Trojaner-Board - Malwarebytes-Anti-Malware hat was gefunden bitte um Hilfe

Seite 3 von 6

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Malwarebytes-Anti-Malware hat was gefunden bitte um Hilfe (https://www.trojaner-board.de/78458-malwarebytes-anti-malware-hat-gefunden-bitte-um-hilfe.html)

Ayse	17.10.2009 20:44

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2009/10/17 21:30

Program Version:                Version 1.3.5.0

Windows Version:                Windows XP SP3

==================================================
 

Drivers

-------------------

Name: 00000064

Image Path: \Driver\00000064

Address: 0x00000000        Size: 0        File Visible: No        Signed: -

Status: -
 

Name: ajxp3471.SYS

Image Path: C:\WINDOWS\System32\Drivers\ajxp3471.SYS

Address: 0xF74BA000        Size: 303104        File Visible: No        Signed: -

Status: -
 

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xEEBD5000        Size: 98304        File Visible: No        Signed: -

Status: -
 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF8BF7000        Size: 8192        File Visible: No        Signed: -

Status: -
 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEECBE000        Size: 49152        File Visible: No        Signed: -

Status: -
 

Hidden/Locked Files

-------------------

Path: C:\Dokumente und Einstellungen\Mumi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\ayse011@hotmail.de\SharingMetadata\kadir-conny@freenet.de\DFSR\Staging\CS{8B807E49-E3E0-BF2C-8214-077E16A0DD50}\02\1064-{~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.
 

SSDT

-------------------

#: 041        Function Name: NtCreateKey

Status: Hooked by "<unknown>" at address 0xf8d4322e
 

#: 053        Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0xf8d43224
 

#: 063        Function Name: NtDeleteKey

Status: Hooked by "<unknown>" at address 0xf8d43233
 

#: 065        Function Name: NtDeleteValueKey

Status: Hooked by "<unknown>" at address 0xf8d4323d
 

#: 071        Function Name: NtEnumerateKey

Status: Hooked by "sptd.sys" at address 0xf85c384e
 

#: 073        Function Name: NtEnumerateValueKey

Status: Hooked by "sptd.sys" at address 0xf85c3bee
 

#: 098        Function Name: NtLoadKey

Status: Hooked by "<unknown>" at address 0xf8d43242
 

#: 119        Function Name: NtOpenKey

Status: Hooked by "sptd.sys" at address 0xf85be090
 

#: 122        Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0xf8d43210
 

#: 128        Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0xf8d43215
 

#: 160        Function Name: NtQueryKey

Status: Hooked by "sptd.sys" at address 0xf85c3cc6
 

#: 177        Function Name: NtQueryValueKey

Status: Hooked by "sptd.sys" at address 0xf85c3b46
 

#: 193        Function Name: NtReplaceKey

Status: Hooked by "<unknown>" at address 0xf8d4324c
 

#: 204        Function Name: NtRestoreKey

Status: Hooked by "<unknown>" at address 0xf8d43247
 

#: 247        Function Name: NtSetValueKey

Status: Hooked by "<unknown>" at address 0xf8d43238
 

#: 257        Function Name: NtTerminateProcess

Status: Hooked by "C:\Programme\SUPERAntiSpyware\SASKUTIL.sys" at address 0xeee080b0
 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System        Address: 0x833d41d8        Size: 405
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]

Process: System        Address: 0x8304b400        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System        Address: 0x8314c1d8        Size: 463
 

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_CREATE]

Process: System        Address: 0x83141318        Size: 463
 

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_CLOSE]

Process: System        Address: 0x83141318        Size: 463
 

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x83141318        Size: 463
 

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x83141318        Size: 463
 

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_POWER]

Process: System        Address: 0x83141318        Size: 463
 

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x83141318        Size: 463
 

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_PNP]

Process: System        Address: 0x83141318        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]

