Trojaner-Board - Trojaner PWS:Win32/Daurso.A -- penetrant und resistent

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner PWS:Win32/Daurso.A -- penetrant und resistent (https://www.trojaner-board.de/86267-trojaner-pws-win32-daurso-a-penetrant-resistent.html)

Trojaner PWS:Win32/Daurso.A -- penetrant und resistent

Hallo zusammen,

ich leide auch unter dem pws:win32/daurso.a Trojaner.

Danke an die gute Beschreibung auf :
http://www.trojaner-board.de/86113-t...o-problem.html

StLB hat drei fragwürdige Dateien in dem anderen Fall gefunden, und da ich eine gültige Datei von einer fragwürdigen nicht unterscheiden kann, hoffe ich, dass mir jemand von euch weiterhelfen kann, damit ich nicht doch noch formatieren muss um den Dreck wieder los zu werden.

Ich habe jetzt 2x Maleware laufen lassen (dazwischen ein Neustart und einer erneuten Meldung vom Windows Defender, dass pws:win32/daurso.a wieder/immer noch da ist) und nach dem zweiten Mal dieses Log erhalten:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 4118
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904
 

20.05.2010 01:54:24

mbam-log-2010-05-20 (01-54-24).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 321941

Laufzeit: 2 Stunde(n), 38 Minute(n), 4 Sekunde(n)
 

Infizierte Speicherprozesse: 1

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

C:\Windows\Temp\7ac25ba5.tmp (Trojan.Downloader) -> Unloaded process successfully.
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\Windows\Temp\7ac25ba5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Windows\System32\drivers\abfayyq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

OTL hat folgende 2 Log produziert:

Code:

OTL logfile created on: 20.05.2010 01:56:09 - Run 1

OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Name\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 212,87 Gb Total Space | 55,90 Gb Free Space | 26,26% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 15,60 Gb Free Space | 78,01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 624,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

 

Computer Name: Name-PC

Current User Name: Name

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Name\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)

PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)

PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Name\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)

SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (BsMailProxy) -- C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll (BullGuard Ltd.)

SRV - (BsFileScan) -- C:\Programme\BullGuard Software\BullGuard\BsFileScan.dll (BullGuard Ltd.)

SRV - (BGLiveSvc) -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software)

SRV - (BgMainSvc) -- C:\Programme\BullGuard Software\BullGuard\BsMain.dll (BullGuard, Ltd.)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)

SRV - (cvslock) -- C:\Program Files\CVSNT\cvslock.exe ()

SRV - (cvsnt) -- C:\Program Files\CVSNT\cvsservice.exe (March Hare Software Ltd)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (Reconn) -- C:\Programme\BullGuard Software\BullGuard\Reconn.sys (BullGuard Ltd.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (amdagp) -- C:\Windows\System32\drivers\amdagp.sys.bak (Microsoft Corporation)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "about:blanc"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.05 17:19:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.05 17:19:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010.05.05 17:19:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.8\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010.05.05 17:19:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.05 17:19:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.05 17:19:57 | 000,000,000 | ---D | M]

 

[2008.12.07 21:00:54 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Extensions

[2010.05.19 22:45:57 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\c9x8tr4l.default\extensions

[2010.04.12 22:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\c9x8tr4l.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}

[2010.05.05 17:04:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\c9x8tr4l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009.11.08 13:39:43 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\c9x8tr4l.default\extensions\toolbar@ask.com

[2008.05.27 01:35:00 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Sunbird\Profiles\iope8wpx.default\extensions

[2009.04.22 20:38:14 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\c9x8tr4l.default\searchplugins\icqplugin-1.xml

[2009.03.08 15:53:15 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\c9x8tr4l.default\searchplugins\icqplugin-2.xml

[2009.03.30 12:57:05 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\c9x8tr4l.default\searchplugins\icqplugin-3.xml

[2009.02.06 16:42:02 | 000,000,944 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\c9x8tr4l.default\searchplugins\icqplugin.xml

[2010.04.19 20:06:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2009.01.22 20:38:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2008.01.25 21:05:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

[2010.04.19 20:06:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2008.12.07 21:00:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org

[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.04.12 22:12:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.04.12 22:12:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.04.12 22:12:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.04.12 22:12:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.04.12 22:12:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108723

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, Inc.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp

O24 - Desktop BackupWallPaper: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp

O30 - LSA: Authentication Packages - (setuid) - C:\Windows\System32\setuid.dll (March-Hare Software Ltd)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.07.02 13:27:43 | 000,000,074 | R--- | M] () - H:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{b7a7f589-b97c-11dc-9116-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{b7a7f589-b97c-11dc-9116-806e6f6e6963}\Shell\AutoRun\command - "" = H:\zdata\cobi.exe -- [2009.09.22 14:39:30 | 001,144,832 | R--- | M] (getanet.MEDIA)

O33 - MountPoints2\{d69a6a38-b8d8-11de-bc2a-001d9207f1d0}\Shell - "" = AutoRun

O33 - MountPoints2\{d69a6a38-b8d8-11de-bc2a-001d9207f1d0}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.05.20 01:02:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe

[2010.05.19 22:49:55 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Malwarebytes

[2010.05.19 22:49:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.05.19 22:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.05.19 22:49:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.05.19 22:49:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.05.19 19:56:59 | 000,604,416 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe

[2010.05.19 19:56:57 | 000,028,928 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2010.05.19 19:56:56 | 000,017,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2010.05.19 19:56:54 | 000,361,216 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe

[2010.05.19 19:54:42 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2009

[2010.05.19 19:05:02 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\Bewerbung

[2010.05.18 22:27:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010.05.05 17:22:56 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2010.05.05 17:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.05.05 17:19:25 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime

[2010.05.05 17:15:09 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour

[2010.04.27 20:20:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.05.20 02:00:07 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job

[2010.05.20 01:59:35 | 000,802,304 | ---- | M] () -- C:\Windows\System32\drivers\abfayyq.sys

[2010.05.20 01:59:01 | 002,883,584 | ---- | M] () -- C:\Users\Name\NTUSER.DAT

[2010.05.20 01:54:30 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\eabdska.sys

[2010.05.20 01:12:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.05.20 01:12:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.05.20 01:02:13 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe

[2010.05.19 23:20:06 | 001,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.05.19 23:20:06 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.05.19 23:20:06 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.05.19 23:20:06 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.05.19 23:20:06 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.05.19 23:12:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.05.19 23:12:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.05.19 23:11:04 | 000,524,288 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{565c9e75-acd4-11de-b4bb-001d9207f1d0}.TMContainer00000000000000000001.regtrans-ms

[2010.05.19 23:11:04 | 000,065,536 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{565c9e75-acd4-11de-b4bb-001d9207f1d0}.TM.blf

[2010.05.19 23:11:02 | 003,924,319 | -H-- | M] () -- C:\Users\Name\AppData\Local\IconCache.db

[2010.05.19 22:49:38 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.19 22:29:32 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EF8B46CB-B142-43D6-BF7C-49349D2E31F8}.job

[2010.05.19 19:56:59 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe

[2010.05.19 19:56:54 | 000,361,216 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe

[2010.05.19 19:56:50 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2010.05.19 19:56:49 | 000,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk

[2010.05.18 22:27:45 | 249,751,869 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010.05.11 17:26:59 | 000,018,472 | ---- | M] () -- C:\Users\Name\Documents\Anschreiben-DocuWare.odt

[2010.05.11 16:40:48 | 000,057,939 | ---- | M] () -- C:\Users\Name\Documents\Anschreiben-DocuWare.pdf

[2010.05.11 13:40:06 | 000,014,336 | ---- | M] () -- C:\Users\Name\Documents\3-computer_informationstechnologie-bXeuFsB.doc

[2010.05.11 13:40:04 | 000,015,872 | ---- | M] () -- C:\Users\Name\Documents\3-computer_informationstechnologie-Lsf4N90.doc

[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.05.05 17:23:47 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.05.05 17:19:45 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.04.20 19:58:24 | 000,055,601 | ---- | M] () -- C:\Users\Name\Documents\ARGE.pdf

[2010.04.20 19:57:59 | 000,018,265 | ---- | M] () -- C:\Users\Name\Documents\ARGE.odt

 
 ========== Files Created - No Company Name ==========

 

[2010.05.20 01:54:30 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\eabdska.sys

[2010.05.19 22:49:38 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.05.19 19:58:00 | 000,000,522 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job

