Trojaner-Board - ZPACK in ovfsthxphejvobd.dll lässt sich nicht löschen

Seite 2 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - ZPACK in ovfsthxphejvobd.dll lässt sich nicht löschen (https://www.trojaner-board.de/73024-zpack-ovfsthxphejvobd-dll-laesst-loeschen.html)

1-fach-licht

24.05.2009 00:26

Hier Teil 2:

Zitat:

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
"Google Update"="c:\users\stefan behrens\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-20 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 225280]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-11 516440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-06 6265376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^stefan behrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kurznotizen.lnk]
path=c:\users\stefan behrens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kurznotizen.lnk
backup=c:\windows\pss\Kurznotizen.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5BB8CD12-0A43-40E1-BC27-C4E74AAFA659}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{1785867E-A130-438A-A014-F7A90DA647F1}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{A67F7E16-003C-47F3-8E7B-FAA46B7F5FDD}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{E5505A26-5A4E-4F39-ACAC-33304C756553}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4C278827-3C90-41E3-B91A-19DB401AAA3C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{6FFCEF30-B686-4864-B4C0-8895AA60FF1C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{457F860C-77B3-4FE1-87A4-9E021BEC6BD3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{54E2FD9D-E3C3-4581-AE8B-97568605526E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{53F23157-8484-41D6-B7AB-643F6A9DB4A4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{5B002FCB-DA38-4588-8C61-FF50A81971C4}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{E140E7A1-D22B-40BC-B71A-19E8BCF6D98D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:hpiscnapp.exe
"{90B23D8D-1F46-42B2-A2E2-C957A73F46A4}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:hpiscnapp.exe
"{B71CDE94-60AA-43F2-A0C4-23ED92EB401D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:hpqkygrp.exe
"{7A4B7DFA-D3F4-4123-A1AE-48D163022C88}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:hpqkygrp.exe
"{1966F2F4-9264-4E48-8D64-C1966EC5B04E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C376A98B-3739-43B7-84E2-B15F74A57694}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B21D26C4-4008-42CA-BB4A-1B5278A7F695}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{52468850-222A-44DF-875D-6CD2ED07D160}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0061C688-190C-4F9E-A65C-A9EC23F81825}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{E007A6AC-70C6-48C4-8DDA-38B1028A66D9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11.05.2009 03:24 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.04.2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.04.2009 11:33 72944]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [01.05.2009 02:49 108289]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [30.10.2008 12:45 3032360]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.04.2009 11:33 7408]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [30.10.2008 12:45 15144]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 953168]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\System32\drivers\MRVW23B.sys [13.10.2008 19:30 231040]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\System32\drivers\ScratchAmp.sys [19.04.2009 18:50 22912]
S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2009-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:23]

2009-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884559710-4201843287-3005015240-1000.job
- c:\users\stefan behrens\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-20 15:24]

2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{6E241DD5-9BE4-4161-854D-8195544C4D7A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-procexp90.Sys

1-fach-licht

24.05.2009 00:29

Und zu guter letzt Teil 3:

Zitat:

------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\stefan behrens\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\stefan behrens\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\stefan behrens\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 01:15
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4628)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\WTablet\Pen_TabletUser.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-05-23 1:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-05-23 23:19

Vor Suchlauf: 17 Verzeichnis(se), 13.112.111.104 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 12.824.326.144 Bytes frei

279 --- E O F --- 2009-05-23 22:48

vielen Dank nochmal Euch allen für Eure Mühe

viele Grüße
Stefan

john.doe

24.05.2009 00:30

Systemdetails mit RSIT prüfen

Lade Random's System Information Tool (RSIT) von random/random herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Erstelle ein Filelisting.

Lade die Datei File-Upload.net - listing0.bat auf deinen Desktop
Doppelklicke auf listing0.bat
Am Ende befindet sich eine Datei listing.txt auf dem Desktop. Die bei einem Filehoster (z.B. Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de) hochladen und hier den Link posten.

ciao, andreas

1-fach-licht

24.05.2009 01:12

Also erstmal die Log.txt Teil 1

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by stefan behrens at 2009-05-24 02:02:39
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 12 GB (5%) free of 230 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:02:51, on 24.05.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\stefan behrens\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\stefan behrens\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\stefan behrens.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\stefan behrens\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 8225 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-884559710-4201843287-3005015240-1000.job
C:\Windows\tasks\User_Feed_Synchronization-{6E241DD5-9BE4-4161-854D-8195544C4D7A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-29 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-03-12 225280]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-06 6265376]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-18 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-18 92704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-11 516440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-28 1830128]
"Google Update"=C:\Users\stefan behrens\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-20 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\stefan behrens\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-20 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2008-08-06 1833504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-30 52168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^stefan behrens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kurznotizen.lnk]
C:\Windows\System32\StikyNot.exe [2006-11-02 289280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

1-fach-licht

24.05.2009 01:13

Dann die Log.txt Teil 2

Zitat:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 2 months======

2009-05-24 02:02:39 ----D---- C:\rsit
2009-05-24 01:19:19 ----D---- C:\Windows\temp
2009-05-24 01:19:18 ----A---- C:\ComboFix.txt
2009-05-24 01:14:58 ----SHD---- C:\$RECYCLE.BIN
2009-05-24 01:06:21 ----A---- C:\Windows\zip.exe
2009-05-24 01:06:21 ----A---- C:\Windows\SWXCACLS.exe
2009-05-24 01:06:21 ----A---- C:\Windows\SWSC.exe
2009-05-24 01:06:21 ----A---- C:\Windows\SWREG.exe
2009-05-24 01:06:21 ----A---- C:\Windows\sed.exe
2009-05-24 01:06:21 ----A---- C:\Windows\PEV.exe
2009-05-24 01:06:21 ----A---- C:\Windows\NIRCMD.exe
2009-05-24 01:06:21 ----A---- C:\Windows\grep.exe
2009-05-24 01:05:59 ----D---- C:\Windows\ERDNT
2009-05-24 01:05:50 ----D---- C:\Qoobox
2009-05-20 20:35:16 ----A---- C:\Windows\system32\cfd.exe
2009-05-20 02:33:08 ----D---- C:\Windows\pss
2009-05-19 21:55:02 ----A---- C:\Windows\system32\vp_setup.exe
2009-05-11 22:18:28 ----D---- C:\Neuer Ordner
2009-05-11 21:46:48 ----D---- C:\Users\stefan behrens\AppData\Roaming\SUPERAntiSpyware.com
2009-05-11 21:46:48 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-11 21:46:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-11 20:03:06 ----D---- C:\Program Files\GRISOFT
2009-05-11 03:28:49 ----A---- C:\Windows\system32\lsdelete.exe
2009-05-11 03:22:27 ----D---- C:\Program Files\Lavasoft
2009-05-11 01:57:08 ----A---- C:\Windows\wininit.ini
2009-05-11 01:21:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-03 02:24:19 ----D---- C:\Windows\Minidump
2009-05-03 02:19:35 ----D---- C:\Users\stefan behrens\AppData\Roaming\Malwarebytes
2009-05-03 02:19:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-01 02:49:05 ----D---- C:\Program Files\Avira
2009-05-01 02:41:13 ----D---- C:\Program Files\CCleaner
2009-04-28 01:10:20 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-04-28 01:10:20 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-04-28 01:10:19 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-04-28 01:10:19 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-04-28 01:10:19 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-04-28 01:10:19 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-04-28 01:06:35 ----D---- C:\Program Files\OpenAL
2009-04-28 01:06:35 ----A---- C:\Windows\system32\wrap_oal.dll
2009-04-28 01:06:35 ----A---- C:\Windows\system32\OpenAL32.dll
2009-04-27 00:15:58 ----D---- C:\Program Files\Trend Micro
2009-04-26 23:53:21 ----D---- C:\Users\stefan behrens\AppData\Roaming\Media Player Classic
2009-04-19 19:23:47 ----D---- C:\Program Files\AtomixMP3
2009-04-19 18:49:13 ----D---- C:\Program Files\Native Instruments
2009-04-16 00:50:56 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 00:50:53 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 00:50:53 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 00:50:47 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 00:50:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 00:50:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 00:50:46 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 00:50:46 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 00:50:46 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 00:50:46 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 00:50:46 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 00:50:46 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 00:50:46 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 00:50:40 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 00:50:40 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 00:50:40 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 00:50:40 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 00:50:40 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 00:50:35 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 00:50:34 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 00:50:33 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 00:50:33 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 00:50:33 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 00:50:33 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 00:50:33 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 00:50:32 ----A---- C:\Windows\system32\occache.dll
2009-04-16 00:50:32 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 00:50:32 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 00:50:31 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 00:50:31 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-16 00:50:31 ----A---- C:\Windows\system32\ieencode.dll
2009-03-31 01:23:00 ----D---- C:\TEMP
2009-03-31 01:18:11 ----D---- C:\Users\stefan behrens\AppData\Roaming\IrfanView
2009-03-31 01:18:11 ----D---- C:\Program Files\IrfanView