Process: System        Address: 0x82b31558        Size: 463
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System        Address: 0x831fe980        Size: 463
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System        Address: 0x831fe980        Size: 463
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x831fe980        Size: 463
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x831fe980        Size: 463
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System        Address: 0x831fe980        Size: 463
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x831fe980        Size: 463
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System        Address: 0x831fe980        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System        Address: 0x8334f1d8        Size: 463
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System        Address: 0x82dd11d8        Size: 463
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System        Address: 0x82dd11d8        Size: 463
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x82dd11d8        Size: 463
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x82dd11d8        Size: 463
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System        Address: 0x82dd11d8        Size: 463
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System        Address: 0x82dd11d8        Size: 463
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System        Address: 0x831a8610        Size: 463
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System        Address: 0x831a8610        Size: 463
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x831a8610        Size: 463
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x831a8610        Size: 463
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System        Address: 0x831a8610        Size: 463
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x831a8610        Size: 463
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System        Address: 0x831a8610        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System        Address: 0x82c021d8        Size: 463
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CREATE]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLOSE]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_READ]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_INFORMATION]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SET_INFORMATION]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DIRECTORY_CONTROL]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DEVICE_CONTROL]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SHUTDOWN]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_LOCK_CONTROL]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLEANUP]

Process: System        Address: 0x8305a300        Size: 405
 

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_PNP]

Process: System        Address: 0x8305a300        Size: 405
 

==EOF==

Larusso

17.10.2009 20:57

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

@echo off

cd \

rd /s /q RSIT

del "%userprofile%\Eigene Dateien\Downloads\RSIT(4).exe"

del "%userprofile%\Desktop\rsit.bat

Speichere diese unter rsit.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die service.bat
Vista- User: Mit Rechtsklick "als Administrator starten" ausführen.

schritt 2

Lade Random's System Information Tool (RSIT) herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt

Ayse	17.10.2009 21:05

Code:

  info.txt logfile of random's system information tool 1.06 2009-10-17 22:02:50
 

======Uninstall list======
 

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

ALUpdate-->C:\Programme\ESTsoft\ALUpdate\unins000.exe

ALZip-->C:\Programme\ESTsoft\ALZip\unins000.exe

Apache USB PC Camera-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9 

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE

CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"

DivX MPEG-4 Codec 3.2.200 Beta-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf

DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN

EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"

GOM Player-->"C:\Programme\GRETECH\GomPlayer\Uninstall.exe"

Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

HP Extended Capabilities 5.3-->C:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Image Zone 5.3-->C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}

HP Imaging Device Functions 5.3-->C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP PSC & OfficeJet 5.3.B-->"C:\Programme\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat

HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}

Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0407-0000-0000000FF1CE}

Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}

Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}

Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}

Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}

Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Works-->MsiExec.exe /I{B26E3B0D-C2FA-4370-B068-7C476766F029}

Mozilla Firefox (3.5.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Nero 8 Trial-->MsiExec.exe /X{D6D5CB84-0E6E-4E69-B300-C690B6911031}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OpenMG Limited Patch 4.7-07-14-05-01-->C:\Programme\Gemeinsame Dateien\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 4.7.00-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL

PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}

PC-DTV Receiver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{679DE728-0B9D-43B3-8459-D7B81F130E7A}\setup.exe" -l0x7  -removeonly

PDF Manual NW-A800 Series-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}\setup.exe" -l0x7 UNINSTALL -removeonly

Real Alternative 1.7.5-->"C:\Programme\Real Alternative\unins000.exe"

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE

Secunia PSI-->"C:\Programme\Secunia\PSI\uninstall.exe"

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

SoftV92 Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

SSC Service Utility v4.20-->"C:\Programme\SSC Service Utility\unins000.exe"

Ayse	17.10.2009 21:06

Code:

  SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}

Update für Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"

Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Video Downloader-->C:\Programme\InstallShield Installation Information\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly

Viewpoint Media Player (Remove Only)-->C:\Programme\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

VLC media player 0.9.8a-->C:\Programme\VideoLAN\VLC\uninstall.exe

Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}

Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}

Windows Live Family Safety-->MsiExec.exe /X{994223F3-A99B-4DDD-9E1D-0190A17C6860}

Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}

Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}

Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}

Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}

Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
 

======Security center information======
 

AV: AntiVir Desktop
 

======System event log======
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 8033

Message: Der Suchdienst hat eine Wahl auf dem Netzwerk "\Device\NetBT_Tcpip_{697B8806-539E-4E53-9022-DFA6950FEB0D}" erzwungen, da der Hauptsuchdienst beendet wurde.
 