[2010.05.19 19:55:39 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2010.05.19 19:55:39 | 000,001,627 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk

[2010.05.18 22:27:45 | 249,751,869 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010.05.11 16:40:46 | 000,057,939 | ---- | C] () -- C:\Users\Name\Documents\Anschreiben-DocuWare.pdf

[2010.05.11 13:40:06 | 000,014,336 | ---- | C] () -- C:\Users\Name\Documents\3-computer_informationstechnologie-bXeuFsB.doc

[2010.05.11 13:39:57 | 000,015,872 | ---- | C] () -- C:\Users\Name\Documents\3-computer_informationstechnologie-Lsf4N90.doc

[2010.05.11 13:29:22 | 000,018,472 | ---- | C] () -- C:\Users\Name\Documents\Anschreiben-DocuWare.odt

[2010.05.05 17:23:47 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.05.05 17:19:45 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010.04.20 19:58:05 | 000,055,601 | ---- | C] () -- C:\Users\Name\Documents\ARGE.pdf

[2010.04.20 19:57:23 | 000,018,265 | ---- | C] () -- C:\Users\Name\Documents\ARGE.odt

[2009.12.28 03:22:20 | 000,802,304 | ---- | C] () -- C:\Windows\System32\drivers\abfayyq.sys

[2009.10.20 16:48:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2008.10.21 11:24:29 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2008.10.21 11:24:29 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2008.10.21 11:24:29 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2008.10.21 11:17:29 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI

[2008.09.21 13:10:27 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll

[2008.08.17 21:29:03 | 000,000,025 | ---- | C] () -- C:\Windows\gsview32.ini

[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest

[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest

[2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.06.29 12:56:08 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini

[2007.08.15 13:41:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[1997.06.14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

< End of report >

Code:

OTL Extras logfile created on: 20.05.2010 01:56:09 - Run 1

OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Name\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 212,87 Gb Total Space | 55,90 Gb Free Space | 26,26% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 15,60 Gb Free Space | 78,01% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 624,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

 

Computer Name: Name-PC

Current User Name: Name

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2612312902-146071279-4069502417-1002]

"EnableNotifications" = 1

"EnableNotificationsRef" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B206D64-E47F-40DA-9572-D5788E33919C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{110DFFB5-732B-4ED9-912A-F4E9C971CA9A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{12768A06-6180-48F2-A798-3EFABCBC80A8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{12818E46-4C8C-4B97-82F3-FD090E35BA48}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{4DA47720-3D49-4DC3-A386-8F021CF3F583}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{52330406-B769-4591-B2E5-7700588FE2BA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{65B8CB98-A69E-44E5-BC5B-985197A75A4B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{679000D3-E8BF-48AC-B597-71F897C337E7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{69AA453A-355E-410E-AB4C-2AA9EFB90677}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{7B1868B2-F976-4DA9-80C2-7FEE82022275}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{835BFADA-1FF8-4C8E-85BA-B1E09CA841F0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{A582C95F-C687-4564-94DE-8EBD76B6AAD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{AEB3D7BC-B02E-40BC-A297-EFD9A82AC0B0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{B174FCE4-1BBA-4AB9-8F0A-5D9169262BED}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{B2183FB8-BBAD-4548-95E6-843B0B4899DC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{B28A899E-B100-4C35-851C-378066B63AAC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{EEF3FEFA-E036-467C-86DC-3A0D46CFAFF0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{FD11B3AE-1A16-465F-9EB8-8C85409F8824}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01BA9B81-1303-4EF4-A8DC-3BF34311429C}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 

"{03368E0C-0DB5-4ECE-8F31-396826A18856}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 

"{0831593D-5392-4E0C-9203-BED9E1EC1F01}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{0C95FA45-67C8-42EC-B27C-4A7D40CBFA58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{15DA33F5-FB0E-4251-9F35-550374588CA7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{1AB7356A-A3BF-47E1-A990-5C3BBE8B709D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1EC80399-C0D6-4A82-A6B2-7871339E650F}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe | 

"{20F0B6B6-1369-40B5-854F-E383B4D8B914}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{2E8E7920-6489-4C7F-8A11-9935517A8372}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{3CD6086C-A53A-4AC3-B526-D29E8A1EE40E}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 

"{45ED55FE-3848-49F3-85BE-A349B919BD83}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{46195351-5249-4DD3-9239-F5288F6FFA90}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{4C2B40A0-EFEE-4057-8193-0357C1491B79}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 

"{4DE9BF40-3F0B-457E-8973-870B6A125F1F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{65F2A2FB-22F2-43A1-8A19-240691C29BF9}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | 

"{688DA2AF-495F-429A-9DEE-8D8A30844A83}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6ECEBE89-4233-4948-A23C-6CA3332CCD88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{83AE9D15-D924-49FB-846D-F3782617A5A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{8851DF65-6185-486A-9BB4-ACBFBA15BEB4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{88966398-87E5-4BC6-9CC3-1881ABD6999D}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe | 

"{8CF7DC18-FEB1-42C7-8579-E7012C142792}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{978173D6-1E2A-48C6-9A06-B6E677070E21}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{9A853882-5D75-476F-8A20-171CF5A61B87}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 

"{A2F559AF-417E-451F-80F8-B194B245E08D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{B2A0C592-F1C4-4929-8181-A87F8D2CDAC3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{B37D0607-C34E-4FE4-ADC0-47389018E55F}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\warlords\civ4warlords_pitboss.exe | 

"{B69FEBA3-96B0-411B-A144-52119E8B744A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{CBC1670C-C202-4320-8161-3780CB619B85}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe | 

"{D10C1609-2E13-4952-B4E5-3D99D8F5A14C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 

"{D22D03F5-B722-4132-8BDF-D79494CC59EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{DBC46957-5EF6-47F0-9610-066241B97CE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{E3752D61-8C61-4C87-A412-9298C92B6A6E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{E659B73D-A85D-4222-BE44-6DF3A5863352}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe | 

"{EBFF43D8-643A-49FF-ABB1-0083AE5FA56D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{F7F6A81B-BAD9-49DC-995A-2119E1F1BE46}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{05D488FC-1470-4464-AD60-943BE00F0266}C:\program files\cvsnt\workspaceviewer.exe" = protocol=6 | dir=in | app=c:\program files\cvsnt\workspaceviewer.exe | 

"TCP Query User{1428AFC1-FC0F-402E-B8E0-1F2B88D48212}C:\program files\java\jdk1.6.0\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0\jre\bin\java.exe | 

"TCP Query User{432FFE16-EE9C-4C65-943C-0D7B8E4ACDB6}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{8FD6F43E-9AE8-4E43-99DB-FB9B7206EC9B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"TCP Query User{9A31BD99-FEBE-4C9A-8E1E-09266D23C116}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"UDP Query User{046E1ADE-E51C-480A-B286-F3C441BA6E99}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{68ACF34E-54A6-457D-B2E0-53AA1B83C490}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 

"UDP Query User{B4083DD4-44F7-4D25-A26B-374B8B98019A}C:\program files\cvsnt\workspaceviewer.exe" = protocol=17 | dir=in | app=c:\program files\cvsnt\workspaceviewer.exe | 

"UDP Query User{C25C1502-7D37-4CCF-AF6D-4F03594275A2}C:\program files\java\jdk1.6.0\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0\jre\bin\java.exe | 

"UDP Query User{E887EA17-2D74-4512-AD89-1C4F5FE89FDA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20

"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java(TM) SE Development Kit 6

"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword

"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2

"{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition

"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009

"{5CFEB311-219C-27B2-7439-6A1D509CD819}" = Catalyst Control Center Core Implementation

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710C1A1B-D0FC-28F1-7FC0-17C16541FEE0}" = Catalyst Control Center Graphics Full New

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7

"{7C480BB2-42A9-40C6-AA5F-7AA20FC7C7F3}" = CVSNT 2.5.03.2382

"{7DB1F93E-A510-91AB-F2BC-1842D1C9191A}" = Catalyst Control Center Graphics Light

"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B4453AF-C0F7-C9FC-9EB2-4E937ABFF70A}" = CCC Help German

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter

"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{ACDE0B56-269E-3076-02BD-506BF816E40E}" = Catalyst Control Center Graphics Full Existing

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner

"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BCEE61A2-D111-21D0-A8F1-5D85AC88B905}" = ccc-core-static