======List of files/folders modified in the last 2 months======

2009-05-24 01:58:03 ----D---- C:\Users\stefan behrens\AppData\Roaming\Adobe
2009-05-24 01:49:40 ----D---- C:\Users\stefan behrens\AppData\Roaming\Skype
2009-05-24 01:47:33 ----D---- C:\Users\stefan behrens\AppData\Roaming\skypePM
2009-05-24 01:19:20 ----D---- C:\Windows\system32\drivers
2009-05-24 01:19:20 ----D---- C:\Windows\system32\de-DE
2009-05-24 01:19:20 ----D---- C:\Windows\System32
2009-05-24 01:19:19 ----D---- C:\Windows
2009-05-24 01:15:45 ----A---- C:\Windows\system.ini
2009-05-24 01:13:24 ----D---- C:\Users\stefan behrens\AppData\Roaming\WTablet
2009-05-24 01:10:46 ----D---- C:\Windows\system32\config
2009-05-24 01:08:54 ----D---- C:\Windows\AppPatch
2009-05-24 01:08:53 ----HD---- C:\Program Files\Common Files
2009-05-24 01:05:50 ----D---- C:\Windows\Prefetch
2009-05-24 00:47:51 ----SHD---- C:\System Volume Information
2009-05-20 02:58:59 ----HD---- C:\Program Files\Mozilla Firefox
2009-05-20 01:16:05 ----D---- C:\Windows\Debug
2009-05-20 01:04:40 ----D---- C:\Users\stefan behrens\AppData\Roaming\uTorrent
2009-05-15 23:38:14 ----D---- C:\Users\stefan behrens\AppData\Roaming\dvdcss
2009-05-14 03:01:45 ----SHD---- C:\Windows\Installer
2009-05-13 16:41:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-13 16:41:15 ----D---- C:\Windows\inf
2009-05-11 21:47:28 ----HD---- C:\ProgramData
2009-05-11 21:46:48 ----RHD---- C:\Program Files
2009-05-11 03:24:18 ----D---- C:\Windows\Tasks
2009-05-11 03:24:18 ----D---- C:\Windows\system32\Tasks
2009-05-11 03:24:10 ----D---- C:\Windows\system32\catroot
2009-05-11 03:24:09 ----DC---- C:\Windows\system32\DRVSTORE
2009-05-09 03:33:35 ----D---- C:\Windows\system32\catroot2
2009-05-07 14:52:19 ----D---- C:\WTablet
2009-05-07 09:16:30 ----A---- C:\Windows\system32\mrt.exe
2009-05-07 03:01:35 ----D---- C:\Windows\winsxs
2009-05-03 01:53:12 ----D---- C:\Windows\system32\WDI
2009-04-28 01:10:11 ----RSD---- C:\Windows\assembly
2009-04-27 00:36:00 ----HD---- C:\Program Files\Java
2009-04-27 00:26:23 ----HD---- C:\Program Files\Common Files\Adobe
2009-04-27 00:26:23 ----HD---- C:\Program Files\Adobe
2009-04-19 19:01:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-16 03:08:40 ----D---- C:\Windows\system32\wbem
2009-04-16 03:08:39 ----D---- C:\Windows\system32\manifeststore
2009-04-16 03:08:38 ----HD---- C:\Program Files\Internet Explorer
2009-03-26 20:24:34 ----D---- C:\Program Files\ICQ6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\Windows\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-01 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-04-28 72944]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-05-01 55640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-06 2164248]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-18 7379872]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-09-24 29184]
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R4 catchme;catchme; \??\C:\Users\STEFAN~1\AppData\Local\Temp\catchme.sys []
S3 cvspydr2;ColorVision Spyder 2; C:\Windows\system32\DRIVERS\cvspydr2.sys [2002-04-02 33024]
S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB; C:\Windows\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys); C:\Windows\System32\Drivers\ScratchAmp.sys [2003-01-31 22912]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-10-31 124960]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-10-31 115744]
S4 O2MDRDR;O2MDRDR; C:\Windows\system32\drivers\o2media.sys [2005-08-05 34144]
S4 O2SDRDR;O2SDRDR; C:\Windows\system32\drivers\o2sd.sys [2005-12-19 28800]
S4 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys [2006-12-02 50688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-18 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2008-05-02 3032360]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-11 953168]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-03-12 159744]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-10-09 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-05 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-14 73728]

-----------------EOF-----------------

1-fach-licht

24.05.2009 01:14

Und schließlich die Info.txt

Zitat:

info.txt logfile of random's system information tool 1.06 2009-05-24 02:02:54

======Uninstall list======

-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
54M Wireless-->C:\Program Files\InstallShield Installation Information\{59061D20-CFC3-4C2E-8B41-9243678ACE8D}\setup.exe -runfromtemp -l0x0009 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Atomix.Atomix MP3 v2.3-->C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Celtx (1.0)-->C:\Program Files\Celtx\uninstall\helper.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Command & Conquer(TM) Generäle-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Ergo Print Monitor x86-->MsiExec.exe /I{C19EE417-D4AA-4762-AD25-E2EC245482B2}
Exif-Viewer 2.50 -->C:\Windows\uninstall\Exif-Viewer\setup.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
HDX4 Movie Creator-->MsiExec.exe /I{1F7177FA-D813-4174-0001-C04C5C400C9B}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LightScribe Applications-->MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}
LightScribe System Software 1.10.19.1-->MsiExec.exe /X{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Neat Image v5.2 Pro+-->"C:\Program Files\Neat Image\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\ProgramData\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ger_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{7EC19307-7C22-47A8-922B-3FA965291260}
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Phase 5 HTML-Editor-->MsiExec.exe /I{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}
PhotoME-->"C:\Program Files\PhotoME\unins000.exe"
QuarkXPress 7.2-->MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly
Roxio WinOnCD 9 Basic-->MsiExec.exe /I{DCFFB64E-A757-4430-A455-B947F029BFD4}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic MyDVD-VR-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{897CA0D9-948F-4E5B-A20E-535E1060D3E6} /l1031
Sony Image Data Suite-->C:\Program Files\InstallShield Installation Information\{359FCAA7-B544-4147-AE3B-8C8A526E2427}\setup.exe -runfromtemp -l0x0007 -removeonly
Sony RAW Driver-->C:\Program Files\InstallShield Installation Information\{166FCF01-AC98-4288-A01C-90BEB808C059}\setup.exe -runfromtemp -l0x0007 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyder2express-->C:\Windows\unvise32.exe C:\Program Files\ColorVision\Spyder2express\uninstal.log
Stifttablett-->C:\Program Files\Tablet\Pen\Remove.exe /u
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: fotodesign
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 64094
Source Name: Service Control Manager
Time Written: 20090523231829.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 64095
Source Name: Service Control Manager
Time Written: 20090523231918.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 7036
Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Ausgeführt".
Record Number: 64096
Source Name: Service Control Manager
Time Written: 20090523233355.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 64097
Source Name: Service Control Manager
Time Written: 20090523233548.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 7036
Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Beendet".
Record Number: 64098
Source Name: Service Control Manager
Time Written: 20090523235855.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: fotodesign
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 43523
Source Name: SecurityCenter
Time Written: 20090523231715.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 102
Message: InputPersonalization (3156) InkStore: Das Datenbankmodul (6.00.6001.0000) hat eine neue Instanz gestartet (0).
Record Number: 43524
Source Name: ESENT
Time Written: 20090523231813.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 43525
Source Name: LightScribeService
Time Written: 20090523231833.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 1002
Message: Die Shell wurde unerwartet beendet und Explorer.exe wurde neu gestartet.
Record Number: 43526
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090523231843.000000-000
Event Type: Informationen
User:

Computer Name: fotodesign
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 43527
Source Name: LightScribeService
Time Written: 20090524000253.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: fotodesign
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28852
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090524000250.261694-000
Event Type: Überwachung gescheitert
User:

Computer Name: fotodesign
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28853
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090524000250.287083-000
Event Type: Überwachung gescheitert
User:

Computer Name: fotodesign
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28854
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090524000250.311496-000
Event Type: Überwachung gescheitert
User:

Computer Name: fotodesign
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28855
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090524000250.335908-000
Event Type: Überwachung gescheitert
User:

Computer Name: fotodesign
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28856
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090524000250.361297-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

1-fach-licht

24.05.2009 01:20

Liste der Anhänge anzeigen (Anzahl: 1)

die listing0.bat bricht ab mit der Fehlermeldung (siehe Screenshot)

erstellt aber trotzdem eine Datei listing.txt

der Link dazu hier:
http://www.materialordner.de/hWfWGO0WTHAH2puUt7Why0ovfj9ae7h.html

Vielen Dank und Viele Grüße
Stefan

john.doe

26.05.2009 16:45

:eek: Noch einer, den ich übersehen habe, sorry.

1.) Deinstalliere (falls möglich):

AdAware
Google Update
SuperAntiSpyware
Spybot

2.) Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

KILLALL::
 

Driver::

Lbd

SASDIFSV

SASKUTIL

SASENUM
 

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=-

"SUPERAntiSpyware"=-

"Google Update"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=-

"SunJavaUpdateSched"=-

"Ad-Watch"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=-
 

File::

c:\windows\system32\vp_setup.exe

c:\windows\Tasks\Ad-Aware Update (Weekly).job

c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884559710-4201843287-3005015240-1000.job
 

DirLook::

C:\Neuer Ordner

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

1-fach-licht

26.05.2009 19:39

also ein "sorry" ist wirklich nicht nötig.
Ich finde das was hier passiert extrem hilfreich für mich, denn alleine hätte ich das sicher nicht auf die Kette gekriegt.

Daher DANKE :)

Also:
ich habe AdAware, SuperAntiSpyware und Spybot mit dem CCleaner deinstalliert, den "google updater" habe ich nicht gefunden aber vorsichtshalber den Google Chrome deinstalliert.

Hier nun das Log von Combofix: (Teil 1)

Zitat:

ComboFix 09-05-25.A2 - *** 26.05.2009 20:22.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2047.1225 [GMT 2:00]
ausgeführt von:: c:\users\stefan behrens\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\stefan behrens\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

FILE ::
"c:\windows\system32\vp_setup.exe"
"c:\windows\Tasks\Ad-Aware Update (Weekly).job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884559710-4201843287-3005015240-1000.job"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\Ad-Aware Update (Weekly).job

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SASDIFSV
-------\Legacy_SASENUM
-------\Legacy_SASKUTIL

((((((((((((((((((((((( Dateien erstellt von 2009-04-26 bis 2009-05-26 ))))))))))))))))))))))))))))))
.

2009-05-26 18:25 . 2009-05-26 18:29 -------- d-----w c:\users\***\AppData\Local\temp
2009-05-26 18:25 . 2009-05-26 18:25 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-05-24 00:02 . 2009-05-24 00:02 -------- d-----w C:\rsit
2009-05-20 18:35 . 2009-05-20 18:35 27377 ----a-w c:\windows\system32\cfd.exe
2009-05-11 20:18 . 2009-05-11 20:24 -------- d-----w C:\Neuer Ordner
2009-05-11 19:46 . 2009-05-26 18:05 -------- d-----w c:\users\***\AppData\Roaming\SUPERAntiSpyware.com
2009-05-11 19:46 . 2009-05-26 18:05 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-11 18:03 . 2007-01-18 12:00 3968 ----a-w c:\windows\system32\drivers\AvgArCln.sys
2009-05-11 01:22 . 2009-05-26 18:11 -------- d-----w c:\program files\Lavasoft
2009-05-10 23:21 . 2009-05-26 18:08 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-03 00:19 . 2009-05-03 00:19 -------- d-----w c:\users\***\AppData\Roaming\Malwarebytes
2009-05-03 00:19 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 00:19 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 00:19 . 2009-05-03 00:19 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 00:49 . 2009-05-01 00:52 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-01 00:49 . 2009-05-01 00:52 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-01 00:49 . 2009-05-01 00:49 -------- d-----w c:\program files\Avira
2009-05-01 00:41 . 2009-05-01 00:41 -------- d-----w c:\program files\CCleaner
2009-04-28 18:10 . 2009-04-28 18:14 -------- d-----w c:\temp\ModArt2
2009-04-27 23:06 . 2009-04-27 23:06 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-27 23:06 . 2009-04-27 23:06 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-27 23:06 . 2009-04-27 23:06 -------- d-----w c:\program files\OpenAL
2009-04-27 17:18 . 2009-04-12 17:54 954368 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-27 17:18 . 2009-04-12 17:54 71652 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-27 17:18 . 2009-04-12 17:54 4534272 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-27 17:18 . 2009-04-12 17:54 344064 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-27 17:18 . 2009-04-12 17:54 131868 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-27 17:18 . 2009-04-12 17:54 103424 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-27 17:18 . 2009-04-12 17:54 65536 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-27 17:18 . 2009-04-12 17:54 1161626 ----a-w c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-26 22:33 . 2009-04-26 22:33 -------- d-----w c:\users\***\AppData\Local\Installer4236
2009-04-26 22:27 . 2009-04-26 22:27 -------- d-----w c:\users\***\AppData\Local\Installer4160
2009-04-26 22:15 . 2009-04-26 22:15 -------- d-----w c:\program files\Trend Micro
2009-04-26 21:53 . 2009-04-26 21:53 -------- d-----w c:\users\***\AppData\Roaming\Media Player Classic