Record Number: 975110

Source Name: BROWSER

Time Written: 20091014005245.000000+120

Event Type: Informationen

User: 
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 4226

Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.
 

Record Number: 975109

Source Name: Tcpip

Time Written: 20091014004245.000000+120

Event Type: Warnung

User: 
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 7036

Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet".
 

Record Number: 975108

Source Name: Service Control Manager

Time Written: 20091014004130.000000+120

Event Type: Informationen

User: 
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 7036

Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgeführt".
 

Record Number: 975107

Source Name: Service Control Manager

Time Written: 20091014004030.000000+120

Event Type: Informationen

User: 
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 7035

Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Google Software Updater" gesendet.
 

Record Number: 975106

Source Name: Service Control Manager

Time Written: 20091014004030.000000+120

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

=====Application event log=====
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 11728

Message: Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Die Konfiguration wurde erfolgreich abgeschlossen.
 

Record Number: 43176

Source Name: MsiInstaller

Time Written: 20090512192223.000000+120

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 1022

Message: Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - Update "KB958481" wurde installiert.
 

Record Number: 43175

Source Name: MsiInstaller

Time Written: 20090512192223.000000+120

Event Type: Informationen

User: NT-AUTORITÄT\SYSTEM
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 1002

Message: Die Leistungsindikatoren für den Dienst .NETFramework (.NETFramework) befinden sich bereits in der

Registrierung. Neuinstallation nicht erforderlich.
 

Record Number: 43174

Source Name: LoadPerf

Time Written: 20090512192222.000000+120

Event Type: Informationen

User: 
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 1002

Message: Die Leistungsindikatoren für den Dienst .NET CLR Data (.NET CLR Data) befinden sich bereits in der

Registrierung. Neuinstallation nicht erforderlich.
 

Record Number: 43173

Source Name: LoadPerf

Time Written: 20090512192221.000000+120

Event Type: Informationen

User: 
 

Computer Name: MUMI-32E3D2E0C4

Event Code: 1002

Message: Die Leistungsindikatoren für den Dienst .NET CLR Networking (.NET CLR Networking) befinden sich bereits in der

Registrierung. Neuinstallation nicht erforderlich.
 

Record Number: 43172

Source Name: LoadPerf

Time Written: 20090512192221.000000+120

Event Type: Informationen

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Programme\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\Nero\Lib;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\ESTsoft\ALZip

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0403

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP
 

-----------------EOF-----------------

Ayse	17.10.2009 21:07

Code:

  Logfile of random's system information tool 1.06 (written by random/random)

Run by Mumi at 2009-10-17 22:02:28

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 161 GB (84%) free of 191 GB

Total RAM: 511 MB (25% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:02:46, on 17.10.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\VM_STI.EXE

C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\ALCWZRD.EXE

C:\Programme\Java\jre6\bin\jusched.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Windows Live\Messenger\msnmsgr.exe

C:\Programme\Messenger\msmsgs.exe

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programme\Secunia\PSI\psi.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Dokumente und Einstellungen\Mumi\Eigene Dateien\Downloads\RSIT(4).exe

C:\Programme\trend micro\Mumi.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.nick.de/cache.php?path=/game.html&aid=841"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johannesbrecht.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
 

--

End of file - 10434 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\1-Klick-Wartung.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-14 762864]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-11 458736]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]

"nwiz"=nwiz.exe /install []

"SW20"=C:\WINDOWS\system32\sw20.exe [2006-05-18 208896]

"SW24"=C:\WINDOWS\system32\sw24.exe [2006-05-17 69632]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]

"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-12-15 40960]

"NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]

"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-08-10 149280]

"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-09 39408]

"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

C:\Programme\Athan\Athan.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728]
 

C:\Dokumente und Einstellungen\Mumi\Startmenü\Programme\Autostart

AutorunsDisabled

Secunia PSI.lnk - C:\Programme\Secunia\PSI\psi.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-08-02 86016]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoRecentDocsNetHood"=1

"NoDriveAutoRun"=67108863

"NoDrives"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe:*:Disabled:Installationsprogramm für Kaspersky Internet Security 2009"

"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Ayse	17.10.2009 21:08

Code:

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76fc5040-7c18-11de-ac55-001d0fd78628}]

shell\AutoRun\command - J:\Launcher.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{819e6636-db1f-11dd-aabf-0013d4e6b562}]

shell\AutoRun\command - J:\LaunchU3.exe -a
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{989e3374-ccfc-11dd-aa9f-0013d4e6b562}]

shell\AutoRun\command - J:\LaunchU3.exe -a
 
 

======List of files/folders created in the last 1 months======
 

2009-10-17 22:02:28 ----D---- C:\rsit

2009-10-17 21:51:36 ----A---- C:\RootRepeal report 10-17-09 (21-51-36).txt

2009-10-17 21:35:59 ----A---- C:\RootRepeal report 10-17-09 (21-35-59).txt

2009-10-17 21:29:20 ----A---- C:\RootRepeal report 10-17-09 (21-29-20).txt

2009-10-16 15:03:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

2009-10-16 15:03:43 ----D---- C:\Programme\Malwarebytes' Anti-Malware

2009-10-16 15:03:43 ----D---- C:\Programme\CCleaner

2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Yahoo!

2009-10-16 10:31:51 ----D---- C:\Programme\SUPERAntiSpyware

2009-10-16 10:31:51 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\SUPERAntiSpyware.com

2009-10-15 19:08:03 ----D---- C:\WINDOWS\ie8updates

2009-10-15 19:03:20 ----HDC---- C:\WINDOWS\ie8

2009-10-14 21:50:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion

2009-10-14 20:09:46 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Malwarebytes

2009-10-14 16:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2009-10-14 16:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2009-10-14 16:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2009-10-14 16:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2009-10-14 16:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2009-10-14 16:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2009-10-14 16:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2009-10-14 16:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2009-10-14 16:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2009-10-11 19:57:08 ----D---- C:\Programme\Mozilla Firefox

2009-10-11 17:35:40 ----D---- C:\Programme\Microsoft Office Outlook Connector

2009-10-11 17:26:10 ----A---- C:\Programme\wlsetup-web.exe

2009-10-11 11:28:46 ----D---- C:\Programme\Lavalys

2009-10-11 11:28:08 ----A---- C:\Programme\everesthome220.exe

2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\Mp3cnfg.exe

2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\DivXc32.dll

2009-10-09 23:45:39 ----A---- C:\Programme\OOo_2.4.3_Win32Intel_install_de.exe

2009-10-09 23:40:50 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Google

2009-10-09 23:40:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google

2009-10-09 23:22:47 ----D---- C:\Programme\trend micro

2009-10-09 21:31:30 ----D---- C:\Programme\Avira

2009-10-09 21:31:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira

2009-09-26 22:51:42 ----A---- C:\WINDOWS\system32\unrar.dll
 

======List of files/folders modified in the last 1 months======
 

2009-10-17 21:46:23 ----D---- C:\WINDOWS\system32\drivers

2009-10-17 20:05:24 ----SHD---- C:\WINDOWS\Installer

2009-10-17 20:05:11 ----HD---- C:\Config.Msi

2009-10-17 20:05:09 ----RD---- C:\Programme

2009-10-17 19:52:31 ----D---- C:\WINDOWS\temp

2009-10-17 19:52:24 ----D---- C:\WINDOWS\system32\CatRoot2

2009-10-17 19:52:02 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt

2009-10-17 15:55:14 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-10-17 15:51:41 ----D---- C:\WINDOWS\system32

2009-10-17 13:01:48 ----D---- C:\WINDOWS\Prefetch

2009-10-17 09:38:01 ----D---- C:\WINDOWS\system32\FxsTmp

2009-10-16 16:30:29 ----D---- C:\WINDOWS

2009-10-16 15:14:11 ----HD---- C:\WINDOWS\inf

2009-10-16 15:14:06 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-10-16 15:13:26 ----HD---- C:\WINDOWS\$hf_mig$