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4

"{D4824F2A-1088-7628-40A6-F9D6993027E8}" = Skins

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1

"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update

"{E7D01DFA-42ED-9A41-FDFB-5033A5324A45}" = Catalyst Control Center Graphics Previews Vista

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F9A6EB9F-41C3-BAAF-135F-BE811F379B71}" = ccc-utility

"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm

"{FECEAE9B-35EA-B495-D70C-29E1965359E7}" = Catalyst Control Center Localization German

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVMFBox" = AVM FRITZ!Box Dokumentation

"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss

"BullGuard" = BullGuard 7.0 for Vista

"Diagram Designer" = Diagram Designer

"Drakensang_is1" = Drakensang

"Free YouTube Download_is1" = Free YouTube Download 2.3

"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1

"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MiKTeX 2.7" = MiKTeX 2.7

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Mozilla Sunbird (0.8)" = Mozilla Sunbird (0.8)

"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)

"nbi-glassfish-2.0.0.58.20070907" = GlassFish V2

"nbi-nb-base-6.0.0.0.200711261600" = NetBeans IDE 6.0

"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11

"RollerCoaster Tycoon Setup" = Roll

"SupernaturalScreensaver" = SupernaturalScreensaver

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeXnicCenter Alpha_is1" = TeXnicCenter Version 2.0 Alpha 2

"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VideoLAN VLC media player 0.8.6d

"Winamp" = Winamp

"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen

"WinRAR archiver" = WinRAR

"World of Warcraft" = World of Warcraft

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 04.11.2009 06:04:42 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.11.2009 12:33:46 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.11.2009 12:33:46 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.11.2009 12:57:44 | Computer Name = Name-PC | Source = EventSystem | ID = 4621

Description = 

 

Error - 04.11.2009 15:05:41 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 04.11.2009 15:05:41 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 05.11.2009 06:41:37 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 05.11.2009 06:41:37 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 05.11.2009 12:35:51 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 05.11.2009 12:35:51 | Computer Name = Name-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

[ System Events ]

Error - 11.02.2010 18:04:38 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 11.02.2010 18:04:38 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 15.02.2010 18:27:47 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 27.04.2010 14:18:11 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 05.05.2010 11:15:23 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 05.05.2010 11:16:23 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7032

Description = 

 

Error - 05.05.2010 11:16:39 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 18.05.2010 16:27:52 | Computer Name = Name-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 18.05.2010 um 22:26:10 unerwartet heruntergefahren.

 

Error - 19.05.2010 13:55:53 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 19.05.2010 13:56:59 | Computer Name = Name-PC | Source = Service Control Manager | ID = 7000

Description = 

 

[ TuneUp Events ]

Error - 24.09.2009 20:13:44 | Computer Name = Name-PC | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-25 02:13:44', '\device\harddiskvolume1\program

 files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe','4460',0)

 

Error - 26.10.2009 18:39:16 | Computer Name = Name-PC | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-10-26 23:39:16', '\device\harddiskvolume1\program

 files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe','3860',0)

 

Error - 08.12.2009 15:44:35 | Computer Name = Name-PC | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-08 20:44:35', '\device\harddiskvolume1\program

 files\firaxis games\sid meier's civilization 4\warlords\civ4warlords.exe','1548',0)

 

Error - 19.05.2010 16:49:47 | Computer Name = Name-PC | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-19 22:49:47', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','4052',0)

 

Error - 19.05.2010 16:50:23 | Computer Name = Name-PC | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-19 22:50:23', '\device\harddiskvolume1\program

 files\malwarebytes' anti-malware\mbam.exe','3196',0)

 

< End of report >

Hallo und Herzlich Willkommen! :)

Zur Info:
Durch einen starken Befall, wie z.B Backdoor und Rootkit, ist nicht 100 %-ig möglich einen Rechner von Schädlingen zu befreien.
Die Schädlinge hinterlassen charakteristische Spuren an ihrem "Tatort", sie vollkommen aufzuspüren ist nicht möglich. Daher ist empfehlenswert, das stark komprimierte System komplett neu zu installieren, den Auslieferungszustand wieder so zu erreichen
Wenn du dich für eine umfassende Reinigung deines Systems entscheidest, so geht`s weiter:
- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
lade Dir HijackThis von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

2.
bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
Lade und installiere das Tool RootRepeal herunter

setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
"Stealth Objects" -> "Scan"-> Save Report"...
"Hidden Services" -> "Scan"-> Save Report"...
speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Hallo zusammen,

ich war seit dem letzten Post im Urlaub. Ich hoffe dennoch, dass noch jemand diesen Thread liest und mir helfen kann. Denn kam fahre ich meinen PC hoch, schrillen wieder alle Alarmglocken, die CPU kreischt bei 98% und Maleware wird fündig ....

Malewarebytes Anti-Maleware

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 4118
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904
 

09.06.2010 23:46:00

mbam-log-2010-06-09 (23-46-00).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 117283

Laufzeit: 7 Minute(n), 10 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\Windows\system32\Drivers\abfayyq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

HijackThis

Code:

HiJackthis Logfile:
 

        Code:


        
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:43:01, on 09.06.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) -  - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O13 - Gopher Prefix: 

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe

O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe

O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe

O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
 

--

End of file - 6003 bytes

 
--- --- ---

--- --- ---

hjtscanlist:

Code:

 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows [Version 6.0.6002]

 

 

C:
 

  09.06.2010 22:42     C:\Program Files --------- 24576   

  09.06.2010 16:39     C:\Windows --------- 32768   

       C:\pagefile.sys ---------    

  08.06.2010 16:27     C:\System Volume Information --------- 40960   

  19.05.2010 22:49     C:\ProgramData --------- 8192   

  26.10.2009 23:11     C:\Boot --------- 4096   

  19.09.2009 14:43     C:\PerfLogs --------- 0   

  11.04.2009 08:36     C:\bootmgr --------- 333257   

  04.12.2008 00:26     C:\Fopra --------- 4096   

  11.11.2008 01:33     C:\fisc08.pdf --------- 354820   

  03.11.2008 00:56     C:\fisc08.tex --------- 3339   

  24.09.2008 02:00     C:\.jagex_cache_32 --------- 0   

  16.09.2008 13:26     C:\RA_Skript_SS08.pdf --------- 4329456   

  12.09.2008 22:57     C:\stud77.pdf --------- 325970   

  31.08.2008 02:03     C:\main.tex --------- 5831   

  31.08.2008 01:53     C:\main.2.tex --------- 236   

  30.08.2008 23:31     C:\Makefile --------- 5577   

  21.08.2008 19:09     C:\RA_Skript_SS08.2.pdf --------- 4418315   

  17.08.2008 21:46     C:\RA_Skript_SS08.ps --------- 13161432   

  17.08.2008 21:28     C:\gstools --------- 0   

  05.08.2008 23:29     C:\main.pdf --------- 4323903   

  05.08.2008 23:14     C:\struktur.pdf --------- 125661   

  05.08.2008 18:32     C:\rechner.pdf --------- 126717   

  05.08.2008 18:32     C:\mainboard.pdf --------- 124814   

  04.08.2008 13:37     C:\cover.pdf --------- 88263   

  04.08.2008 13:37     C:\cover.eps --------- 125203   

  11.06.2008 20:33     C:\BlueByte --------- 0   

  15.03.2008 18:50     C:\IO.SYS --------- 0   

  15.03.2008 18:50     C:\MSDOS.SYS --------- 0   

  06.02.2008 11:35     C:\stud77.tex --------- 1811   

  03.01.2008 00:08     C:\$RECYCLE.BIN --------- 0   

  03.01.2008 00:08     C:\Users --------- 4096   

  03.01.2008 00:04     C:\Programme --------- 0   

  03.01.2008 00:04     C:\Dokumente und Einstellungen --------- 0   

  28.06.2007 16:09     C:\BOOTSECT.BAK --------- 8192   

  02.11.2006 15:02     C:\Documents and Settings --------- 0   

  18.09.2006 23:43     C:\config.sys --------- 10   

  18.09.2006 23:43     C:\autoexec.bat --------- 24   

----------------------------------------
 

 