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 18:27 . 2008-10-30 10:55 -------- d-----w c:\users\***\AppData\Roaming\WTablet
2009-05-26 18:14 . 2008-10-31 03:08 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet
2009-05-25 19:38 . 2008-10-13 17:47 -------- d-----w c:\users\***\AppData\Roaming\Skype
2009-05-25 17:59 . 2008-10-13 17:52 -------- d-----w c:\users\***\AppData\Roaming\skypePM
2009-05-24 01:03 . 2008-10-30 00:02 -------- d-----w c:\users\***\AppData\Roaming\uTorrent
2009-05-20 01:04 . 2008-10-13 19:30 1 ----a-w c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-15 21:38 . 2008-10-09 20:08 -------- d-----w c:\users\***\AppData\Roaming\dvdcss
2009-05-13 23:23 . 2008-11-27 17:03 1356 ----a-w c:\users\***\AppData\Local\d3d9caps.dat
2009-05-13 14:41 . 2008-01-21 07:15 618204 ----a-w c:\windows\system32\perfh007.dat
2009-05-13 14:41 . 2008-01-21 07:15 122636 ----a-w c:\windows\system32\perfc007.dat
2009-05-03 20:20 . 2008-10-13 19:55 1424 ----a-w c:\users\***\AppData\Roaming\wklnhst.dat
2009-05-03 00:27 . 2008-10-09 16:57 90376 ----a-w c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-26 22:36 . 2008-10-13 19:21 -------- d--h--w c:\program files\Java
2009-04-26 22:26 . 2008-03-12 09:53 -------- d--h--w c:\program files\Common Files\Adobe
2009-04-20 22:30 . 2009-04-20 22:30 -------- d-----w c:\windows\system32\config\systemprofile\AppData\Roaming\PC Suite
2009-04-19 17:23 . 2009-04-19 17:23 -------- d-----w c:\program files\AtomixMP3
2009-04-19 17:01 . 2008-03-12 10:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 16:49 . 2009-04-19 16:49 -------- d-----w c:\program files\Native Instruments
2009-04-02 00:30 . 2009-04-02 00:30 0 ----a-w c:\users\***\irfanview_plugins_423.zip
2009-03-30 23:18 . 2009-03-30 23:18 -------- d-----w c:\users\***\AppData\Roaming\IrfanView
2009-03-30 23:18 . 2009-03-30 23:18 -------- d-----w c:\program files\IrfanView
2009-03-17 03:38 . 2009-04-15 22:50 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:50 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2009-01-19 18:48 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 22:50 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:50 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:50 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 22:50 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:50 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:50 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:50 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:50 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:50 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 22:50 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 22:50 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:50 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 22:50 26624 ----a-w c:\windows\system32\ieUnatt.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

1-fach-licht

26.05.2009 19:42

Combofix Log Teil 2:

Zitat:

---- Directory of C:\Neuer Ordner ----
2009-05-11 20:21 . 2009-04-24 20:41 9380762 ----a-w c:\neuer ordner\_DSC1949.JPG
2009-05-11 20:21 . 2009-04-24 20:41 8696282 ----a-w c:\neuer ordner\_DSC1950.JPG
2009-05-11 20:21 . 2009-04-24 20:41 8883473 ----a-w c:\neuer ordner\_DSC1951.JPG
2009-05-11 20:21 . 2009-04-24 20:42 9814111 ----a-w c:\neuer ordner\_DSC1953.JPG
2009-05-11 20:21 . 2009-04-24 20:42 8049939 ----a-w c:\neuer ordner\_DSC1954.JPG
2009-05-11 20:21 . 2009-04-24 20:44 8165010 ----a-w c:\neuer ordner\_DSC1956.JPG
2009-05-11 20:21 . 2009-04-24 20:44 7958356 ----a-w c:\neuer ordner\_DSC1957.JPG
2009-05-11 20:21 . 2009-04-24 20:44 9326839 ----a-w c:\neuer ordner\_DSC1958.JPG
2009-05-11 20:21 . 2009-04-24 20:45 8471101 ----a-w c:\neuer ordner\_DSC1960.JPG
2009-05-11 20:21 . 2009-04-24 20:45 8823040 ----a-w c:\neuer ordner\_DSC1961.JPG
2009-05-11 20:21 . 2009-04-24 20:45 7128873 ----a-w c:\neuer ordner\_DSC1963.JPG
2009-05-11 20:21 . 2009-04-24 20:46 8638143 ----a-w c:\neuer ordner\_DSC1966.JPG
2009-05-11 20:21 . 2009-04-24 20:46 8402469 ----a-w c:\neuer ordner\_DSC1967.JPG
2009-05-11 20:21 . 2009-04-24 20:46 8481053 ----a-w c:\neuer ordner\_DSC1968.JPG
2009-05-11 20:21 . 2009-04-24 20:47 12339961 ----a-w c:\neuer ordner\_DSC1969.JPG
2009-05-11 20:21 . 2009-04-24 20:47 12051264 ----a-w c:\neuer ordner\_DSC1971.JPG
2009-05-11 20:21 . 2009-04-24 20:48 9881088 ----a-w c:\neuer ordner\_DSC1974.JPG
2009-05-11 20:21 . 2009-04-24 20:48 10970098 ----a-w c:\neuer ordner\_DSC1975.JPG
2009-05-11 20:21 . 2009-04-24 20:51 8683646 ----a-w c:\neuer ordner\_DSC1980.JPG
2009-05-11 20:21 . 2009-04-24 20:53 8587059 ----a-w c:\neuer ordner\_DSC1982.JPG
2009-05-11 20:21 . 2009-04-24 20:57 6854347 ----a-w c:\neuer ordner\_DSC1989.JPG
2009-05-11 20:21 . 2009-04-24 20:59 7575730 ----a-w c:\neuer ordner\_DSC1990.JPG
2009-05-11 20:21 . 2009-04-24 21:02 8840597 ----a-w c:\neuer ordner\_DSC1995.JPG
2009-05-11 20:21 . 2009-04-24 21:04 8234922 ----a-w c:\neuer ordner\_DSC1998.JPG
2009-05-11 20:21 . 2009-04-24 21:09 10674708 ----a-w c:\neuer ordner\_DSC2006.JPG
2009-05-11 20:21 . 2009-04-24 21:17 8289296 ----a-w c:\neuer ordner\_DSC2010.JPG
2009-05-11 20:21 . 2009-04-24 21:21 9353981 ----a-w c:\neuer ordner\_DSC2016.JPG
2009-05-11 20:21 . 2009-04-24 21:22 9205591 ----a-w c:\neuer ordner\_DSC2018.JPG
2009-05-11 20:21 . 2009-04-24 21:23 8658836 ----a-w c:\neuer ordner\_DSC2020.JPG
2009-05-11 20:21 . 2009-04-24 21:25 9779655 ----a-w c:\neuer ordner\_DSC2025.JPG
2009-05-11 20:21 . 2009-04-24 21:26 7555165 ----a-w c:\neuer ordner\_DSC2026.JPG
2009-05-11 20:21 . 2009-04-24 21:26 8606793 ----a-w c:\neuer ordner\_DSC2027.JPG
2009-05-11 20:21 . 2009-04-24 21:26 8945855 ----a-w c:\neuer ordner\_DSC2028.JPG
2009-05-11 20:21 . 2009-04-24 21:27 8571123 ----a-w c:\neuer ordner\_DSC2029.JPG
2009-05-11 20:21 . 2009-04-24 21:27 8224848 ----a-w c:\neuer ordner\_DSC2030.JPG
2009-05-11 20:21 . 2009-04-24 21:28 8316713 ----a-w c:\neuer ordner\_DSC2032.JPG
2009-05-11 20:21 . 2009-04-24 21:28 9080984 ----a-w c:\neuer ordner\_DSC2034.JPG
2009-05-11 20:21 . 2009-04-24 21:39 9280641 ----a-w c:\neuer ordner\_DSC2036.JPG
2009-05-11 20:21 . 2009-04-24 21:39 8048066 ----a-w c:\neuer ordner\_DSC2038.JPG
2009-05-11 20:21 . 2009-04-24 21:41 10397838 ----a-w c:\neuer ordner\_DSC2040.JPG
2009-05-11 20:21 . 2009-04-24 21:51 8868772 ----a-w c:\neuer ordner\_DSC2041.JPG
2009-05-11 20:22 . 2009-04-24 21:51 8043332 ----a-w c:\neuer ordner\_DSC2042.JPG
2009-05-11 20:22 . 2009-04-24 21:52 8577330 ----a-w c:\neuer ordner\_DSC2043.JPG
2009-05-11 20:22 . 2009-04-24 21:52 8514446 ----a-w c:\neuer ordner\_DSC2045.JPG
2009-05-11 20:22 . 2009-04-24 21:54 7541104 ----a-w c:\neuer ordner\_DSC2047.JPG
2009-05-11 20:22 . 2009-04-24 21:54 7428878 ----a-w c:\neuer ordner\_DSC2048.JPG
2009-05-11 20:22 . 2009-04-24 21:56 8566132 ----a-w c:\neuer ordner\_DSC2050.JPG
2009-05-11 20:22 . 2009-04-24 21:57 6658452 ----a-w c:\neuer ordner\_DSC2052.JPG
2009-05-11 20:22 . 2009-04-24 21:57 7160439 ----a-w c:\neuer ordner\_DSC2053.JPG
2009-05-11 20:18 . 2009-04-24 22:00 8182078 ----a-w c:\neuer ordner\_DSC2054.JPG
2009-05-11 20:18 . 2009-04-24 22:01 8378411 ----a-w c:\neuer ordner\_DSC2057.JPG
2009-05-11 20:18 . 2009-04-24 22:03 8919381 ----a-w c:\neuer ordner\_DSC2059.JPG
2009-05-11 20:18 . 2009-04-24 22:04 7553240 ----a-w c:\neuer ordner\_DSC2061.JPG
2009-05-11 20:18 . 2009-04-24 22:09 8344987 ----a-w c:\neuer ordner\_DSC2068.JPG
2009-05-11 20:18 . 2009-04-24 22:09 8931592 ----a-w c:\neuer ordner\_DSC2069.JPG
2009-05-11 20:18 . 2009-04-24 22:09 9262877 ----a-w c:\neuer ordner\_DSC2070.JPG
2009-05-11 20:18 . 2009-04-24 22:10 10940419 ----a-w c:\neuer ordner\_DSC2071.JPG
2009-05-11 20:18 . 2009-04-24 22:10 8052509 ----a-w c:\neuer ordner\_DSC2073.JPG
2009-05-11 20:18 . 2009-04-24 22:11 7706561 ----a-w c:\neuer ordner\_DSC2074.JPG
2009-05-11 20:18 . 2009-04-24 22:11 8770147 ----a-w c:\neuer ordner\_DSC2075.JPG
2009-05-11 20:18 . 2009-04-24 22:11 6732853 ----a-w c:\neuer ordner\_DSC2076.JPG
2009-05-11 20:18 . 2009-04-24 22:11 7252853 ----a-w c:\neuer ordner\_DSC2077.JPG
2009-05-11 20:19 . 2009-04-24 22:12 8342912 ----a-w c:\neuer ordner\_DSC2078.JPG
2009-05-11 20:19 . 2009-04-24 22:12 8383780 ----a-w c:\neuer ordner\_DSC2081.JPG
2009-05-11 20:19 . 2009-04-24 22:13 7931258 ----a-w c:\neuer ordner\_DSC2084.JPG
2009-05-11 20:19 . 2009-04-24 22:13 7997529 ----a-w c:\neuer ordner\_DSC2085.JPG
2009-05-11 20:19 . 2009-04-24 22:17 10190656 ----a-w c:\neuer ordner\_DSC2090.JPG
2009-05-11 20:19 . 2009-04-24 22:17 10969071 ----a-w c:\neuer ordner\_DSC2092.JPG
2009-05-11 20:19 . 2009-04-24 22:19 10842085 ----a-w c:\neuer ordner\_DSC2095.JPG
2009-05-11 20:19 . 2009-04-24 22:20 11195520 ----a-w c:\neuer ordner\_DSC2096.JPG
2009-05-11 20:19 . 2009-04-24 22:20 10525062 ----a-w c:\neuer ordner\_DSC2097.JPG
2009-05-11 20:19 . 2009-04-24 22:20 10522608 ----a-w c:\neuer ordner\_DSC2098.JPG
2009-05-11 20:19 . 2009-04-24 22:20 10702360 ----a-w c:\neuer ordner\_DSC2099.JPG
2009-05-11 20:19 . 2009-04-24 22:21 10691381 ----a-w c:\neuer ordner\_DSC2100.JPG
2009-05-11 20:19 . 2009-04-24 22:21 9540717 ----a-w c:\neuer ordner\_DSC2101.JPG
2009-05-11 20:19 . 2009-04-24 22:22 10085032 ----a-w c:\neuer ordner\_DSC2104.JPG
2009-05-11 20:19 . 2009-04-24 22:22 10002066 ----a-w c:\neuer ordner\_DSC2105.JPG
2009-05-11 20:19 . 2009-04-24 22:22 10007928 ----a-w c:\neuer ordner\_DSC2106.JPG
2009-05-11 20:19 . 2009-04-24 22:22 10502352 ----a-w c:\neuer ordner\_DSC2107.JPG
2009-05-11 20:19 . 2009-04-24 22:23 9594998 ----a-w c:\neuer ordner\_DSC2109.JPG
2009-05-11 20:19 . 2009-04-24 22:23 10183408 ----a-w c:\neuer ordner\_DSC2110.JPG
2009-05-11 20:19 . 2009-04-24 22:24 9016764 ----a-w c:\neuer ordner\_DSC2112.JPG
2009-05-11 20:19 . 2009-04-24 22:24 8786960 ----a-w c:\neuer ordner\_DSC2113.JPG
2009-05-11 20:19 . 2009-04-24 22:25 12032228 ----a-w c:\neuer ordner\_DSC2116.JPG
2009-05-11 20:19 . 2009-04-24 22:26 9118989 ----a-w c:\neuer ordner\_DSC2119.JPG
2009-05-11 20:19 . 2009-04-24 22:26 9855512 ----a-w c:\neuer ordner\_DSC2120.JPG
2009-05-11 20:19 . 2009-04-24 22:26 11602871 ----a-w c:\neuer ordner\_DSC2124.JPG
2009-05-11 20:19 . 2009-04-24 22:26 11841858 ----a-w c:\neuer ordner\_DSC2125.JPG
2009-05-11 20:19 . 2009-04-24 22:32 9221206 ----a-w c:\neuer ordner\_DSC2128.JPG
2009-05-11 20:19 . 2009-04-24 22:37 9202667 ----a-w c:\neuer ordner\_DSC2133.JPG
2009-05-11 20:19 . 2009-04-24 22:40 9093415 ----a-w c:\neuer ordner\_DSC2135.JPG
2009-05-11 20:19 . 2009-04-24 22:41 8711258 ----a-w c:\neuer ordner\_DSC2136.JPG
2009-05-11 20:19 . 2009-04-24 22:45 9379013 ----a-w c:\neuer ordner\_DSC2142.JPG
2009-05-11 20:19 . 2009-04-24 22:46 9037627 ----a-w c:\neuer ordner\_DSC2145.JPG
2009-05-11 20:19 . 2009-04-24 22:49 9791644 ----a-w c:\neuer ordner\_DSC2150.JPG
2009-05-11 20:19 . 2009-04-24 22:50 8266410 ----a-w c:\neuer ordner\_DSC2151.JPG
2009-05-11 20:19 . 2009-04-24 22:50 8911735 ----a-w c:\neuer ordner\_DSC2153.JPG
2009-05-11 20:19 . 2009-04-24 22:51 9304705 ----a-w c:\neuer ordner\_DSC2154.JPG
2009-05-11 20:19 . 2009-04-24 22:51 8601642 ----a-w c:\neuer ordner\_DSC2155.JPG
2009-05-11 20:19 . 2009-04-24 22:51 7706811 ----a-w c:\neuer ordner\_DSC2157.JPG
2009-05-11 20:19 . 2009-04-24 22:56 11069776 ----a-w c:\neuer ordner\_DSC2162.JPG
2009-05-11 20:19 . 2009-04-24 22:56 8346837 ----a-w c:\neuer ordner\_DSC2164.JPG
2009-05-11 20:19 . 2009-04-24 22:59 8285792 ----a-w c:\neuer ordner\_DSC2171.JPG
2009-05-11 20:19 . 2009-04-24 23:00 12454388 ----a-w c:\neuer ordner\_DSC2173.JPG
2009-05-11 20:19 . 2009-04-24 23:01 11678011 ----a-w c:\neuer ordner\_DSC2176.JPG
2009-05-11 20:19 . 2009-04-24 23:09 12010369 ----a-w c:\neuer ordner\_DSC2180.JPG
2009-05-11 20:19 . 2009-04-24 23:09 12329437 ----a-w c:\neuer ordner\_DSC2181.JPG