2009-10-16 15:03:49 ----D---- C:\Spiele

2009-10-16 15:03:40 ----D---- C:\Programme\Internet Explorer

2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\AD ON Multimedia

2009-10-16 15:03:20 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\dvdcss

2009-10-16 15:02:20 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

2009-10-16 10:25:34 ----D---- C:\WINDOWS\system32\config

2009-10-16 10:25:06 ----D---- C:\WINDOWS\system32\wbem

2009-10-16 10:25:06 ----D---- C:\WINDOWS\Registration

2009-10-16 09:58:03 ----D---- C:\WINDOWS\Minidump

2009-10-16 08:15:27 ----D---- C:\WINDOWS\Debug

2009-10-15 19:11:29 ----D---- C:\WINDOWS\system32\de-de

2009-10-15 19:11:28 ----D---- C:\WINDOWS\Media

2009-10-15 19:11:28 ----D---- C:\WINDOWS\Help

2009-10-15 03:40:52 ----A---- C:\WINDOWS\NeroDigital.ini

2009-10-14 20:30:58 ----D---- C:\WINDOWS\Microsoft.NET

2009-10-14 20:30:42 ----RSD---- C:\WINDOWS\assembly

2009-10-14 16:20:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-14 16:19:35 ----D---- C:\WINDOWS\WinSxS

2009-10-14 16:15:06 ----D---- C:\WINDOWS\ie7updates

2009-10-14 16:14:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help

2009-10-12 23:00:41 ----D---- C:\Dokumente und Einstellungen

2009-10-12 22:55:36 ----D---- C:\VIDEO_OUTPUT

2009-10-11 17:41:15 ----D---- C:\Programme\DivX

2009-10-11 17:35:40 ----D---- C:\Programme\Gemeinsame Dateien\System

2009-10-11 17:34:28 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-10-11 17:33:52 ----D---- C:\Programme\Windows Live

2009-10-11 17:32:42 ----D---- C:\WINDOWS\system32\DirectX

2009-10-11 17:30:57 ----D---- C:\Programme\Microsoft

2009-10-11 17:20:33 ----D---- C:\WINDOWS\network diagnostic

2009-10-10 10:44:39 ----SD---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Microsoft

2009-10-10 01:30:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS

2009-10-10 01:30:55 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-10-10 01:27:18 ----D---- C:\WINDOWS\system32\Macromed

2009-10-10 01:17:43 ----RSD---- C:\WINDOWS\Fonts

2009-10-09 23:40:28 ----D---- C:\Programme\Google

2009-10-09 10:15:54 ----D---- C:\Mumi

2009-10-06 12:47:07 ----HD---- C:\Programme\InstallShield Installation Information

2009-10-06 12:47:07 ----D---- C:\Programme\Gemeinsame Dateien\Sony Shared

2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe

2009-09-26 23:06:19 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared

2009-09-26 23:01:21 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\DivX

2009-09-26 22:50:43 ----D---- C:\WINDOWS\system32\quicktime
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]

R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-02 1681920]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]

R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]

R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]

R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []

R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]

S3 ajxp3471;ajxp3471; C:\WINDOWS\system32\drivers\ajxp3471.sys []

S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]

S3 bdacap;PC-DTV Receiver; C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 217728]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []

S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-03 13352]

S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-08-03 21672]

S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []

S3 GLHIDKBFILTER;GLHIDKBFILTER; C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 11264]

S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]

S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]

S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]

S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]

S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]

S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]

S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-07-11 84096]

S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []

S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]

S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S3 ZSMC301b;Apache USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-12-01 93632]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-02 401408]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-08-10 153376]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]

S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Windows Live Family Safety-Dienst; C:\Programme\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-09 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 MSCSPTISRV;MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]

S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]

S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
 

-----------------EOF-----------------

Larusso

17.10.2009 22:35

Code:

C:\Dokumente und Einstellungen\Mumi\Eigene Dateien\Downloads\RSIT(4).exe

Die RSIT.exe muss auf sich auf dem Desktop befinden. das ist wichtig
bitte ändern.