C:\Windows
 

  09.06.2010 21:45     C:\Windows\ntbtlog.txt --------- 3989150   

  09.06.2010 16:38     C:\Windows\bootstat.dat --------- 67584   

  09.06.2010 13:11     C:\Windows\WindowsUpdate.log --------- 1325405   

  27.05.2010 12:22     C:\Windows\PFRO.log --------- 4454   

  18.05.2010 22:27     C:\Windows\MEMORY.DMP --------- 249751869   

  05.01.2010 21:05     C:\Windows\avmsysnet.log --------- 107   

  25.11.2009 21:01     C:\Windows\msxml4-KB973688-deu.LOG --------- 295608   

  04.11.2009 22:58     C:\Windows\setupact.log --------- 16319   

  19.09.2009 14:53     C:\Windows\WindowsShell.Manifest --------- 749   

  19.09.2009 14:34     C:\Windows\setuperr.log --------- 0   

  14.09.2009 21:52     C:\Windows\ocsetup_install_NetFx3.etl --------- 30212096   

  14.09.2009 21:52     C:\Windows\ocsetup_cbs_install_NetFx3.perf --------- 393216   

  14.09.2009 21:52     C:\Windows\ocsetup_cbs_install_NetFx3.dpx --------- 196608   

  13.09.2009 13:33     C:\Windows\msxml4-KB954430-deu.LOG --------- 290038   

  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   

  21.10.2008 11:41     C:\Windows\SIERRA.INI --------- 239   

  17.08.2008 21:29     C:\Windows\gsview32.ini --------- 25   

  31.07.2008 10:43     C:\Windows\pscp.exe --------- 294912   

  29.06.2008 12:56     C:\Windows\vtmb.ini --------- 292   

  19.05.2008 11:43     C:\Windows\eReg.dat --------- 1886   

  19.01.2008 09:33     C:\Windows\regedit.exe --------- 134656   

  19.01.2008 09:33     C:\Windows\notepad.exe --------- 151040   

  19.01.2008 09:33     C:\Windows\HelpPane.exe --------- 498176   

  19.01.2008 09:33     C:\Windows\fveupdate.exe --------- 13312   

  19.01.2008 09:33     C:\Windows\bfsvc.exe --------- 58880   

  14.01.2008 14:36     C:\Windows\nsreg.dat --------- 0   

  15.08.2007 15:03     C:\Windows\csup.txt --------- 12   

  15.08.2007 14:27     C:\Windows\msxml4-KB936181-ita.LOG --------- 179416   

  15.08.2007 14:27     C:\Windows\msxml4-KB936181-fra.LOG --------- 180142   

  15.08.2007 14:27     C:\Windows\msxml4-KB936181-esn.LOG --------- 179662   

  15.08.2007 14:27     C:\Windows\msxml4-KB936181-enu.LOG --------- 179662   

  15.08.2007 14:27     C:\Windows\msxml4-KB936181-deu.LOG --------- 264692   

  15.08.2007 14:10     C:\Windows\DIFxAPI.dll --------- 319456   

  28.06.2007 15:59     C:\Windows\HideWin.exe --------- 315392   

  13.06.2007 13:11     C:\Windows\RtHDVCpl.exe --------- 4489216   

  28.05.2007 20:39     C:\Windows\SkyTel.exe --------- 1826816   

  03.05.2007 13:52     C:\Windows\atiogl.xml --------- 11557   

  16.01.2007 10:39     C:\Windows\RtlUpd.exe --------- 1191936   

  12.01.2007 16:54     C:\Windows\RtlExUpd.dll --------- 520192   

  02.11.2006 15:04     C:\Windows\win.ini --------- 144   

  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   

  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   

  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   

  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   

  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   

  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   

  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   

  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   

  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   

  18.09.2006 23:46     C:\Windows\system.ini --------- 219   

  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   

  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   

  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   

  14.07.2006 16:29     C:\Windows\UNNeroVision.exe --------- 966656   

  14.07.2006 16:29     C:\Windows\UNNeroShowTime.exe --------- 966656   

  14.07.2006 16:29     C:\Windows\UNNeroMediaHome.exe --------- 966656   

  14.07.2006 16:29     C:\Windows\UNRecode.exe --------- 966656   

  14.07.2006 16:29     C:\Windows\UNNeroBackItUp.exe --------- 966656   

  15.09.2005 13:35     C:\Windows\UNNeroMediaHome.cfg --------- 50   

  30.08.2005 20:37     C:\Windows\UNNeroVision.cfg --------- 50   

  30.08.2005 20:37     C:\Windows\UNNeroShowTime.cfg --------- 50   

  30.08.2005 20:36     C:\Windows\UNRecode.cfg --------- 50   

  30.08.2005 20:33     C:\Windows\UNNeroBackItUp.cfg --------- 50   

  17.12.1999 10:13     C:\Windows\unvise32.exe --------- 86016   

  29.05.1999 10:54     C:\Windows\UniFish3.exe --------- 45568   

  21.10.1998 18:43     C:\Windows\IsUn0407.exe --------- 328704   

----------------------------------------
 

 

C:\Windows\System
 

 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 

 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 

 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 

 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 

 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 

 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 

 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 

 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 

 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 

 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 

 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 

 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 

 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 

 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 

 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 

 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 

 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 

 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 

 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 

 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 

 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 

 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 

----------------------------------------
 

 

C:\Windows\System32
 

 09.06.2010 22:38     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3168  

 09.06.2010 22:38     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3168  

 09.06.2010 21:53     C:\Windows\system32\drivers --------- 57344  

 08.06.2010 22:06     C:\Windows\system32\perfh009.dat --------- 595308  

 08.06.2010 22:06     C:\Windows\system32\perfc009.dat --------- 104742  

 08.06.2010 22:06     C:\Windows\system32\perfh007.dat --------- 628210  

 08.06.2010 22:06     C:\Windows\system32\perfc007.dat --------- 126850  

 08.06.2010 22:06     C:\Windows\system32\PerfStringBackup.INI --------- 1445786  

 02.06.2010 20:13     C:\Windows\system32\catroot2 --------- 8192  

 26.05.2010 20:01     C:\Windows\system32\de-DE --------- 266240  

 26.05.2010 10:52     C:\Windows\system32\catroot --------- 4096  

 22.05.2010 00:01     C:\Windows\system32\en-US --------- 8192  

 19.05.2010 20:26     C:\Windows\system32\Tasks --------- 4096  

 19.05.2010 19:56     C:\Windows\system32\TUProgSt.exe --------- 604416  

 19.05.2010 19:56     C:\Windows\system32\TuneUpDefragService.exe --------- 361216  

