstWA.exe"

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}

Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->D:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}

Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}

Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}

Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}

Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Mobile-Gerätecenter: Treiberupdate-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}

Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

WinRAR-->D:\Program Files\WinRAR\uninstall.exe

XnView 1.94.2-->"D:\Program Files\XnView\unins000.exe"

Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

blaxXxun

03.08.2009 17:07

Code:

======Hosts File======
 

127.0.0.1        www.007guard.com

127.0.0.1        007guard.com

127.0.0.1        008i.com

127.0.0.1        www.008k.com

127.0.0.1        008k.com

127.0.0.1        www.00hq.com

127.0.0.1        00hq.com

127.0.0.1        010402.com

127.0.0.1        www.032439.com

127.0.0.1        032439.com
 

======Security center information======
 

AS: Spybot - Search and Destroy (disabled) (outdated)

AS: Windows Defender

AS: SUPERAntiSpyware
 

======System event log======
 

Computer Name: blaxXxun-lt

Event Code: 7036

Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".

Record Number: 97221

Source Name: Service Control Manager

Time Written: 20090803122006.000000-000

Event Type: Informationen

User: 
 

Computer Name: blaxXxun-lt

Event Code: 7036

Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".

Record Number: 97222

Source Name: Service Control Manager

Time Written: 20090803133142.000000-000

Event Type: Informationen

User: 
 

Computer Name: blaxXxun-lt

Event Code: 7036

Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".

Record Number: 97223

Source Name: Service Control Manager

Time Written: 20090803134812.000000-000

Event Type: Informationen

User: 
 

Computer Name: blaxXxun-lt

Event Code: 7036

Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".

Record Number: 97224

Source Name: Service Control Manager

Time Written: 20090803145457.000000-000

Event Type: Informationen

User: 
 

Computer Name: blaxXxun-lt

Event Code: 7036

Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".

Record Number: 97225

Source Name: Service Control Manager

Time Written: 20090803151127.000000-000

Event Type: Informationen

User: 
 

=====Application event log=====
 

Computer Name: blaxXxun-lt

Event Code: 1

Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 20330

Source Name: SecurityCenter

Time Written: 20090803120038.000000-000

Event Type: Informationen

User: 
 

Computer Name: blaxXxun-lt

Event Code: 1

Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.

Record Number: 20331

Source Name: Microsoft-Windows-CertificateServicesClient

Time Written: 20090803120059.055351-000

Event Type: Informationen

User: blaxXxun-lt\blaxXxun
 

Computer Name: blaxXxun-lt

Event Code: 1

Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.

Record Number: 20332

Source Name: Microsoft-Windows-CertificateServicesClient

Time Written: 20090803120108.397351-000

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: blaxXxun-lt

Event Code: 1001

Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".

Record Number: 20333

Source Name: Microsoft-Windows-LoadPerf

Time Written: 20090803120615.000000-000

Event Type: Informationen

User: 
 

Computer Name: blaxXxun-lt

Event Code: 1000

Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.

Record Number: 20334

Source Name: Microsoft-Windows-LoadPerf

Time Written: 20090803120615.000000-000

Event Type: Informationen

User: 
 

=====Security event log=====
 

Computer Name: blaxXxun-lt

Event Code: 5038

Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
 

Dateiname:        \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys        

Record Number: 29909

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090803155115.706351-000

Event Type: Überwachung gescheitert

User: 
 

Computer Name: blaxXxun-lt

Event Code: 5038

Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
 

Dateiname:        \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys        

Record Number: 29910

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090803155115.740351-000

Event Type: Überwachung gescheitert

User: 
 

Computer Name: blaxXxun-lt

Event Code: 5038

Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
 

Dateiname:        \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys        

Record Number: 29911

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090803155115.775351-000

Event Type: Überwachung gescheitert

User: 
 

Computer Name: blaxXxun-lt

Event Code: 5038

Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
 

Dateiname:        \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys        

Record Number: 29912

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090803155115.808351-000

Event Type: Überwachung gescheitert

User: 
 

Computer Name: blaxXxun-lt

Event Code: 5038

Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
 

Dateiname:        \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys        

Record Number: 29913

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090803155115.843351-000

Event Type: Überwachung gescheitert

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\MiKTeX 2.7\miktex\bin;D:\Program Files\QuickTime\QTSystem;D:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip
 

-----------------EOF-----------------

blaxXxun

03.08.2009 17:18

vielleicht reicht das ja an info für den anfang, sagt bescheid wenn ich noch was tun kann.