2009-05-11 20:19 . 2009-04-24 23:11 11125018 ----a-w c:\neuer ordner\_DSC2188.JPG
2009-05-11 20:19 . 2009-04-24 23:12 9868155 ----a-w c:\neuer ordner\_DSC2189.JPG
2009-05-11 20:19 . 2009-04-24 23:12 10065037 ----a-w c:\neuer ordner\_DSC2191.JPG
2009-05-11 20:19 . 2009-04-24 23:12 10443066 ----a-w c:\neuer ordner\_DSC2192.JPG
2009-05-11 20:19 . 2009-04-24 23:12 9854958 ----a-w c:\neuer ordner\_DSC2194.JPG
2009-05-11 20:19 . 2009-04-24 23:12 9413847 ----a-w c:\neuer ordner\_DSC2195.JPG
2009-05-11 20:19 . 2009-04-24 23:13 14648610 ----a-w c:\neuer ordner\_DSC2196.JPG
2009-05-11 20:19 . 2009-04-24 23:14 13464672 ----a-w c:\neuer ordner\_DSC2197.JPG
2009-05-11 20:19 . 2009-04-24 23:14 13596928 ----a-w c:\neuer ordner\_DSC2199.JPG
2009-05-11 20:19 . 2009-04-24 23:14 13297082 ----a-w c:\neuer ordner\_DSC2202.JPG
2009-05-11 20:19 . 2009-04-24 23:15 14099105 ----a-w c:\neuer ordner\_DSC2203.JPG
2009-05-11 20:19 . 2009-04-24 23:15 11870923 ----a-w c:\neuer ordner\_DSC2204.JPG
2009-05-11 20:19 . 2009-04-24 23:15 12150559 ----a-w c:\neuer ordner\_DSC2206.JPG
2009-05-11 20:19 . 2009-04-24 23:15 12075962 ----a-w c:\neuer ordner\_DSC2207.JPG
2009-05-11 20:19 . 2009-04-24 23:17 12644598 ----a-w c:\neuer ordner\_DSC2211.JPG
2009-05-11 20:19 . 2009-04-24 23:29 14013537 ----a-w c:\neuer ordner\_DSC2217.JPG
2009-05-11 20:19 . 2009-04-24 23:30 13732711 ----a-w c:\neuer ordner\_DSC2218.JPG
2009-05-11 20:19 . 2009-04-24 23:30 13812392 ----a-w c:\neuer ordner\_DSC2220.JPG
2009-05-11 20:19 . 2009-04-24 23:31 8274112 ----a-w c:\neuer ordner\_DSC2221.JPG
2009-05-11 20:19 . 2009-04-24 23:32 11978227 ----a-w c:\neuer ordner\_DSC2222.JPG
2009-05-11 20:19 . 2009-04-24 23:38 9337684 ----a-w c:\neuer ordner\_DSC2225.JPG
2009-05-11 20:19 . 2009-04-24 23:40 9158876 ----a-w c:\neuer ordner\_DSC2231.JPG
2009-05-11 20:19 . 2009-04-24 23:41 11070731 ----a-w c:\neuer ordner\_DSC2234.JPG
2009-05-11 20:19 . 2009-04-24 23:42 11521064 ----a-w c:\neuer ordner\_DSC2237.JPG
2009-05-11 20:19 . 2009-04-24 23:42 8712094 ----a-w c:\neuer ordner\_DSC2238.JPG
2009-05-11 20:19 . 2009-04-24 23:44 8681202 ----a-w c:\neuer ordner\_DSC2242.JPG
2009-05-11 20:19 . 2009-04-25 00:20 9595937 ----a-w c:\neuer ordner\_DSC2244.JPG
2009-05-11 20:19 . 2009-04-25 00:35 6559111 ----a-w c:\neuer ordner\_DSC2249.JPG
2009-05-11 20:19 . 2009-04-25 00:38 6625079 ----a-w c:\neuer ordner\_DSC2251.JPG
2009-05-11 20:19 . 2009-04-25 00:38 9673256 ----a-w c:\neuer ordner\_DSC2252.JPG
2009-05-11 20:19 . 2009-04-25 00:39 11050568 ----a-w c:\neuer ordner\_DSC2254.JPG
2009-05-11 20:20 . 2009-04-25 00:42 9442082 ----a-w c:\neuer ordner\_DSC2256.JPG
2009-05-11 20:20 . 2009-04-25 00:42 9100136 ----a-w c:\neuer ordner\_DSC2257.JPG
2009-05-11 20:20 . 2009-04-25 00:42 8970032 ----a-w c:\neuer ordner\_DSC2258.JPG
2009-05-11 20:20 . 2009-04-25 00:42 8591488 ----a-w c:\neuer ordner\_DSC2259.JPG
2009-05-11 20:20 . 2009-04-25 00:42 8172675 ----a-w c:\neuer ordner\_DSC2260.JPG
2009-05-11 20:20 . 2009-04-25 00:45 9352494 ----a-w c:\neuer ordner\_DSC2262.JPG
2009-05-11 20:20 . 2009-04-25 00:51 7676819 ----a-w c:\neuer ordner\_DSC2264.JPG
2009-05-11 20:20 . 2009-04-25 00:51 8043974 ----a-w c:\neuer ordner\_DSC2265.JPG
2009-05-11 20:20 . 2009-04-25 01:04 8873898 ----a-w c:\neuer ordner\_DSC2267.JPG
2009-05-11 20:20 . 2009-04-25 01:04 8351593 ----a-w c:\neuer ordner\_DSC2268.JPG
2009-05-11 20:20 . 2009-04-25 01:10 9207198 ----a-w c:\neuer ordner\_DSC2270.JPG
2009-05-11 20:20 . 2009-04-25 01:23 10110639 ----a-w c:\neuer ordner\_DSC2273.JPG
2009-05-11 20:20 . 2009-04-25 01:23 9070049 ----a-w c:\neuer ordner\_DSC2274.JPG
2009-05-11 20:20 . 2009-04-25 01:23 10671987 ----a-w c:\neuer ordner\_DSC2275.JPG
2009-05-11 20:20 . 2009-04-25 01:23 9939228 ----a-w c:\neuer ordner\_DSC2276.JPG
2009-05-11 20:20 . 2009-04-25 01:24 12209974 ----a-w c:\neuer ordner\_DSC2277.JPG
2009-05-11 20:20 . 2009-04-25 01:26 12212008 ----a-w c:\neuer ordner\_DSC2279.JPG
2009-05-11 20:20 . 2009-04-25 01:44 10106889 ----a-w c:\neuer ordner\_DSC2281.JPG
2009-05-11 20:20 . 2009-04-25 01:45 9402136 ----a-w c:\neuer ordner\_DSC2282.JPG
2009-05-11 20:20 . 2009-04-25 01:46 11331260 ----a-w c:\neuer ordner\_DSC2283.JPG
2009-05-11 20:20 . 2009-04-25 01:47 8105824 ----a-w c:\neuer ordner\_DSC2286.JPG
2009-05-11 20:20 . 2009-04-25 01:47 9850647 ----a-w c:\neuer ordner\_DSC2287.JPG
2009-05-11 20:20 . 2009-04-25 01:49 6849193 ----a-w c:\neuer ordner\_DSC2289.JPG
2009-05-11 20:20 . 2009-04-25 01:50 8564253 ----a-w c:\neuer ordner\_DSC2290.JPG
2009-05-11 20:20 . 2009-04-25 01:50 8137806 ----a-w c:\neuer ordner\_DSC2291.JPG
2009-05-11 20:20 . 2009-04-25 01:50 8428034 ----a-w c:\neuer ordner\_DSC2292.JPG
2009-05-11 20:20 . 2009-04-25 01:50 8222809 ----a-w c:\neuer ordner\_DSC2294.JPG
2009-05-11 20:20 . 2009-04-25 01:50 8245603 ----a-w c:\neuer ordner\_DSC2295.JPG
2009-05-11 20:20 . 2009-04-25 01:50 8871628 ----a-w c:\neuer ordner\_DSC2296.JPG
2009-05-11 20:20 . 2009-04-25 01:51 9214723 ----a-w c:\neuer ordner\_DSC2297.JPG
2009-05-11 20:20 . 2009-04-25 01:52 11784263 ----a-w c:\neuer ordner\_DSC2299.JPG
2009-05-11 20:20 . 2009-04-25 02:02 10300932 ----a-w c:\neuer ordner\_DSC2301.JPG
2009-05-11 20:20 . 2009-04-25 02:45 15291960 ----a-w c:\neuer ordner\_DSC2303.JPG
2009-05-11 20:20 . 2009-04-25 02:48 12287392 ----a-w c:\neuer ordner\_DSC2305.JPG
2009-05-11 20:20 . 2009-04-25 02:48 15294897 ----a-w c:\neuer ordner\_DSC2306.JPG
2009-05-11 20:20 . 2009-04-25 02:49 13471355 ----a-w c:\neuer ordner\_DSC2307.JPG
2009-05-11 20:20 . 2009-04-25 02:50 14820464 ----a-w c:\neuer ordner\_DSC2308.JPG
2009-05-11 20:20 . 2009-04-25 02:52 14406414 ----a-w c:\neuer ordner\_DSC2310.JPG
2009-05-11 20:20 . 2009-04-25 02:53 13417943 ----a-w c:\neuer ordner\_DSC2311.JPG
2009-05-11 20:20 . 2009-04-25 02:56 6308899 ----a-w c:\neuer ordner\_DSC2314.JPG
2009-05-11 20:20 . 2009-04-25 02:57 7718205 ----a-w c:\neuer ordner\_DSC2316.JPG
2009-05-11 20:20 . 2009-04-25 02:59 12727692 ----a-w c:\neuer ordner\_DSC2317.JPG
2009-05-11 20:20 . 2009-04-25 03:01 12476793 ----a-w c:\neuer ordner\_DSC2318.JPG
2009-05-11 20:20 . 2009-04-25 03:01 12287088 ----a-w c:\neuer ordner\_DSC2319.JPG
2009-05-11 20:20 . 2009-04-25 03:01 13692251 ----a-w c:\neuer ordner\_DSC2320.JPG
2009-05-11 20:20 . 2009-04-25 03:01 12851031 ----a-w c:\neuer ordner\_DSC2321.JPG
2009-05-11 20:20 . 2009-04-25 03:01 13805306 ----a-w c:\neuer ordner\_DSC2322.JPG
2009-05-11 20:20 . 2009-04-25 03:17 7971806 ----a-w c:\neuer ordner\_DSC2325.JPG
2009-05-11 20:20 . 2009-04-25 03:19 7577849 ----a-w c:\neuer ordner\_DSC2326.JPG
2009-05-11 20:20 . 2009-04-25 03:37 11280188 ----a-w c:\neuer ordner\_DSC2333.JPG
2009-05-11 20:20 . 2009-04-25 03:37 9166491 ----a-w c:\neuer ordner\_DSC2334.JPG
2009-05-11 20:20 . 2009-04-25 03:37 11224742 ----a-w c:\neuer ordner\_DSC2335.JPG
2009-05-11 20:20 . 2009-04-25 03:38 10653764 ----a-w c:\neuer ordner\_DSC2336.JPG
2009-05-11 20:20 . 2009-04-25 03:38 10608699 ----a-w c:\neuer ordner\_DSC2337.JPG
2009-05-11 20:20 . 2009-04-25 03:38 9005119 ----a-w c:\neuer ordner\_DSC2338.JPG
2009-05-11 20:20 . 2009-04-25 03:38 7946720 ----a-w c:\neuer ordner\_DSC2339.JPG
2009-05-11 20:20 . 2009-04-25 03:38 8556147 ----a-w c:\neuer ordner\_DSC2340.JPG
2009-05-11 20:20 . 2009-04-25 03:38 7663765 ----a-w c:\neuer ordner\_DSC2341.JPG
2009-05-11 20:20 . 2009-04-25 03:39 8824149 ----a-w c:\neuer ordner\_DSC2342.JPG
2009-05-11 20:20 . 2009-04-25 03:44 5738606 ----a-w c:\neuer ordner\_DSC2345.JPG
2009-05-11 20:20 . 2009-04-25 03:44 7582022 ----a-w c:\neuer ordner\_DSC2346.JPG
2009-05-11 20:20 . 2009-04-25 03:44 7628214 ----a-w c:\neuer ordner\_DSC2348.JPG
2009-05-11 20:21 . 2009-04-25 03:44 8035476 ----a-w c:\neuer ordner\_DSC2350.JPG
2009-05-11 20:21 . 2009-04-25 03:45 7681218 ----a-w c:\neuer ordner\_DSC2351.JPG
2009-05-11 20:21 . 2009-04-25 03:46 7120155 ----a-w c:\neuer ordner\_DSC2352.JPG
2009-05-11 20:21 . 2009-04-25 03:46 7734516 ----a-w c:\neuer ordner\_DSC2353.JPG
2009-05-11 20:21 . 2009-04-25 03:48 6873840 ----a-w c:\neuer ordner\_DSC2355.JPG
2009-05-11 20:21 . 2009-04-25 03:49 7321291 ----a-w c:\neuer ordner\_DSC2358.JPG
2009-05-11 20:21 . 2009-04-25 03:49 8886343 ----a-w c:\neuer ordner\_DSC2359.JPG
2009-05-11 20:21 . 2009-04-25 03:50 9983763 ----a-w c:\neuer ordner\_DSC2363.JPG
2009-05-11 20:21 . 2009-04-25 03:50 8324053 ----a-w c:\neuer ordner\_DSC2364.JPG
2009-05-11 20:21 . 2009-04-25 03:51 8243886 ----a-w c:\neuer ordner\_DSC2365.JPG
2009-05-11 20:22 . 2009-04-25 04:15 12600548 ----a-w c:\neuer ordner\_DSC2367.JPG
2009-05-11 20:22 . 2009-04-25 04:15 12348240 ----a-w c:\neuer ordner\_DSC2368.JPG
2009-05-11 20:22 . 2009-04-25 04:15 12064826 ----a-w c:\neuer ordner\_DSC2369.JPG
2009-05-11 20:22 . 2009-04-25 04:16 11268776 ----a-w c:\neuer ordner\_DSC2370.JPG
2009-05-11 20:22 . 2009-04-25 04:16 7690939 ----a-w c:\neuer ordner\_DSC2371.JPG