 12.05.2010 11:21     C:\Windows\system32\MpSigStub.exe --------- 221568  

 30.04.2010 20:51     C:\Windows\system32\mrt.exe --------- 32058312  

 23.04.2010 16:13     C:\Windows\system32\tzres.dll --------- 2048  

 19.04.2010 20:06     C:\Windows\system32\jupdate-1.6.0_20-b02.log --------- 4640  

 16.04.2010 08:33     C:\Windows\system32\usbaaplrc.dll --------- 3003680  

 12.04.2010 17:29     C:\Windows\system32\javaws.exe --------- 153376  

 12.04.2010 17:29     C:\Windows\system32\javaw.exe --------- 145184  

 12.04.2010 17:29     C:\Windows\system32\java.exe --------- 145184  

 12.04.2010 17:29     C:\Windows\system32\deployJava1.dll --------- 411368  

 09.04.2010 20:16     C:\Windows\system32\migration --------- 4096  

 08.04.2010 13:20     C:\Windows\system32\dns-sd.exe --------- 107808  

 08.04.2010 13:20     C:\Windows\system32\dnssd.dll --------- 91424  

 17.03.2010 21:53     C:\Windows\system32\QuickTime.qts --------- 69632  

 17.03.2010 21:53     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  

 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  

 28.02.2010 17:01     C:\Windows\system32\FNTCACHE.DAT --------- 257496  

 23.02.2010 08:39     C:\Windows\system32\wininet.dll --------- 916480  

 23.02.2010 08:39     C:\Windows\system32\urlmon.dll --------- 1209344  

 23.02.2010 08:37     C:\Windows\system32\occache.dll --------- 206848  

 23.02.2010 08:35     C:\Windows\system32\mstime.dll --------- 611840  

 23.02.2010 08:34     C:\Windows\system32\mshtml.dll --------- 5944832  

 23.02.2010 08:34     C:\Windows\system32\msfeedsbs.dll --------- 55296  

 23.02.2010 08:34     C:\Windows\system32\msfeeds.dll --------- 594432  

 23.02.2010 08:34     C:\Windows\system32\jsproxy.dll --------- 25600  

 23.02.2010 08:33     C:\Windows\system32\inetcpl.cpl --------- 1469440  

 23.02.2010 08:33     C:\Windows\system32\ieui.dll --------- 164352  

 23.02.2010 08:33     C:\Windows\system32\iesysprep.dll --------- 109056  

 23.02.2010 08:33     C:\Windows\system32\iesetup.dll --------- 71680  

 23.02.2010 08:33     C:\Windows\system32\iertutil.dll --------- 1985536  

 23.02.2010 08:33     C:\Windows\system32\iernonce.dll --------- 55808  

 23.02.2010 08:33     C:\Windows\system32\iepeers.dll --------- 184320  

 23.02.2010 08:33     C:\Windows\system32\ieframe.dll --------- 11070976  

 23.02.2010 08:33     C:\Windows\system32\iedkcs32.dll --------- 387584  

 23.02.2010 06:55     C:\Windows\system32\ieUnatt.exe --------- 133632  

 23.02.2010 06:55     C:\Windows\system32\ie4uinit.exe --------- 173056  

 23.02.2010 06:54     C:\Windows\system32\msfeedssync.exe --------- 13312  

 23.02.2010 06:54     C:\Windows\system32\mshtml.tlb --------- 1638912  

 21.02.2010 01:06     C:\Windows\system32\nshhttp.dll --------- 24064  

 21.02.2010 01:05     C:\Windows\system32\httpapi.dll --------- 30720  

 18.02.2010 16:07     C:\Windows\system32\ntkrnlpa.exe --------- 3600776  

 18.02.2010 16:07     C:\Windows\system32\ntoskrnl.exe --------- 3548040  

 18.02.2010 15:30     C:\Windows\system32\iphlpsvc.dll --------- 200704  

 12.02.2010 12:32     C:\Windows\system32\browserchoice.exe --------- 293376  

 29.01.2010 17:40     C:\Windows\system32\inetcomm.dll --------- 738816  

 21.01.2010 17:05     C:\Windows\system32\l3codeca.acm --------- 62464  

 13.01.2010 19:34     C:\Windows\system32\cabview.dll --------- 98304  

 29.12.2009 21:04     C:\Windows\system32\mscomct2.ocx --------- 644400  

 23.12.2009 13:33     C:\Windows\system32\wintrust.dll --------- 172032  

 04.12.2009 20:30     C:\Windows\system32\tsbyuv.dll --------- 12288  

 04.12.2009 20:29     C:\Windows\system32\quartz.dll --------- 1314816  

 04.12.2009 20:28     C:\Windows\system32\msyuv.dll --------- 22528  

 04.12.2009 20:28     C:\Windows\system32\msvidc32.dll --------- 31744  

 04.12.2009 20:28     C:\Windows\system32\msvfw32.dll --------- 123904  

 04.12.2009 20:28     C:\Windows\system32\msrle32.dll --------- 13312  

 04.12.2009 20:28     C:\Windows\system32\mciavi32.dll --------- 82944  

 04.12.2009 20:28     C:\Windows\system32\iyuv_32.dll --------- 50176  

 04.12.2009 20:27     C:\Windows\system32\avifil32.dll --------- 91136  

 04.12.2009 09:19     C:\Windows\system32\jscript.dll --------- 726528  

 28.10.2009 15:57     C:\Windows\system32\wbem --------- 61440  

 28.10.2009 15:56     C:\Windows\system32\pt-BR --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\bg-BG --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\it-IT --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\pt-PT --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\he-IL --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\pl-PL --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\uk-UA --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\hr-HR --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\ko-KR --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\hu-HU --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\zh-HK --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\sl-SI --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\nl-NL --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\fr-FR --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\el-GR --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\sr-Latn-CS --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\fi-FI --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\tr-TR --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\th-TH --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\sv-SE --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\es-ES --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\lv-LV --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\lt-LT --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\zh-TW --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\sk-SK --------- 4096  

 28.10.2009 15:56     C:\Windows\system32\et-EE --------- 4096  

----------------------------------------
 

 

C:\Windows\Prefetch
 

----------------------------------------
 

 

C:\Windows\Tasks
 

 09.06.2010 22:00     C:\Windows\Tasks\1-Klick-Wartung.job --------- 522  

 09.06.2010 16:38     C:\Windows\Tasks\SA.DAT --------- 6  

 09.06.2010 13:11     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32530  

 08.06.2010 23:02     C:\Windows\Tasks\User_Feed_Synchronization-{EF8B46CB-B142-43D6-BF7C-49349D2E31F8}.job --------- 420  

----------------------------------------
 

 

C:\Windows\Temp
 

 09.06.2010 22:50     C:\Windows\Temp\tmp00003b13 --------- 4096  

 09.06.2010 16:59     C:\Windows\Temp\MpCmdRun.log --------- 88168  

 09.06.2010 16:39     C:\Windows\Temp\JETED98.tmp --------- 0  

 09.06.2010 12:59     C:\Windows\Temp\JET157.tmp --------- 0  

 09.06.2010 12:30     C:\Windows\Temp\JET14F6.tmp --------- 0  

 08.06.2010 16:27     C:\Windows\Temp\MpSigStub.log --------- 223916  

 08.06.2010 16:02     C:\Windows\Temp\JETE484.tmp --------- 0  

 07.06.2010 22:16     C:\Windows\Temp\JET8E5.tmp --------- 0  

 07.06.2010 12:32     C:\Windows\Temp\JET111F.tmp --------- 0  

 06.06.2010 13:16     C:\Windows\Temp\JETF333.tmp --------- 0  

 05.06.2010 18:37     C:\Windows\Temp\JETD39.tmp --------- 0  

 05.06.2010 12:56     C:\Windows\Temp\JETEA3E.tmp --------- 0  

 03.06.2010 14:59     C:\Windows\Temp\JETA2D.tmp --------- 0  

 02.06.2010 22:34     C:\Windows\Temp\JET12C4.tmp --------- 0  

 02.06.2010 22:10     C:\Windows\Temp\Cookies --------- 0  

 02.06.2010 22:08     C:\Windows\Temp\JET1A62.tmp --------- 0  

 02.06.2010 20:13     C:\Windows\Temp\JET2922.tmp --------- 0  

 02.06.2010 15:23     C:\Windows\Temp\JET3062.tmp --------- 0  

 01.06.2010 19:55     C:\Windows\Temp\JET1DCC.tmp --------- 0  

 01.06.2010 13:51     C:\Windows\Temp\JET191B.tmp --------- 0  

 31.05.2010 20:29     C:\Windows\Temp\JETE407.tmp --------- 0  

 31.05.2010 16:26     C:\Windows\Temp\JET19E6.tmp --------- 0  

 31.05.2010 13:48     C:\Windows\Temp\JET10C2.tmp --------- 0  

 30.05.2010 20:47     C:\Windows\Temp\JET1370.tmp --------- 0  

 30.05.2010 13:19     C:\Windows\Temp\JET2136.tmp --------- 0  

 19.05.2010 20:11     C:\Windows\Temp\History --------- 0  

 12.09.2009 20:24     C:\Windows\Temp\Temporary Internet Files --------- 0  

----------------------------------------
 

 

C:\Users\Lynaya\AppData\Local\Temp
 

 09.06.2010 22:40     C:\Users\Lynaya\AppData\Local\Temp\Lynaya.bmp --------- 31832  

 09.06.2010 20:45     C:\Users\Lynaya\AppData\Local\Temp\plugtmp-3 --------- 0  

 09.06.2010 20:28     C:\Users\Lynaya\AppData\Local\Temp\2010-07-01-Vertrag-Fischer.pdf --------- 49621  

 09.06.2010 16:44     C:\Users\Lynaya\AppData\Local\Temp\WPDNSE --------- 0  

 08.06.2010 22:07     C:\Users\Lynaya\AppData\Local\Temp\wmplog05.sqm --------- 1604  

 08.06.2010 22:07     C:\Users\Lynaya\AppData\Local\Temp\wmplog04.sqm --------- 1604  

 07.06.2010 12:46     C:\Users\Lynaya\AppData\Local\Temp\hsperfdata_Lynaya --------- 0  

 07.06.2010 12:46     C:\Users\Lynaya\AppData\Local\Temp\AUCHECK_CORE.txt --------- 604  

 07.06.2010 12:46     C:\Users\Lynaya\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 148  

 07.06.2010 12:46     C:\Users\Lynaya\AppData\Local\Temp\jusched.log --------- 2909  