ps: ich hab auch eine ubuntu partition, bringt es was von da aus zu scannen da mir unter vista die scans ja immer abschmieren bzw. nichts finden?

blaxXxun

05.08.2009 09:45

mittlerweile wird es echt unangenehm da sich der laptop teilweise auch einfach so ohne virenscan aufhängt, genauer gesagt der explorer nach ner Zeit nicht mehr reagiert und auch nicht über den Taskmanager neuzustarten ist...(Strg+Alt+Entf tut sich nichts)

wäre also sehr dankbar wenn mir vielleicht schonmal jemand sagen könnte was ich noch tun kann um euch bei der arbeit zu helfen....

mfg blaxXxun

blaxXxun

06.08.2009 09:17

hier mal der GMER log... und das sind jetzt alles rootkits?:dummguck:

Code:

GMER 1.0.15.15011 [6vi52lsr.exe] - http://www.gmer.net

Rootkit scan 2009-08-06 09:50:53

Windows 6.0.6001 Service Pack 1
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                         ZwCreateProcess [0x82F0A282]

SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                         ZwCreateProcessEx [0x82F0A474]

SSDT            8D1C0834                                                                                                             ZwCreateThread

SSDT            8D1C0820                                                                                                             ZwOpenProcess

SSDT            8D1C0825                                                                                                             ZwOpenThread

SSDT            8D1C082F                                                                                                             ZwTerminateProcess

SSDT            \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                         ZwCreateUserProcess [0x82F0A67C]
 

INT 0x52        ?                                                                                                                    86D90F00

INT 0x72        ?                                                                                                                    85578BF8

INT 0x72        ?                                                                                                                    85578BF8

INT 0x72        ?                                                                                                                    85578BF8

INT 0x72        ?                                                                                                                    86D90F00

INT 0x72        ?                                                                                                                    86D90F00

INT 0x72        ?                                                                                                                    85578BF8

INT 0x82        ?                                                                                                                    85578BF8

INT 0x92        ?                                                                                                                    85578BF8

INT 0xB2        ?                                                                                                                    86D90F00

INT 0xB2        ?                                                                                                                    86D90F00

INT 0xB3        ?                                                                                                                    86D90F00
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetTimerEx + 43C                                                                                      828B8A00 3 Bytes  [82, A2, F0]

.text           ntkrnlpa.exe!KeSetTimerEx + 440                                                                                      828B8A04 3 Bytes  [74, A4, F0]

.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                      828B8A18 4 Bytes  [34, 08, 1C, 8D] {XOR AL, 0x8; SBB AL, 0x8d}

.text           ntkrnlpa.exe!KeSetTimerEx + 624                                                                                      828B8BE8 4 Bytes  [20, 08, 1C, 8D] {AND [EAX], CL; SBB AL, 0x8d}

.text           ntkrnlpa.exe!KeSetTimerEx + 640                                                                                      828B8C04 4 Bytes  [25, 08, 1C, 8D]

.text           ...                                                                                                                  

?               System32\Drivers\spzc.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !

PAGE            ataport.SYS!DllUnload                                                                                                82EAAB2E 5 Bytes  JMP 855781D8 

.text           USBPORT.SYS!DllUnload                                                                                                8EF4246F 5 Bytes  JMP 86D904E0 

.text           anlmrebd.SYS                                                                                                         8EF72000 22 Bytes  [26, 02, BC, 82, 10, 01, BC, ...]

.text           anlmrebd.SYS                                                                                                         8EF72017 103 Bytes  [00, 32, C7, 79, 80, 3D, C5, ...]

.text           anlmrebd.SYS                                                                                                         8EF7207F 41 Bytes  [82, A2, DA, 80, 82, EB, DB, ...]

.text           anlmrebd.SYS                                                                                                         8EF720A9 35 Bytes  [30, 85, 82, A0, 27, 85, 82, ...]

.text           anlmrebd.SYS                                                                                                         8EF720CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6A, ...]

.text           ...                                                                                                                  

PAGE            spsys.sys!?SPVersion@@3PADA + 1A67                                                                                   98D7703F 240 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]

PAGE            spsys.sys!?SPVersion@@3PADA + 1B58                                                                                   98D77130 6 Bytes  [0E, 83, 78, 14, 01, 75]

PAGE            spsys.sys!?SPVersion@@3PADA + 1B5F                                                                                   98D77137 2214 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]

PAGE            spsys.sys!?SPVersion@@3PADA + 2406                                                                                   98D779DE 47 Bytes  [04, BB, A8, 01, 00, 00, 8D, ...]