1-fach-licht

26.05.2009 19:44

last but not least Teil 3:

Zitat:

2009-05-11 20:22 . 2009-04-25 04:17 8612149 ----a-w c:\neuer ordner\_DSC2372.JPG
2009-05-11 20:22 . 2009-04-25 04:17 7203988 ----a-w c:\neuer ordner\_DSC2373.JPG
2009-05-11 20:22 . 2009-04-25 04:17 8206266 ----a-w c:\neuer ordner\_DSC2374.JPG
2009-05-11 20:22 . 2009-04-25 04:17 9211522 ----a-w c:\neuer ordner\_DSC2375.JPG
2009-05-11 20:22 . 2009-04-25 04:17 9334864 ----a-w c:\neuer ordner\_DSC2376.JPG
2009-05-11 20:22 . 2009-04-25 04:17 7821327 ----a-w c:\neuer ordner\_DSC2377.JPG
2009-05-11 20:22 . 2009-04-25 04:18 8974967 ----a-w c:\neuer ordner\_DSC2378.JPG
2009-05-11 20:22 . 2009-04-25 04:18 8764104 ----a-w c:\neuer ordner\_DSC2379.JPG
2009-05-11 20:22 . 2009-04-25 04:18 8730641 ----a-w c:\neuer ordner\_DSC2380.JPG
2009-05-11 20:22 . 2009-04-25 04:18 8442461 ----a-w c:\neuer ordner\_DSC2381.JPG
2009-05-11 20:22 . 2009-04-25 04:18 8290269 ----a-w c:\neuer ordner\_DSC2382.JPG
2009-05-11 20:22 . 2009-04-25 04:18 8086104 ----a-w c:\neuer ordner\_DSC2383.JPG
2009-05-11 20:22 . 2009-04-25 04:18 10092994 ----a-w c:\neuer ordner\_DSC2384.JPG
2009-05-11 20:22 . 2009-04-25 04:18 10312763 ----a-w c:\neuer ordner\_DSC2385.JPG
2009-05-11 20:22 . 2009-04-25 04:18 10023710 ----a-w c:\neuer ordner\_DSC2386.JPG
2009-05-11 20:22 . 2009-04-25 04:18 9769990 ----a-w c:\neuer ordner\_DSC2387.JPG
2009-05-11 20:23 . 2009-04-25 04:19 9214415 ----a-w c:\neuer ordner\_DSC2388.JPG
2009-05-11 20:23 . 2009-04-25 04:21 8960429 ----a-w c:\neuer ordner\_DSC2393.JPG
2009-05-11 20:23 . 2009-04-25 04:21 13201027 ----a-w c:\neuer ordner\_DSC2394.JPG
2009-05-11 20:23 . 2009-04-25 04:21 9035100 ----a-w c:\neuer ordner\_DSC2395.JPG
2009-05-11 20:23 . 2009-04-25 04:22 9870525 ----a-w c:\neuer ordner\_DSC2397.JPG
2009-05-11 20:23 . 2009-04-25 04:22 10413373 ----a-w c:\neuer ordner\_DSC2398.JPG
2009-05-11 20:23 . 2009-04-25 04:22 9662769 ----a-w c:\neuer ordner\_DSC2399.JPG
2009-05-11 20:23 . 2009-04-25 04:22 9692305 ----a-w c:\neuer ordner\_DSC2401.JPG
2009-05-11 20:23 . 2009-04-25 04:22 9710759 ----a-w c:\neuer ordner\_DSC2402.JPG
2009-05-11 20:23 . 2009-04-25 04:23 9797112 ----a-w c:\neuer ordner\_DSC2403.JPG
2009-05-11 20:23 . 2009-04-25 04:23 9539957 ----a-w c:\neuer ordner\_DSC2404.JPG
2009-05-11 20:23 . 2009-04-25 04:23 13657098 ----a-w c:\neuer ordner\_DSC2405.JPG
2009-05-11 20:23 . 2009-04-25 04:24 12415809 ----a-w c:\neuer ordner\_DSC2406.JPG
2009-05-11 20:23 . 2009-04-25 04:24 9203227 ----a-w c:\neuer ordner\_DSC2407.JPG
2009-05-11 20:23 . 2009-04-25 04:26 11470591 ----a-w c:\neuer ordner\_DSC2408.JPG
2009-05-11 20:23 . 2009-04-25 04:26 12141039 ----a-w c:\neuer ordner\_DSC2409.JPG
2009-05-11 20:23 . 2009-04-25 04:26 12254403 ----a-w c:\neuer ordner\_DSC2410.JPG
2009-05-11 20:23 . 2009-04-25 04:26 12639977 ----a-w c:\neuer ordner\_DSC2411.JPG
2009-05-11 20:23 . 2009-04-25 04:26 12895639 ----a-w c:\neuer ordner\_DSC2412.JPG
2009-05-11 20:23 . 2009-04-25 04:26 12632022 ----a-w c:\neuer ordner\_DSC2413.JPG
2009-05-11 20:23 . 2009-04-25 04:27 10727882 ----a-w c:\neuer ordner\_DSC2414.JPG
2009-05-11 20:23 . 2009-04-25 04:27 11588614 ----a-w c:\neuer ordner\_DSC2415.JPG
2009-05-11 20:23 . 2009-04-25 04:27 11581078 ----a-w c:\neuer ordner\_DSC2416.JPG
2009-05-11 20:23 . 2009-04-25 04:27 11006416 ----a-w c:\neuer ordner\_DSC2417.JPG
2009-05-11 20:23 . 2009-04-25 04:27 10927172 ----a-w c:\neuer ordner\_DSC2418.JPG
2009-05-11 20:23 . 2009-04-25 04:27 10660700 ----a-w c:\neuer ordner\_DSC2419.JPG
2009-05-11 20:23 . 2009-04-25 04:27 11126530 ----a-w c:\neuer ordner\_DSC2420.JPG
2009-05-11 20:23 . 2009-04-25 04:27 10124412 ----a-w c:\neuer ordner\_DSC2421.JPG
2009-05-11 20:23 . 2009-04-25 04:27 10427083 ----a-w c:\neuer ordner\_DSC2422.JPG
2009-05-11 20:23 . 2009-04-25 04:28 13150347 ----a-w c:\neuer ordner\_DSC2423.JPG
2009-05-11 20:23 . 2009-04-25 04:28 11800342 ----a-w c:\neuer ordner\_DSC2424.JPG
2009-05-11 20:23 . 2009-04-25 04:28 10870720 ----a-w c:\neuer ordner\_DSC2425.JPG
2009-05-11 20:23 . 2009-04-25 04:28 12028828 ----a-w c:\neuer ordner\_DSC2426.JPG
2009-05-11 20:23 . 2009-04-25 04:28 12564014 ----a-w c:\neuer ordner\_DSC2427.JPG
2009-05-11 20:23 . 2009-04-25 04:28 12712991 ----a-w c:\neuer ordner\_DSC2428.JPG
2009-05-11 20:23 . 2009-04-25 05:57 9566475 ----a-w c:\neuer ordner\_DSC2430.JPG
2009-05-11 20:23 . 2009-04-25 05:58 9303766 ----a-w c:\neuer ordner\_DSC2431.JPG
2009-05-11 20:23 . 2009-04-25 05:59 8879652 ----a-w c:\neuer ordner\_DSC2435.JPG
2009-05-11 20:23 . 2009-04-25 06:00 8894278 ----a-w c:\neuer ordner\_DSC2436.JPG
2009-05-11 20:23 . 2009-04-25 06:02 8492349 ----a-w c:\neuer ordner\_DSC2437.JPG
2009-05-11 20:23 . 2009-04-25 06:03 11587394 ----a-w c:\neuer ordner\_DSC2438.JPG
2009-05-11 20:23 . 2009-04-25 06:03 11922337 ----a-w c:\neuer ordner\_DSC2439.JPG
2009-05-11 20:23 . 2009-04-25 06:03 12026034 ----a-w c:\neuer ordner\_DSC2440.JPG
2009-05-11 20:23 . 2009-04-25 06:03 11697656 ----a-w c:\neuer ordner\_DSC2441.JPG
2009-05-11 20:23 . 2009-04-25 06:03 11999014 ----a-w c:\neuer ordner\_DSC2442.JPG
2009-05-11 20:23 . 2009-04-25 06:03 12040231 ----a-w c:\neuer ordner\_DSC2443.JPG
2009-05-11 20:23 . 2009-04-25 06:04 11501874 ----a-w c:\neuer ordner\_DSC2444.JPG
2009-05-11 20:23 . 2009-04-25 06:04 11746225 ----a-w c:\neuer ordner\_DSC2445.JPG
2009-05-11 20:23 . 2009-04-25 06:04 10260605 ----a-w c:\neuer ordner\_DSC2446.JPG
2009-05-11 20:23 . 2009-04-25 06:04 10132053 ----a-w c:\neuer ordner\_DSC2447.JPG
2009-05-11 20:23 . 2009-04-25 06:05 10134354 ----a-w c:\neuer ordner\_DSC2448.JPG
2009-05-11 20:23 . 2009-04-25 06:05 9923579 ----a-w c:\neuer ordner\_DSC2449.JPG
2009-05-11 20:23 . 2009-04-25 06:06 11199177 ----a-w c:\neuer ordner\_DSC2450.JPG
2009-05-11 20:23 . 2009-04-25 06:07 9854140 ----a-w c:\neuer ordner\_DSC2451.JPG
2009-05-11 20:23 . 2009-04-25 06:07 9644079 ----a-w c:\neuer ordner\_DSC2452.JPG
2009-05-11 20:24 . 2009-04-25 06:08 9540904 ----a-w c:\neuer ordner\_DSC2453.JPG
2009-05-11 20:24 . 2009-04-25 06:09 7699261 ----a-w c:\neuer ordner\_DSC2454.JPG
2009-05-11 20:24 . 2009-04-25 06:09 7458640 ----a-w c:\neuer ordner\_DSC2455.JPG
2009-05-11 20:24 . 2009-04-25 06:10 8667655 ----a-w c:\neuer ordner\_DSC2456.JPG
2009-05-11 20:24 . 2009-04-25 06:11 8261014 ----a-w c:\neuer ordner\_DSC2457.JPG
2009-05-11 20:24 . 2009-04-25 06:13 8530353 ----a-w c:\neuer ordner\_DSC2460.JPG
2009-05-11 20:24 . 2009-04-25 06:15 8965963 ----a-w c:\neuer ordner\_DSC2461.JPG
2009-05-11 20:24 . 2009-04-25 06:24 9191795 ----a-w c:\neuer ordner\_DSC2464.JPG
2009-05-11 20:24 . 2009-04-25 06:24 8900370 ----a-w c:\neuer ordner\_DSC2465.JPG
2009-05-11 20:24 . 2009-04-25 06:26 9226364 ----a-w c:\neuer ordner\_DSC2470.JPG
2009-05-11 20:24 . 2009-04-25 06:27 9043536 ----a-w c:\neuer ordner\_DSC2471.JPG
2009-05-11 20:24 . 2009-04-25 06:28 9668480 ----a-w c:\neuer ordner\_DSC2473.JPG
2009-05-11 20:24 . 2009-04-25 06:30 9555386 ----a-w c:\neuer ordner\_DSC2474.JPG
2009-05-11 20:24 . 2009-04-25 06:32 9844274 ----a-w c:\neuer ordner\_DSC2476.JPG
2009-05-11 20:24 . 2009-04-25 06:32 7724313 ----a-w c:\neuer ordner\_DSC2477.JPG
2009-05-11 20:24 . 2009-04-25 06:33 7425198 ----a-w c:\neuer ordner\_DSC2478.JPG
2009-05-11 20:24 . 2009-04-25 06:37 8575408 ----a-w c:\neuer ordner\_DSC2479.JPG
2009-05-11 20:24 . 2009-04-25 06:37 8607608 ----a-w c:\neuer ordner\_DSC2480.JPG
2009-05-11 20:24 . 2009-04-25 06:37 8833553 ----a-w c:\neuer ordner\_DSC2481.JPG
2009-05-11 20:24 . 2009-04-25 06:38 8587070 ----a-w c:\neuer ordner\_DSC2485.JPG
2009-05-11 20:24 . 2009-04-25 06:40 8848064 ----a-w c:\neuer ordner\_DSC2489.JPG
2009-05-11 20:24 . 2009-04-25 06:40 10308572 ----a-w c:\neuer ordner\_DSC2491.JPG
2009-05-11 20:24 . 2009-04-25 06:41 10419001 ----a-w c:\neuer ordner\_DSC2493.JPG
2009-05-11 20:24 . 2009-04-25 06:42 10730736 ----a-w c:\neuer ordner\_DSC2494.JPG