 06.06.2010 16:57     C:\Users\Lynaya\AppData\Local\Temp\wmplog03.sqm --------- 1672  

 06.06.2010 16:43     C:\Users\Lynaya\AppData\Local\Temp\wmplog02.sqm --------- 1672  

 06.06.2010 00:49     C:\Users\Lynaya\AppData\Local\Temp\plugtmp --------- 0  

 02.06.2010 22:08     C:\Users\Lynaya\AppData\Local\Temp\wmplog01.sqm --------- 1780  

 02.06.2010 17:40     C:\Users\Lynaya\AppData\Local\Temp\jar_cache7824811363310327817.tmp --------- 22517  

 02.06.2010 17:40     C:\Users\Lynaya\AppData\Local\Temp\jar_cache4871130782545434463.tmp --------- 48381  

 02.06.2010 17:40     C:\Users\Lynaya\AppData\Local\Temp\jar_cache2910634618995902652.tmp --------- 30434  

 02.06.2010 17:40     C:\Users\Lynaya\AppData\Local\Temp\jar_cache8938047610762045726.tmp --------- 7209  

 02.06.2010 17:40     C:\Users\Lynaya\AppData\Local\Temp\jar_cache3796662114438646263.tmp --------- 23116  

 01.06.2010 19:55     C:\Users\Lynaya\AppData\Local\Temp\wmplog00.sqm --------- 1516  

 01.06.2010 00:21     C:\Users\Lynaya\AppData\Local\Temp\plugtmp-2 --------- 0  

 31.05.2010 20:31     C:\Users\Lynaya\AppData\Local\Temp\wmsetup.log --------- 406  

 30.05.2010 19:47     C:\Users\Lynaya\AppData\Local\Temp\plugtmp-1 --------- 0  

 07.09.2008 12:27     C:\Users\Lynaya\AppData\Local\Temp\nsr8853.tmp --------- 8192  

 19.03.2008 13:56     C:\Users\Lynaya\AppData\Local\Temp\Temporary Internet Files --------- 0  

----------------------------------------
 

 

C:\Program Files
 

 09.06.2010 22:42     C:\Program Files\Trend Micro --------- 0  

 02.06.2010 22:32     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  

 02.06.2010 22:12     C:\Program Files\DVDVideoSoft --------- 4096  

 20.05.2010 13:41     C:\Program Files\Google --------- 4096  

 19.05.2010 19:56     C:\Program Files\TuneUp Utilities 2009 --------- 49152  

 17.05.2010 20:00     C:\Program Files\Windows Mail --------- 4096  

 05.05.2010 17:23     C:\Program Files\iTunes --------- 4096  

 05.05.2010 17:23     C:\Program Files\iPod --------- 0  

 05.05.2010 17:19     C:\Program Files\QuickTime --------- 4096  

 05.05.2010 17:15     C:\Program Files\Bonjour --------- 4096  

 19.04.2010 20:06     C:\Program Files\Java --------- 4096  

 12.04.2010 22:12     C:\Program Files\Mozilla Firefox --------- 32768  

 10.04.2010 20:22     C:\Program Files\IKEA HomePlanner --------- 4096  

 09.04.2010 20:16     C:\Program Files\Internet Explorer --------- 4096  

 17.03.2010 21:43     C:\Program Files\Mozilla Thunderbird --------- 28672  

 12.03.2010 00:36     C:\Program Files\Movie Maker --------- 4096  

 27.02.2010 22:08     C:\Program Files\JRE --------- 0  

 27.02.2010 22:08     C:\Program Files\OpenOffice.org 3 --------- 4096  

 27.02.2010 22:07     C:\Program Files\OpenOffice.org 2.4 --------- 0  

 20.02.2010 15:03     C:\Program Files\TeXnicCenter Alpha --------- 8192  

 28.12.2009 23:19     C:\Program Files\InstallShield Installation Information --------- 8192  

 13.12.2009 21:51     C:\Program Files\ProtectDisc Driver Installer --------- 0  

 13.12.2009 21:48     C:\Program Files\Drakensang --------- 4096  

 28.10.2009 15:57     C:\Program Files\Windows Portable Devices --------- 0  

 28.10.2009 15:37     C:\Program Files\Windows Media Player --------- 4096  

 26.10.2009 23:04     C:\Program Files\Windows Calendar --------- 0  

 26.10.2009 23:04     C:\Program Files\Windows Sidebar --------- 4096  

 26.10.2009 23:04     C:\Program Files\Windows Collaboration --------- 4096  

 26.10.2009 23:04     C:\Program Files\Windows Journal --------- 4096  

 26.10.2009 23:04     C:\Program Files\Windows Photo Gallery --------- 4096  

 26.10.2009 23:04     C:\Program Files\Windows Defender --------- 4096  

 19.09.2009 14:53     C:\Program Files\desktop.ini --------- 174  

 18.09.2009 11:45     C:\Program Files\iPhone-Konfigurationsprogramm --------- 8192  

 13.09.2009 16:55     C:\Program Files\Windows Installer Clean Up --------- 0  

 13.09.2009 16:54     C:\Program Files\MSECACHE --------- 0  

 01.09.2009 15:30     C:\Program Files\Common Files --------- 4096  

 01.09.2009 14:29     C:\Program Files\GoogleEULA --------- 0  

 25.08.2009 14:50     C:\Program Files\Adobe --------- 0  

 18.07.2009 23:15     C:\Program Files\JoWood --------- 0  

 18.07.2009 23:03     C:\Program Files\Die Gilde --------- 0  

 01.07.2009 19:02     C:\Program Files\Avira --------- 0  

 27.05.2009 22:38     C:\Program Files\Skype --------- 0  

 31.03.2009 14:49     C:\Program Files\Mobipocket.com --------- 0  

 20.03.2009 00:16     C:\Program Files\Windows Mobile-Ressourcen --------- 0  

 04.02.2009 13:30     C:\Program Files\FRITZBoxPrint --------- 4096  

 04.02.2009 13:30     C:\Program Files\FRITZBox --------- 4096  

 22.01.2009 20:38     C:\Program Files\ICQ6.5 --------- 12288  

 22.01.2009 20:38     C:\Program Files\ICQ6Toolbar --------- 0  

 22.01.2009 20:37     C:\Program Files\ICQ6 --------- 0  

 02.12.2008 13:05     C:\Program Files\TeXnicCenter --------- 4096  

 02.12.2008 12:53     C:\Program Files\MiKTeX 2.7 --------- 4096  

 16.10.2008 11:34     C:\Program Files\World of Warcraft --------- 0  

 04.10.2008 12:40     C:\Program Files\Apple Software Update --------- 4096  

 07.09.2008 01:30     C:\Program Files\DivX --------- 4096  

 07.09.2008 01:29     C:\Program Files\Mozilla Sunbird --------- 8192  

 05.09.2008 18:03     C:\Program Files\eclipse --------- 4096  

 29.06.2008 12:38     C:\Program Files\Activision --------- 0  

 03.06.2008 01:44     C:\Program Files\Hasbro Interactive --------- 0  

 20.05.2008 20:30     C:\Program Files\Microsoft Games --------- 4096  

 28.04.2008 19:44     C:\Program Files\WinRAR --------- 4096  

 28.04.2008 01:02     C:\Program Files\WinEdt Team --------- 0  

 20.04.2008 20:30     C:\Program Files\CVSNT --------- 8192  

 09.04.2008 12:34     C:\Program Files\OpenOffice.org 2.3 --------- 0  

 04.03.2008 17:28     C:\Program Files\Winamp --------- 4096  

 16.02.2008 00:03     C:\Program Files\VideoLAN --------- 0  

 14.02.2008 18:52     C:\Program Files\MeeSoft --------- 0  

 25.01.2008 22:12     C:\Program Files\glassfish-v2 --------- 4096  

 25.01.2008 21:34     C:\Program Files\NetBeans 6.0 --------- 8192  

 12.01.2008 19:56     C:\Program Files\Firaxis Games --------- 0  

 04.01.2008 12:36     C:\Program Files\Teamspeak2_RC2 --------- 4096  

 03.01.2008 00:04     C:\Program Files\Gemeinsame Dateien --------- 0  

 03.01.2008 00:04     C:\Program Files\Windows NT --------- 4096  

 15.08.2007 14:25     C:\Program Files\Alice --------- 4096  

 15.08.2007 14:20     C:\Program Files\Medion --------- 0  

 15.08.2007 14:10     C:\Program Files\Realtek --------- 0  

 15.08.2007 14:03     C:\Program Files\ATI Technologies --------- 0  

 15.08.2007 14:03     C:\Program Files\ATI --------- 0  

 28.06.2007 16:58     C:\Program Files\BullGuard Software --------- 0  

 28.06.2007 16:16     C:\Program Files\MSXML 4.0 --------- 0  

 28.06.2007 16:06     C:\Program Files\Nero --------- 0  

 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  

 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  

 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  

----------------------------------------
 

 

C:\ProgramData\.. 
 