ESET Online Scanner
- Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
- Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Finish drücken.
- Browser schließen.
- Explorer öffnen.
- C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
- Logfile hier posten.
- Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
- IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
- O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Ayse	18.10.2009 00:19

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6208

# api_version=3.0.2

# EOSSerial=afc271208689c24c92742aaa29ddf608

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-10-17 11:14:55

# local_time=2009-10-18 01:14:55 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 7805 7805 0 0

# compatibility_mode=1023 16777215 0 0 0 0 0 0

# compatibility_mode=1535 16777215 0 0 0 0 0 0

# compatibility_mode=2047 16777215 0 0 0 0 0 0

# compatibility_mode=3584 16777215 25 0 0 0 0 0

# compatibility_mode=4351 16777215 0 0 0 0 0 0

# compatibility_mode=5890 16777214 0 0 0 0 0 0

# compatibility_mode=8447 16777215 0 0 0 0 0 0

# scanned=66958

# found=0

# cleaned=0

# scan_time=3737

Ayse	18.10.2009 09:48

Code:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Mumi at 2009-10-18 10:47:58

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 160 GB (84%) free of 191 GB

Total RAM: 511 MB (57% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:48:04, on 18.10.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\VM_STI.EXE

C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\ALCWZRD.EXE

C:\Programme\Java\jre6\bin\jusched.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Windows Live\Messenger\msnmsgr.exe

C:\Programme\Messenger\msmsgs.exe

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programme\Secunia\PSI\psi.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Dokumente und Einstellungen\Mumi\Desktop\rsit.exe

C:\Dokumente und Einstellungen\Mumi\Eigene Dateien\Downloads\Mumi.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.nick.de/cache.php?path=/game.html&aid=841"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: AutorunsDisabled

O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johannesbrecht.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
 

--

End of file - 10587 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\1-Klick-Wartung.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-14 762864]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-11 458736]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]

"nwiz"=nwiz.exe /install []

"SW20"=C:\WINDOWS\system32\sw20.exe [2006-05-18 208896]

"SW24"=C:\WINDOWS\system32\sw24.exe [2006-05-17 69632]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]

"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-12-15 40960]

"NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]

"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-08-10 149280]

"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-09 39408]

"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]

C:\Programme\Athan\Athan.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728]
 

C:\Dokumente und Einstellungen\Mumi\Startmenü\Programme\Autostart

AutorunsDisabled

Secunia PSI.lnk - C:\Programme\Secunia\PSI\psi.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-08-02 86016]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoRecentDocsNetHood"=1

"NoDriveAutoRun"=67108863

"NoDrives"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe:*:Disabled:Installationsprogramm für Kaspersky Internet Security 2009"

"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"

"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Ayse	18.10.2009 09:49

Code:

   [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76fc5040-7c18-11de-ac55-001d0fd78628}]

shell\AutoRun\command - J:\Launcher.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{819e6636-db1f-11dd-aabf-0013d4e6b562}]

shell\AutoRun\command - J:\LaunchU3.exe -a
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{989e3374-ccfc-11dd-aa9f-0013d4e6b562}]

shell\AutoRun\command - J:\LaunchU3.exe -a
 
 

======List of files/folders created in the last 1 months======
 

2009-10-18 09:27:43 ----D---- C:\Programme\ESET

2009-10-18 01:47:49 ----D---- C:\rsit

2009-10-17 21:51:36 ----A---- C:\RootRepeal report 10-17-09 (21-51-36).txt

2009-10-17 21:35:59 ----A---- C:\RootRepeal report 10-17-09 (21-35-59).txt

2009-10-17 21:29:20 ----A---- C:\RootRepeal report 10-17-09 (21-29-20).txt

2009-10-16 15:03:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com

2009-10-16 15:03:43 ----D---- C:\Programme\Malwarebytes' Anti-Malware

2009-10-16 15:03:43 ----D---- C:\Programme\CCleaner

2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Yahoo!

2009-10-16 10:31:51 ----D---- C:\Programme\SUPERAntiSpyware

2009-10-16 10:31:51 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\SUPERAntiSpyware.com

2009-10-15 19:08:03 ----D---- C:\WINDOWS\ie8updates

2009-10-15 19:03:20 ----HDC---- C:\WINDOWS\ie8

2009-10-14 21:50:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion

2009-10-14 20:09:46 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Malwarebytes

2009-10-14 16:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2009-10-14 16:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2009-10-14 16:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2009-10-14 16:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2009-10-14 16:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2009-10-14 16:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2009-10-14 16:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$

2009-10-14 16:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$

2009-10-14 16:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2009-10-11 19:57:08 ----D---- C:\Programme\Mozilla Firefox