((((((((((((((((((((((((((((( SnapShot@2009-05-23_23.15.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-26 18:17 55496 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-26 18:17 80902 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-05-23 23:16 80902 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-09 16:56 . 2009-05-23 23:13 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-09 16:56 . 2009-05-26 18:27 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-26 18:27 . 2009-05-26 18:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-09 16:56 . 2009-05-23 23:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-09 16:56 . 2009-05-26 18:27 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-09 16:58 . 2009-05-26 18:17 9862 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-884559710-4201843287-3005015240-1000_UserData.bin
- 2009-05-23 23:13 . 2009-05-23 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-26 18:27 . 2009-05-26 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-26 18:27 . 2009-05-26 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-23 23:13 . 2009-05-23 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 225280]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-06 6265376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kurznotizen.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kurznotizen.lnk
backup=c:\windows\pss\Kurznotizen.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5BB8CD12-0A43-40E1-BC27-C4E74AAFA659}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{1785867E-A130-438A-A014-F7A90DA647F1}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{A67F7E16-003C-47F3-8E7B-FAA46B7F5FDD}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{E5505A26-5A4E-4F39-ACAC-33304C756553}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4C278827-3C90-41E3-B91A-19DB401AAA3C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{6FFCEF30-B686-4864-B4C0-8895AA60FF1C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{457F860C-77B3-4FE1-87A4-9E021BEC6BD3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{54E2FD9D-E3C3-4581-AE8B-97568605526E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{53F23157-8484-41D6-B7AB-643F6A9DB4A4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{5B002FCB-DA38-4588-8C61-FF50A81971C4}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{E140E7A1-D22B-40BC-B71A-19E8BCF6D98D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:hpiscnapp.exe
"{90B23D8D-1F46-42B2-A2E2-C957A73F46A4}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\Lager\hpiscnapp.exe:hpiscnapp.exe
"{B71CDE94-60AA-43F2-A0C4-23ED92EB401D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:hpqkygrp.exe
"{7A4B7DFA-D3F4-4123-A1AE-48D163022C88}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\Lager\hpqkygrp.exe:hpqkygrp.exe
"{1966F2F4-9264-4E48-8D64-C1966EC5B04E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C376A98B-3739-43B7-84E2-B15F74A57694}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B21D26C4-4008-42CA-BB4A-1B5278A7F695}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{52468850-222A-44DF-875D-6CD2ED07D160}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0061C688-190C-4F9E-A65C-A9EC23F81825}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{E007A6AC-70C6-48C4-8DDA-38B1028A66D9}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [01.05.2009 02:49 108289]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [30.10.2008 12:45 3032360]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [30.10.2008 12:45 15144]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\System32\drivers\MRVW23B.sys [13.10.2008 19:30 231040]
S3 ScratchAmp;ScratchAmp Driver (ScratchAmp.sys);c:\windows\System32\drivers\ScratchAmp.sys [19.04.2009 18:50 22912]
S4 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [12.03.2008 11:40 34144]
S4 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [12.03.2008 11:40 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2009-05-26 c:\windows\Tasks\User_Feed_Synchronization-{6E241DD5-9BE4-4161-854D-8195544C4D7A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uvlrd030.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 20:29
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(1456)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WTablet\Pen_TabletUser.exe
c:\windows\System32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-05-26 20:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-05-26 18:32
ComboFix2.txt 2009-05-23 23:19

Vor Suchlauf: 18 Verzeichnis(se), 12.271.009.792 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 12.255.637.504 Bytes frei

564 --- E O F --- 2009-05-25 15:45

vielen Dank im Voraus :)

Grüße
Stefan

john.doe

26.05.2009 20:00

Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 1 (Suche)
Warte bis der Scanbericht erstellt wird (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen)

(Sollte dein Desktop verschwinden, drücke bitte Ctrl + Alt + Entf um den Taskmanager zu starten. Wähle unter Datei, neuen Task aus und gib dort explorer.exe ein)

ciao, andreas

1-fach-licht

26.05.2009 20:13

Done :) hier das Logfile von LopSD

Zitat:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz )
BIOS : Default System BIOS
USER : stefan behrens ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:225 Go (Free:11 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:2 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB) - FAT32 - Total:3918 Mo (Free:0 Go)
H:\ (USB)
I:\ (USB)
J:\ (Local Disk) - FAT32 - Total:298 Go (Free:82 Go)
K:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 26.05.2009|21:07 )

[ UAC => 1 ]

--------------------\\ Ordner Verzeichnis unter Local

[05.11.2008|07:34] C:\Users\STEFAN~1\AppData\Local\Adobe
[09.10.2008|18:57] C:\Users\STEFAN~1\AppData\Local\Anwendungsdaten
[04.01.2009|22:33] C:\Users\STEFAN~1\AppData\Local\Cooliris
[14.05.2009|01:23] C:\Users\STEFAN~1\AppData\Local\d3d9caps.dat
[19.05.2009|22:42] C:\Users\STEFAN~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[14.11.2008|03:29] C:\Users\STEFAN~1\AppData\Local\Fallout3
[03.05.2009|02:27] C:\Users\STEFAN~1\AppData\Local\GDIPFONTCACHEV1.DAT
[26.05.2009|20:16] C:\Users\STEFAN~1\AppData\Local\Google
[15.12.2008|22:35] C:\Users\STEFAN~1\AppData\Local\Greyfirst
[09.10.2008|19:24] C:\Users\STEFAN~1\AppData\Local\HP
[26.05.2009|20:11] C:\Users\STEFAN~1\AppData\Local\IconCache.db
[27.04.2009|00:27] C:\Users\STEFAN~1\AppData\Local\Installer4160
[27.04.2009|00:33] C:\Users\STEFAN~1\AppData\Local\Installer4236
[24.05.2009|01:15] C:\Users\STEFAN~1\AppData\Local\Microsoft
[07.11.2008|04:03] C:\Users\STEFAN~1\AppData\Local\Microsoft Games
[13.10.2008|21:31] C:\Users\STEFAN~1\AppData\Local\Mozilla
[23.11.2008|16:29] C:\Users\STEFAN~1\AppData\Local\Quark
[26.05.2009|21:05] C:\Users\STEFAN~1\AppData\Local\temp
[09.10.2008|18:57] C:\Users\STEFAN~1\AppData\Local\Temporary Internet Files
[13.10.2008|21:36] C:\Users\STEFAN~1\AppData\Local\Thunderbird
[09.10.2008|18:57] C:\Users\STEFAN~1\AppData\Local\Verlauf
[04.01.2009|16:47] C:\Users\STEFAN~1\AppData\Local\VirtualStore
[4|Datei(en),] C:\Users\STEFAN~1\AppData\Local\Bytes
[20|Verzeichnis(se),] C:\Users\STEFAN~1\AppData\Local\Bytes frei

--------------------\\ Geplante Aufgaben unter C:\Windows\Tasks

[26.05.2009 20:54][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{6E241DD5-9BE4-4161-854D-8195544C4D7A}.job
[26.05.2009 20:27][--ah-----] C:\Windows\tasks\SA.DAT
[26.05.2009 20:25][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Ordner Verzeichnis unter C:\ProgramData

[12.03.2008|15:30] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[27.04.2009|00:26] C:\ProgramData\Adobe
[09.10.2008|21:49] C:\ProgramData\Adobe Systems
[09.10.2008|18:53] C:\ProgramData\Anwendungsdaten
[30.10.2008|12:48] C:\ProgramData\AppData
[01.05.2009|02:49] C:\ProgramData\Avira
[09.10.2008|18:53] C:\ProgramData\Desktop
[09.10.2008|18:53] C:\ProgramData\Dokumente
[09.10.2008|18:53] C:\ProgramData\Favoriten
[05.11.2008|07:07] C:\ProgramData\FLEXnet
[09.10.2008|19:14] C:\ProgramData\Hewlett-Packard
[09.10.2008|19:23] C:\ProgramData\HP
[09.10.2008|19:21] C:\ProgramData\HP Product Assistant
[09.10.2008|19:23] C:\ProgramData\hpzinstall.log
[06.01.2009|16:34] C:\ProgramData\Installations
[12.03.2008|13:18] C:\ProgramData\InstallShield
[26.05.2009|20:11] C:\ProgramData\Lavasoft
[16.10.2008|01:09] C:\ProgramData\LightScribe
[13.10.2008|21:29] C:\ProgramData\LuUninstall.LiveUpdate
[03.05.2009|02:19] C:\ProgramData\Malwarebytes
[23.02.2009|19:23] C:\ProgramData\Microsoft
[13.10.2008|21:54] C:\ProgramData\Microsoft Help
[19.01.2009|22:25] C:\ProgramData\NVIDIA
[30.10.2008|17:50] C:\ProgramData\PC Suite
[04.02.2009|09:58] C:\ProgramData\PhotoME
[12.05.2009|22:29] C:\ProgramData\Roxio
[13.10.2008|19:46] C:\ProgramData\Skype
[14.10.2008|00:26] C:\ProgramData\Sonic
[26.05.2009|20:06] C:\ProgramData\Spybot - Search & Destroy
[09.10.2008|18:53] C:\ProgramData\Startmenü
[11.05.2009|21:47] C:\ProgramData\SUPERAntiSpyware.com
[13.10.2008|21:45] C:\ProgramData\Symantec
[09.10.2008|18:53] C:\ProgramData\Vorlagen
[09.10.2008|19:23] C:\ProgramData\WEBREG
[31.12.2008|23:44] C:\ProgramData\WindowsSearch
[12.03.2008|13:49] C:\ProgramData\WLInstaller
[2|Datei(en),] C:\ProgramData\Bytes
[36|Verzeichnis(se),] C:\ProgramData\Bytes frei