Lynaya    

desktop.ini    

Public    

Administrator    

Default    

All Users    

Default User    

----------------------------------------
 

 

C:\Windows\system32\drivers\etc\hosts
 

127.0.0.1       localhost

::1             localhost
 

----------------------------------------
 

 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung

========================= ======== ================ =========== ===============

System Idle Process              0 Services                   0            24 K

System                           4 Services                   0        14.524 K

smss.exe                       524 Services                   0           732 K

csrss.exe                      608 Services                   0         5.140 K

wininit.exe                    648 Services                   0         3.860 K

csrss.exe                      660 Console                    1         9.564 K

services.exe                   692 Services                   0        10.384 K

lsass.exe                      708 Services                   0         1.800 K

lsm.exe                        716 Services                   0         3.892 K

winlogon.exe                   800 Console                    1         5.944 K

svchost.exe                    924 Services                   0         6.432 K

svchost.exe                   1024 Services                   0         6.348 K

svchost.exe                   1080 Services                   0        53.620 K

Ati2evxx.exe                  1160 Services                   0         4.140 K

svchost.exe                   1232 Services                   0        12.880 K

svchost.exe                   1280 Services                   0        84.960 K

svchost.exe                   1292 Services                   0        30.200 K

audiodg.exe                   1436 Services                   0        17.088 K

svchost.exe                   1456 Services                   0         4.772 K

SLsvc.exe                     1472 Services                   0        11.736 K

svchost.exe                   1520 Services                   0         8.492 K

svchost.exe                   1632 Services                   0        14.268 K

Ati2evxx.exe                  1724 Console                    1         6.556 K

sched.exe                     1820 Services                   0         1.448 K

svchost.exe                   1832 Services                   0        17.192 K

avguard.exe                   2040 Services                   0        13.360 K

AppleMobileDeviceService.      340 Services                   0         3.816 K

BullGuardUpdate.exe            392 Services                   0         5.700 K

svchost.exe                    352 Services                   0        75.668 K

mDNSResponder.exe              540 Services                   0         4.800 K

ServiceController.exe          584 Services                   0        14.056 K

LSSrvc.exe                    1404 Services                   0         3.396 K

svchost.exe                   1544 Services                   0         6.988 K

TUProgSt.exe                   828 Services                   0         8.212 K

svchost.exe                   1652 Services                   0         2.156 K

SearchIndexer.exe             1844 Services                   0        22.032 K

GCS.exe                       2076 Services                   0        46.328 K

WUDFHost.exe                  2220 Services                   0         5.164 K

taskeng.exe                   2432 Services                   0         5.896 K

svchost.exe                   4004 Services                   0         5.152 K

svchost.exe                   4040 Services                   0         6.564 K

dwm.exe                       3664 Console                    1        81.776 K

explorer.exe                  3692 Console                    1        65.240 K

taskeng.exe                   3728 Console                    1        11.640 K

MSASCui.exe                   3244 Console                    1        11.872 K

RtHDVCpl.exe                  3504 Console                    1         8.004 K

wmdc.exe                      4028 Console                    1         5.584 K

avgnt.exe                     3780 Console                    1         2.312 K

sidebar.exe                   3416 Console                    1        33.020 K

MOM.exe                       3396 Console                    1         4.000 K

CCC.exe                       3588 Console                    1        11.492 K

firefox.exe                   3232 Console                    1       189.400 K

SearchProtocolHost.exe        3988 Services                   0         8.784 K

cmd.exe                       3188 Console                    1         2.864 K

conime.exe                    3380 Console                    1         3.568 K

SearchFilterHost.exe          3008 Services                   0         5.336 K

tasklist.exe                  3200 Console                    1         4.868 K

WmiPrvSE.exe                   596 Services                   0         5.880 K
 

 

***** Ende des Scans 09.06.2010 um 22:50:49,73 ***

CCleaner:

Code:

Ja        HKCU:Run        Sidebar        C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

Nein        HKCU:Run        ICQ        "C:\Program Files\ICQ6.5\ICQ.exe" silent

Nein        HKCU:Run        Skype        "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

Ja        HKLM:Run        Windows Defender        %ProgramFiles%\Windows Defender\MSASCui.exe -hide

Ja        HKLM:Run        RtHDVCpl        RtHDVCpl.exe

Ja        HKLM:Run        Windows Mobile Device Center        %windir%\WindowsMobile\wmdc.exe

Ja        HKLM:Run        avgnt        "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

Ja        HKLM:Run        BullGuard        "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot

Ja        HKLM:Run        MSConfig        "C:\Windows\System32\msconfig.exe" /auto

Ja        HKLM:Run        StartCCC        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

Ja        HKLM:Run        Skytel        Skytel.exe

Ja        HKLM:Run        Malwarebytes Anti-Malware (reboot)        "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

Nein        HKLM:Run        QuickTime Task        "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Nein        HKLM:Run        toolbar_eula_launcher        C:\Program Files\GoogleEULA\EULALauncher.exe

Nein        HKLM:Run        WinampAgent        "C:\Program Files\Winamp\winampa.exe"

Nein        Startup User        OpenOffice.org 2.4.lnk        C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE

Gmer:
[CODE]
GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-06-09 23:30:40

Windows 6.0.6002 Service Pack 2

Running: io7wnz65.exe; Driver: C:\Users\Lynaya\AppData\Local\Temp\kwryrpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            9C791AEC                                                                                                             ZwCreateThread

SSDT            9C791AD8                                                                                                             ZwOpenProcess

SSDT            9C791ADD                                                                                                             ZwOpenThread

SSDT            9C791AE7                                                                                                             ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                        844F4984 4 Bytes  [EC, 1A, 79, 9C] {IN AL, DX ; SBB BH, [ECX-0x64]}

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                        844F4B54 4 Bytes  [D8, 1A, 79, 9C] {FCOMP DWORD [EDX]; JNS 0xffffffffffffffa0}

.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                        844F4B70 4 Bytes  [DD, 1A, 79, 9C] {FSTP QWORD [EDX]; JNS 0xffffffffffffffa0}

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                        844F4D84 4 Bytes  [E7, 1A, 79, 9C] {OUT 0x1a, EAX; JNS 0xffffffffffffffa0}

?               System32\Drivers\abfayyq.sys                                                                                         Ein an das System angeschlossenes Gerät funktioniert nicht. !

.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                             section is executable [0x9E87D300, 0x25D4C, 0xE0000060]
 

---- User code sections - GMER 1.0.15 ----
 

?               C:\Windows\System32\svchost.exe[4004]                                                                                image checksum mismatch; time/date stamp mismatch; unknown module: imagehlp.dll
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation]            81EC8B55

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW]     000814EC

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW]                 6A575300

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx]                 FF335B04

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW]                  6A575757

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW]                      7D895701

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook]          F045C7F8

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange]           00004E20

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject]   FFFC5D89

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter]   40208015

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA]              F4458900

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter]       840FC73B

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount]                  00000132

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId]            94358B56

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId]           53004020

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime]       51F04D8D

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess]              FF50026A

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess]             458D53D6

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter]      066A50F0

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW]               FFF475FF

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess]                   458D53D6

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode]  056A50F0

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap]                0C5D8BD6

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode]                  3B04438B

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree]                      4020C868

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte]           EC858D00

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree]                     68FFFFF7

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle]                   00000800

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc]                    AC15FF50

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA]                  83004020

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange]    07EB10C4

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary]                   F7EC85C6

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep]                         5700FFFF

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress]                0C320068

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx]              8DFF6A8C

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW]                FFF7EC85

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError]                  [75FF50FF] C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx]                F475FF08

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW]                      F08B0040

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW]                     A9840FF7

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode]                    1F75087B

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv]                    FC458D57

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr]                EC458D50

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit]                      00056850