PAGE            spsys.sys!?SPVersion@@3PADA + 2436                                                                                   98D77A0E 44 Bytes  [05, 00, 00, 39, 54, 8D, D0, ...]

PAGE            ...                                                                                                                  

?               C:\Windows\system32\Drivers\mchInjDrv.sys                                                                            Das System kann die angegebene Datei nicht finden. !
 

---- User code sections - GMER 1.0.15 ----
 

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtClose                                             77B57F48 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtClose + 4                                         77B57F4C 2 Bytes  [35, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateFile                                        77B58008 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateFile + 4                                    77B5800C 2 Bytes  [17, 5F] {POP SS; POP EDI}

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateKey                                         77B58048 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateKey + 4                                     77B5804C 2 Bytes  [05, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcess                                     77B580C8 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcess + 4                                 77B580CC 2 Bytes  [29, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcessEx                                   77B580D8 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcessEx + 4                               77B580DC 2 Bytes  [2C, 5F] {SUB AL, 0x5f}

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateSection                                     77B580F8 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateSection + 4                                 77B580FC 2 Bytes  [23, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteKey                                         77B583F8 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteKey + 4                                     77B583FC 2 Bytes  [0B, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteValueKey                                    77B58428 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteValueKey + 4                                77B5842C 2 Bytes  [11, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtRenameKey                                         77B58CF8 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtRenameKey + 4                                     77B58CFC 2 Bytes  [14, 5F] {ADC AL, 0x5f}

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetInformationFile                                77B58F18 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetInformationFile + 4                            77B58F1C 2 Bytes  [20, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetValueKey                                       77B59088 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetValueKey + 4                                   77B5908C 2 Bytes  [0E, 5F] {PUSH CS; POP EDI}

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtTerminateProcess                                  77B59128 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtTerminateProcess + 4                              77B5912C 2 Bytes  [2F, 5F] {DAS ; POP EDI}

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFile                                         77B59278 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFile + 4                                     77B5927C 2 Bytes  [1A, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFileGather                                   77B59288 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFileGather + 4                               77B5928C 2 Bytes  [1D, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteVirtualMemory                                77B592A8 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteVirtualMemory + 4                            77B592AC 2 Bytes  [32, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateUserProcess                                 77B59438 3 Bytes  [FF, 25, 1E]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateUserProcess + 4                             77B5943C 2 Bytes  [26, 5F]

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] kernel32.dll!LoadLibraryExW                                   76D330C3 6 Bytes  JMP 5F070F5A 

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] USER32.dll!SetWindowsHookExW                                  77C97B69 6 Bytes  JMP 5F3B0F5A 

.text           D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] USER32.dll!SetWindowsHookExA                                  77CBBB0E 6 Bytes  JMP 5F370F5A 
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                            [806936D2] \SystemRoot\System32\Drivers\spzc.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                             [80693040] \SystemRoot\System32\Drivers\spzc.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                     [806937FC] \SystemRoot\System32\Drivers\spzc.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                            [806930BE] \SystemRoot\System32\Drivers\spzc.sys

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                      [8069313C] \SystemRoot\System32\Drivers\spzc.sys

IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                   [806A3048] \SystemRoot\System32\Drivers\spzc.sys

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortNotification]                                           CC000CC2

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortWritePortUchar]                                         83EC8B55

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortWritePortUlong]                                         575320EC

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                     458DFF33

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                          8D5750FC

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                   5750F845

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReadPortUchar]                                          8957046A

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortStallExecution]                                         75E8FC7D

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetParentBusType]                                       BB0001E8

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortRequestCallback]                                        000000EA

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                  850FC33B

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                   0000012B

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortCompleteRequest]                                        0FFC7D39

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortMoveMemory]                                             00012284

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                              458D5600

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                 106A50F4

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                   38335668

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReadPortUshort]                                         FC75FF36

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                   D1E85757

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortInitialize]                                             8B0001E7

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetDeviceBase]                                          1BDEF7F0

IAT             \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortDeviceStateChange]                                      23D6F7F6
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                [74A17BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                 [74A598C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                             [74A1D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                       [74A0F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                 [74A17599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                              [74A0E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                  [74A4B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                     [74A1D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                             [74A1012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                              [74A10095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                               [74A071F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                       [74A9D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                          [74A375E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                             [74A0DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                       [74A0668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                      [74A066BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                         [74A11E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

blaxXxun

06.08.2009 09:19

Code:

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                               85F1A1F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{AFB5F73C-64CF-475A-84A1-17C3F30B0D47}                                             879C71F8
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

Device          \Driver\volmgr \Device\VolMgrControl                                                                                 8557A1F8

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                     86DD51F8

Device          \Driver\sptd \Device\2429122321                                                                                      spzc.sys

Device          \Driver\usbuhci \Device\USBPDO-1                                                                                     86DD51F8

Device          \Driver\usbehci \Device\USBPDO-2                                                                                     86DBD1F8

Device          \Driver\usbuhci \Device\USBPDO-3                                                                                     86DD51F8

Device          \Driver\usbuhci \Device\USBPDO-4                                                                                     86DD51F8

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                     86DD51F8

Device          \Driver\usbehci \Device\USBPDO-6                                                                                     86DBD1F8

Device          \Driver\volmgr \Device\HarddiskVolume1                                                                               8557A1F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                               hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
 

Device          \Driver\cdrom \Device\CdRom0                                                                                         85FB41F8

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                               8557A1F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                               hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
 

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                          85F181F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                   85F181F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                                                                          85F181F8

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                   85F181F8

Device          \Driver\atapi \Device\Ide\IdePort2                                                                                   85F181F8

Device          \Driver\atapi \Device\Ide\IdePort3                                                                                   85F181F8

Device          \Driver\atapi \Device\Ide\IdePort4                                                                                   85F181F8

Device          \Driver\msahci \Device\Ide\PciIde1Channel0                                                                           85F191F8

Device          \Driver\msahci \Device\Ide\PciIde1Channel1                                                                           85F191F8

Device          \Driver\msahci \Device\Ide\PciIde1Channel2                                                                           85F191F8

Device          \Driver\cdrom \Device\CdRom1                                                                                         85FB41F8

Device          \Driver\volmgr \Device\HarddiskVolume3                                                                               8557A1F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                               hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
 

Device          \Driver\volmgr \Device\HarddiskVolume4                                                                               8557A1F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                               hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
 

Device          \Driver\cdrom \Device\CdRom2                                                                                         85FB41F8

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                               8557A1F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                               hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
 

Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                              879C71F8

Device          \Driver\Smb \Device\NetbiosSmb                                                                                       879411F8

Device          \Driver\PCI_PNP8302 \Device\0000005b                                                                                 spzc.sys

Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                   86FA21F8

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     86DD51F8

Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     86DD51F8

Device          \Driver\usbehci \Device\USBFDO-2                                                                                     86DBD1F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{CB88C92F-6B53-4A1C-A3C5-A4CFEFF52079}                                             879C71F8

Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     86DD51F8

Device          \Driver\usbuhci \Device\USBFDO-4                                                                                     86DD51F8

Device          \Driver\usbuhci \Device\USBFDO-5                                                                                     86DD51F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{6AC0CBAA-35DD-4CF0-B0BD-95D54B6B0D54}                                             879C71F8

Device          \Driver\usbehci \Device\USBFDO-6                                                                                     86DBD1F8

Device          \Driver\anlmrebd \Device\Scsi\anlmrebd1Port8Path0Target1Lun0                                                         86F0B1F8

Device          \Driver\anlmrebd \Device\Scsi\anlmrebd1                                                                              86F0B1F8

Device          \Driver\anlmrebd \Device\Scsi\anlmrebd1Port8Path0Target0Lun0                                                         86F0B1F8

Device          \FileSystem\cdfs \Cdfs                                                                                               890A81F8
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                   771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                   285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                   1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

blaxXxun

06.08.2009 09:23

Code:

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x6D 0xE9 0x4A 0x0F ...

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      D:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xF1 0x02 0x0E 0xD4 ...

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x3C 0xC3 0xE5 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0x70 0x39 0x49 0x3B ...
 

---- Disk sectors - GMER 1.0.15 ----
 

Disk            \Device\Harddisk0\DR0                                                                                                sector 62: copy of MBR
 

---- EOF - GMER 1.0.15 ----

blaxXxun

06.08.2009 09:38

das sagt mbr

Code:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
 

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK 

copy of MBR has been found in sector 62 !

Alle Zeitangaben in WEZ +1. Es ist jetzt 21:55 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131