--------------------\\ Ordner Verzeichnis unter C:\Program Files

[12.03.2008|15:30] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[27.04.2009|00:26] C:\Program Files\Adobe
[12.03.2008|12:01] C:\Program Files\Alice
[13.10.2008|19:30] C:\Program Files\AQUIP
[19.04.2009|19:23] C:\Program Files\AtomixMP3
[01.05.2009|02:49] C:\Program Files\Avira
[05.11.2008|07:01] C:\Program Files\Bonjour
[01.05.2009|02:41] C:\Program Files\CCleaner
[15.12.2008|22:35] C:\Program Files\Celtx
[21.01.2009|15:00] C:\Program Files\ColorVision
[26.05.2009|20:24] C:\Program Files\Common Files
[30.10.2008|17:47] C:\Program Files\DIFX
[10.10.2008|20:50] C:\Program Files\EA Games
[14.11.2008|02:53] C:\Program Files\Elaborate Bytes
[29.01.2009|22:04] C:\Program Files\Exif Viewer
[09.10.2008|21:23] C:\Program Files\Foxit Software
[26.01.2009|18:36] C:\Program Files\FreeMind
[09.10.2008|18:53] C:\Program Files\Gemeinsame Dateien [C:\Program Files\Common Files]
[11.05.2009|20:03] C:\Program Files\GRISOFT
[23.12.2008|19:09] C:\Program Files\HDX4
[09.10.2008|19:20] C:\Program Files\Hewlett-Packard
[09.10.2008|19:21] C:\Program Files\HP
[26.03.2009|20:24] C:\Program Files\ICQ6.5
[07.11.2008|15:38] C:\Program Files\ImgBurn
[19.04.2009|19:01] C:\Program Files\InstallShield Installation Information
[16.04.2009|03:08] C:\Program Files\Internet Explorer
[31.03.2009|01:18] C:\Program Files\IrfanView
[27.04.2009|00:36] C:\Program Files\Java
[13.10.2008|21:25] C:\Program Files\JRE
[26.05.2009|20:11] C:\Program Files\Lavasoft
[12.03.2008|13:33] C:\Program Files\LightScribe
[07.11.2008|17:13] C:\Program Files\LucasArts
[03.05.2009|02:19] C:\Program Files\Malwarebytes' Anti-Malware
[23.02.2009|19:19] C:\Program Files\Microsoft
[02.11.2006|14:37] C:\Program Files\Microsoft Games
[13.10.2008|21:53] C:\Program Files\Microsoft Office
[26.02.2009|20:20] C:\Program Files\Microsoft Silverlight
[12.03.2008|13:47] C:\Program Files\Microsoft SQL Server Compact Edition
[23.02.2009|19:23] C:\Program Files\Microsoft Sync Framework
[13.10.2008|21:53] C:\Program Files\Microsoft Works
[21.01.2008|04:35] C:\Program Files\Movie Maker
[20.05.2009|02:58] C:\Program Files\Mozilla Firefox
[13.10.2008|21:35] C:\Program Files\Mozilla Thunderbird
[02.11.2006|14:37] C:\Program Files\MSBuild
[12.03.2008|16:29] C:\Program Files\MSXML 4.0
[19.04.2009|18:49] C:\Program Files\Native Instruments
[24.10.2008|21:01] C:\Program Files\Neat Image
[06.01.2009|16:38] C:\Program Files\Nokia
[23.02.2009|19:19] C:\Program Files\Nvu
[28.04.2009|01:06] C:\Program Files\OpenAL
[13.10.2008|21:25] C:\Program Files\OpenOffice.org 3
[06.01.2009|16:37] C:\Program Files\PC Connectivity Solution
[30.10.2008|18:27] C:\Program Files\PenLauncher
[28.02.2009|23:30] C:\Program Files\phase5
[04.02.2009|09:59] C:\Program Files\PhotoME
[23.11.2008|16:23] C:\Program Files\Quark
[14.10.2008|23:42] C:\Program Files\Realtek
[02.11.2006|14:37] C:\Program Files\Reference Assemblies
[12.03.2008|13:18] C:\Program Files\Roxio
[13.10.2008|19:46] C:\Program Files\Skype
[12.03.2008|13:20] C:\Program Files\Sonic
[09.10.2008|21:35] C:\Program Files\Sony
[26.05.2009|20:08] C:\Program Files\Spybot - Search & Destroy
[26.05.2009|20:05] C:\Program Files\SUPERAntiSpyware
[30.10.2008|12:46] C:\Program Files\Tablet
[27.04.2009|00:15] C:\Program Files\Trend Micro
[02.11.2006|15:01] C:\Program Files\Uninstall Information
[30.10.2008|02:03] C:\Program Files\uTorrent
[09.10.2008|21:06] C:\Program Files\VideoLAN
[09.10.2008|21:02] C:\Program Files\Winamp
[21.01.2008|04:35] C:\Program Files\Windows Calendar
[21.01.2008|04:35] C:\Program Files\Windows Collaboration
[21.01.2008|04:35] C:\Program Files\Windows Defender
[21.01.2008|04:35] C:\Program Files\Windows Journal
[23.02.2009|19:24] C:\Program Files\Windows Live
[23.02.2009|19:19] C:\Program Files\Windows Live SkyDrive
[19.01.2009|22:14] C:\Program Files\Windows Mail
[12.03.2009|20:42] C:\Program Files\Windows Media Player
[09.10.2008|18:53] C:\Program Files\Windows NT
[21.01.2008|04:35] C:\Program Files\Windows Photo Gallery
[21.01.2008|04:35] C:\Program Files\Windows Sidebar
[09.10.2008|21:01] C:\Program Files\WinRAR
[0|Datei(en),] C:\Program Files\Bytes
[84|Verzeichnis(se),] C:\Program Files\Bytes frei

--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files

[27.04.2009|00:26] C:\Program Files\Common Files\Adobe
[30.10.2008|18:28] C:\Program Files\Common Files\Adobe AIR
[09.10.2008|21:44] C:\Program Files\Common Files\Adobe Systems Shared
[09.10.2008|19:20] C:\Program Files\Common Files\Hewlett-Packard
[09.10.2008|19:20] C:\Program Files\Common Files\HP
[12.03.2008|13:16] C:\Program Files\Common Files\InstallShield
[13.10.2008|21:21] C:\Program Files\Common Files\Java
[12.03.2008|13:26] C:\Program Files\Common Files\LightScribe
[05.11.2008|06:55] C:\Program Files\Common Files\Macrovision Shared
[23.02.2009|19:19] C:\Program Files\Common Files\microsoft shared
[06.01.2009|16:38] C:\Program Files\Common Files\Nokia
[06.01.2009|16:38] C:\Program Files\Common Files\PCSuite
[12.03.2008|13:17] C:\Program Files\Common Files\Roxio Shared
[02.11.2006|13:18] C:\Program Files\Common Files\Services
[13.10.2008|19:46] C:\Program Files\Common Files\Skype
[12.03.2008|13:17] C:\Program Files\Common Files\Sonic Shared
[02.11.2006|13:18] C:\Program Files\Common Files\SpeechEngines
[12.03.2008|13:18] C:\Program Files\Common Files\SureThing Shared
[14.10.2008|00:24] C:\Program Files\Common Files\Symantec Shared
[21.01.2008|04:35] C:\Program Files\Common Files\System
[23.02.2009|19:12] C:\Program Files\Common Files\Windows Live
[12.03.2008|13:53] C:\Program Files\Common Files\WindowsLiveInstaller
[0|Datei(en),] C:\Program Files\Common Files\Bytes
[24|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei

--------------------\\ Process

( 62 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

Kein Lop Ordner gefunden !

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER

--------------------\\ Suche nach verborgenen Dateien mit Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 21:07:35
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Suche nach anderen Infektionen

--------------------\\ Cracks & Keygens ..

C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack.rar
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Downloaded from AppS-BG.com.url
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\NeatImage.8bf
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\NeatImage.exe
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\neatsetup5_2.exe
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\ssg.nfo
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\ssg.reg
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\12MF ISO 200.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\12MF ISO 400.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\12MN ISO 200.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\12MN ISO 400.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\1M ISO 200.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\1M ISO 400.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\1M ISO 800.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\2M ISO 200.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\2M ISO 400.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\2M ISO 800.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\3M ISO 200.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\3M ISO 400.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\3M ISO 800.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\6M ISO 200.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\6M ISO 400.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\RAW ISO 200.dnp
C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\Fujifilm_FinePix_S7000_JPEG_RAW\RAW ISO 400.dnp
C:\Users\STEFAN~1\Downloads\Quark XPress 7\Keygen
C:\Users\STEFAN~1\Downloads\Quark XPress 7\Keygen\file_id.diz
C:\Users\STEFAN~1\Downloads\Quark XPress 7\Keygen\PARADOX
C:\Users\STEFAN~1\Downloads\Quark XPress 7\Keygen\Paradox.nfo
C:\Users\STEFAN~1\Music\Musik\Pixies\Doolittle\09 Crackity Jones.m4a

[F:6][D:2]-> C:\Users\STEFAN~1\AppData\Local\Temp
[F:10][D:1]-> C:\Users\STEFAN~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:29][D:4]-> C:\Users\STEFAN~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 26.05.2009|21:09 - Option : [1]

--------------------\\ Scan beendet um 21:09:40
[ UAC => 1 ]

john.doe

26.05.2009 20:20

Code:

C:\Users\STEFAN~1\Downloads\Neat Image Pro+ v5.2+crack\Neat Image Pro+ v5.2+crack\NeatImage.exe

C:\Users\STEFAN~1\Downloads\Quark XPress 7\Keygen

Wann lernt ihr endlich die Hände von geklauter Software zu lassen? :schmoll:

Da hilft jetzt nur noch eins: http://www.trojaner-board.de/51262-a...sicherung.html

Du bist entlassen und ich bin raus,
Andreas

Alle Zeitangaben in WEZ +1. Es ist jetzt 08:17 Uhr.

Seite 2 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131