2009-10-11 17:35:40 ----D---- C:\Programme\Microsoft Office Outlook Connector

2009-10-11 17:26:10 ----A---- C:\Programme\wlsetup-web.exe

2009-10-11 11:28:46 ----D---- C:\Programme\Lavalys

2009-10-11 11:28:08 ----A---- C:\Programme\everesthome220.exe

2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\Mp3cnfg.exe

2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\DivXc32.dll

2009-10-09 23:45:39 ----A---- C:\Programme\OOo_2.4.3_Win32Intel_install_de.exe

2009-10-09 23:40:50 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Google

2009-10-09 23:40:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google

2009-10-09 23:22:47 ----D---- C:\Programme\trend micro

2009-10-09 21:31:30 ----D---- C:\Programme\Avira

2009-10-09 21:31:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira

2009-09-26 22:51:42 ----A---- C:\WINDOWS\system32\unrar.dll
 

======List of files/folders modified in the last 1 months======
 

2009-10-18 09:27:45 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-10-18 09:27:43 ----RD---- C:\Programme

2009-10-18 09:13:04 ----D---- C:\WINDOWS\temp

2009-10-18 09:12:58 ----D---- C:\WINDOWS\system32\CatRoot2

2009-10-18 09:12:29 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt

2009-10-18 03:30:51 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-10-17 21:46:23 ----D---- C:\WINDOWS\system32\drivers

2009-10-17 20:05:24 ----SHD---- C:\WINDOWS\Installer

2009-10-17 20:05:11 ----HD---- C:\Config.Msi

2009-10-17 15:51:41 ----D---- C:\WINDOWS\system32

2009-10-17 13:01:48 ----D---- C:\WINDOWS\Prefetch

2009-10-17 09:38:01 ----D---- C:\WINDOWS\system32\FxsTmp

2009-10-16 16:30:29 ----D---- C:\WINDOWS

2009-10-16 15:14:11 ----HD---- C:\WINDOWS\inf

2009-10-16 15:14:06 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-10-16 15:13:26 ----HD---- C:\WINDOWS\$hf_mig$

2009-10-16 15:03:49 ----D---- C:\Spiele

2009-10-16 15:03:40 ----D---- C:\Programme\Internet Explorer

2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\AD ON Multimedia

2009-10-16 15:03:20 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\dvdcss

2009-10-16 15:02:20 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

2009-10-16 10:25:34 ----D---- C:\WINDOWS\system32\config

2009-10-16 10:25:06 ----D---- C:\WINDOWS\system32\wbem

2009-10-16 10:25:06 ----D---- C:\WINDOWS\Registration

2009-10-16 09:58:03 ----D---- C:\WINDOWS\Minidump

2009-10-16 08:15:27 ----D---- C:\WINDOWS\Debug

2009-10-15 19:11:29 ----D---- C:\WINDOWS\system32\de-de

2009-10-15 19:11:28 ----D---- C:\WINDOWS\Media

2009-10-15 19:11:28 ----D---- C:\WINDOWS\Help

2009-10-15 03:40:52 ----A---- C:\WINDOWS\NeroDigital.ini

2009-10-14 20:30:58 ----D---- C:\WINDOWS\Microsoft.NET

2009-10-14 20:30:42 ----RSD---- C:\WINDOWS\assembly

2009-10-14 16:20:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-14 16:19:35 ----D---- C:\WINDOWS\WinSxS

2009-10-14 16:15:06 ----D---- C:\WINDOWS\ie7updates

2009-10-14 16:14:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help

2009-10-12 23:00:41 ----D---- C:\Dokumente und Einstellungen

2009-10-12 22:55:36 ----D---- C:\VIDEO_OUTPUT

2009-10-11 17:41:15 ----D---- C:\Programme\DivX

2009-10-11 17:35:40 ----D---- C:\Programme\Gemeinsame Dateien\System

2009-10-11 17:34:28 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-10-11 17:33:52 ----D---- C:\Programme\Windows Live

2009-10-11 17:32:42 ----D---- C:\WINDOWS\system32\DirectX

2009-10-11 17:30:57 ----D---- C:\Programme\Microsoft

2009-10-11 17:20:33 ----D---- C:\WINDOWS\network diagnostic

2009-10-10 10:44:39 ----SD---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Microsoft

2009-10-10 01:30:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS

2009-10-10 01:27:18 ----D---- C:\WINDOWS\system32\Macromed

2009-10-10 01:17:43 ----RSD---- C:\WINDOWS\Fonts

2009-10-09 23:40:28 ----D---- C:\Programme\Google

2009-10-09 10:15:54 ----D---- C:\Mumi

2009-10-06 12:47:07 ----HD---- C:\Programme\InstallShield Installation Information

2009-10-06 12:47:07 ----D---- C:\Programme\Gemeinsame Dateien\Sony Shared

2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe

2009-09-26 23:06:19 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared

2009-09-26 23:01:21 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\DivX

2009-09-26 22:50:43 ----D---- C:\WINDOWS\system32\quicktime
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]

R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-02 1681920]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]

R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]

R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []

R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]

S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]

S3 aukumzd3;aukumzd3; C:\WINDOWS\system32\drivers\aukumzd3.sys []

S3 bdacap;PC-DTV Receiver; C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 217728]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []

S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-03 13352]

S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-08-03 21672]

S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []

S3 GLHIDKBFILTER;GLHIDKBFILTER; C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 11264]

S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]

S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]

S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]

S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]

S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]

S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]

S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]

S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-07-11 84096]

S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []

S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]

S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S3 ZSMC301b;Apache USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-12-01 93632]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-02 401408]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-08-10 153376]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]

R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]

S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Windows Live Family Safety-Dienst; C:\Programme\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-09 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 MSCSPTISRV;MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]

S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]

S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]

S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]

S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
 

-----------------EOF-----------------

Larusso

18.10.2009 13:27

Noch Probleme ? :)

Ayse	18.10.2009 14:08

Ja,

Ich kann immernoch nicht mein Hintergrundbild ändern.

Avira zeigt mich immer den hier an

Code:

 Exportierte Ereignisse:
 

18.10.2009 11:14 [Guard] Malware gefunden

      In der Datei 'C:\System Volume 

      Information\_restore{760356E5-BCE9-476B-B907-4990E96A32A7}\RP143\A0031731.dll'

      wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.

      Ausgeführte Aktion: Zugriff verweigern

Larusso

18.10.2009 21:37

sorry, hatte ich nicht abonniert :o

Schritt 1

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Poste bitte die erhaltene Logfile

Ayse	18.10.2009 21:44

Code:

 SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 22:42 on 18/10/2009 by Mumi (Administrator - Elevation successful)
 

========== reg ==========
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

(No values found)
 
 

-=End Of File=-

Ich verstehe das nicht etwas ist auf meinem Rechner aber kein Scann findet das

Larusso

19.10.2009 13:32

nö da ist nichts mehr, aber es war da ;)

schritt 1

Registry mit ERUNT sichern

Da wir in der Registry Änderungen vornehmen müssen, wirst Du die Registry vorher wie folgt sichern:
Lade das Tool ERUNT von Lars Hederer herunter und installiere es. Starte die erunt.exe und erstelle damit eine Backup der Registry in den vorgegebenen Ordner. Unter Sicherungsoptionen bitte alle drei Möglichkeiten anhaken. Das Programm nicht in den Systemstart aufnehmen.

schritt 2

Registry Einträge ändern, löschen oder erstellen

Start --> ausführen --> regedit (eingeben) --> OK

Navigiere nun wie folgt.
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft ->Windows -> CurrentVersion -> Policies.
Hier müsste der Eintrag ActiveDesktop stehen.
Rechtsklick darauf und in NoChangingWallpaper benennen.
Nun im Rechten Fenster auf Standard klicken und bei Wert einfach 0 eingeben --> OK

Schritt 2b

navigiere bitte zu
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Policies.

Sollte auch hier der Eintrag Active Desktop stehen, dann die selben Schritte wie oben.
Sollte dieser nicht vorhanden sein, einfach nichts machen.

Starte nun den Rechner neu auf und berichte.

Alle Zeitangaben in WEZ +1. Es ist jetzt 09:38 Uhr.

Seite 3 von 6

Letzte »

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129