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm]                       FF562000

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit]                            40208C15

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode]                      74C08500

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit]                           EC458B06

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy]                          8D084389

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset]                          6850FC45

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type]                  00000800

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ]               F7EC858D

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common]         5650FFFF

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp]                      208815FF

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit]                          4EEB0040

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs]                  74FC7D39

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter]                     04438B5E

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation]           FF565033

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor]  4020A815

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner]    89595900

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup]    74C73B03

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW]              047B8B37

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl]     03FC4D8B

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW]   ECB58DF8

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx]   F3FFFFF7

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW]              00000800

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW]                 F7EC858D

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey]                   FF50FFFF

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW]   15FFF875

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus]              [00402088] C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken]              C085FF33

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid]               0874F73B

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap]                      A415FF56

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid]                       59004020

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid]          FF047B89

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid]             15FFF875

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap]                  [00402084] C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid]                 FFF475FF

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader]                 40208415

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical]          C0335E00

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter]      5FF87D39

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection]     5BC0950F

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen]                 10EC83EC

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf]           8DDB3353

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen]         5350F845

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize]       53535353

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening]      02206853

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx]         206A0000

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf]             458D026A

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW]          5D8850F0

IAT             C:\Windows\System32\svchost.exe[4004] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status]             F15D88F0
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                               88A9B538
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                               BdFileSpy.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                             BdFileSpy.sys
 

---- Services - GMER 1.0.15 ----
 

Service          (*** hidden *** )                                                                                                   [BOOT] abfayyq                                                                                       <-- ROOTKIT !!!
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\abfayyq@Type                                                                  1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\abfayyq@Start                                                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\abfayyq@ErrorControl                                                          0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\abfayyq@Group                                                                 Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet002\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet002\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet002\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet002\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet003\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet003\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet003\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet003\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet004\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet004\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet004\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet004\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet005\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet005\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet005\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet005\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet006\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet006\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet006\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet006\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet007\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet007\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet007\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet007\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet008\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet008\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet008\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet008\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet009\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet009\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet009\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet009\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet010\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet010\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet010\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet010\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet011\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet011\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet011\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet011\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet012\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet012\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet012\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet012\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet013\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet013\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet013\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet013\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet014\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet014\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet014\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet014\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet015\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet015\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet015\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet015\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet016\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet016\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet016\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet016\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet017\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet017\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet017\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet017\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet018\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet018\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet018\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet018\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet019\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet019\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet019\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet019\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet020\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet020\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet020\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet020\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet021\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet021\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet021\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet021\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet022\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet022\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet022\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet022\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet023\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet023\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet023\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet023\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet024\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet024\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet024\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet024\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet025\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet025\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet025\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet025\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SYSTEM\ControlSet026\Services\abfayyq@Type                                                                      1

Reg             HKLM\SYSTEM\ControlSet026\Services\abfayyq@Start                                                                     0

Reg             HKLM\SYSTEM\ControlSet026\Services\abfayyq@ErrorControl                                                              0

Reg             HKLM\SYSTEM\ControlSet026\Services\abfayyq@Group                                                                     Boot Bus Extender

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@t!s!d!f!`!`!\24!t!s!t!t!r!d!r!s!\30!              19583823
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Nachtrag (der Post war länger als erlaubt .. )

RootRepeal:

Drivers Scan:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/06/09 23:33

Program Version:                Version 1.3.5.0

Windows Version:                Windows Vista SP2

==================================================
 

Drivers

-------------------

Name: abfayyq.sys

Image Path: C:\Windows\System32\Drivers\abfayyq.sys

Address: 0x80D13000        Size: 761856        File Visible: No        Signed: -

Status: -
 

Name: acedrv11.sys

Image Path: C:\Windows\system32\drivers\acedrv11.sys

Address: 0x9E861000        Size: 270464        File Visible: -        Signed: -

Status: -
 

Name: acpi.sys

Image Path: C:\Windows\system32\drivers\acpi.sys

Address: 0x80C95000        Size: 286720        File Visible: -        Signed: -

Status: -
 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x84448000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: afd.sys

Image Path: C:\Windows\system32\drivers\afd.sys

Address: 0x92801000        Size: 294912        File Visible: -        Signed: -

Status: -
 

Name: atapi.sys

Image Path: C:\Windows\system32\drivers\atapi.sys

Address: 0x80E7E000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: ataport.SYS

Image Path: C:\Windows\system32\drivers\ataport.SYS

Address: 0x80E86000        Size: 122880        File Visible: -        Signed: -

Status: -
 

Name: atikmdag.sys

Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys

Address: 0x90802000        Size: 7503872        File Visible: -        Signed: -

Status: -
 

Name: avgio.sys

Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys

Address: 0x9296C000        Size: 6144        File Visible: -        Signed: -

Status: -
 

Name: avgntflt.sys

Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys

Address: 0x929EB000        Size: 81920        File Visible: -        Signed: -

Status: -
 

Name: avipbb.sys

Image Path: C:\Windows\system32\DRIVERS\avipbb.sys

Address: 0x92950000        Size: 114688        File Visible: -        Signed: -

Status: -
 

Name: bcmwl6.sys

Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys

Address: 0x84B7B000        Size: 479232        File Visible: -        Signed: -

Status: -
 

Name: BdFileSpy.sys

Image Path: C:\Windows\system32\drivers\BdFileSpy.sys

Address: 0x915F3000        Size: 44160        File Visible: -        Signed: -

Status: -
 

Name: Beep.SYS

Image Path: C:\Windows\System32\Drivers\Beep.SYS

Address: 0x927C8000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: BOOTVID.dll

Image Path: C:\Windows\system32\BOOTVID.dll

Address: 0x80695000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: bowser.sys

Image Path: C:\Windows\system32\DRIVERS\bowser.sys

Address: 0x83927000        Size: 102400        File Visible: -        Signed: -

Status: -
 

Name: cdd.dll

Image Path: C:\Windows\System32\cdd.dll

Address: 0x9BCE0000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: cdfs.sys

Image Path: C:\Windows\system32\DRIVERS\cdfs.sys

Address: 0x929AB000        Size: 90112        File Visible: -        Signed: -

Status: -
 

Name: cdrom.sys

Image Path: C:\Windows\system32\DRIVERS\cdrom.sys

Address: 0x90FD7000        Size: 98304        File Visible: -        Signed: -

Status: -
 

Name: CI.dll

Image Path: C:\Windows\system32\CI.dll

Address: 0x806DE000        Size: 917504        File Visible: -        Signed: -

Status: -
 

Name: CLASSPNP.SYS

Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS

Address: 0x8C9B5000        Size: 135168        File Visible: -        Signed: -

Status: -
 

Name: CLFS.SYS

Image Path: C:\Windows\system32\CLFS.SYS

Address: 0x8069D000        Size: 266240        File Visible: -        Signed: -

Status: -
 

Name: crashdmp.sys

Image Path: C:\Windows\System32\Drivers\crashdmp.sys

Address: 0x929C1000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: crcdisk.sys

Image Path: C:\Windows\system32\drivers\crcdisk.sys

Address: 0x8C9D6000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: dfsc.sys

Image Path: C:\Windows\System32\Drivers\dfsc.sys

Address: 0x92939000        Size: 94208        File Visible: -        Signed: -

Status: -
 

Name: disk.sys

Image Path: C:\Windows\system32\drivers\disk.sys

Address: 0x8C9A4000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: drmk.sys

Image Path: C:\Windows\system32\drivers\drmk.sys

Address: 0x915AA000        Size: 151552        File Visible: -        Signed: -

Status: -
 

Name: dump_atapi.sys

Image Path: C:\Windows\System32\Drivers\dump_atapi.sys

Address: 0x929D9000        Size: 32768        File Visible: No        Signed: -

Status: -
 

Name: dump_dumpata.sys

Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys

Address: 0x929CE000        Size: 45056        File Visible: No        Signed: -

Status: -
 

Name: Dxapi.sys

Image Path: C:\Windows\System32\drivers\Dxapi.sys

Address: 0x929E1000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: dxgkrnl.sys

Image Path: C:\Windows\System32\drivers\dxgkrnl.sys

Address: 0x90F2A000        Size: 659456        File Visible: -        Signed: -

Status: -
 

Name: ecache.sys

Image Path: C:\Windows\System32\drivers\ecache.sys

Address: 0x8C97D000        Size: 159744        File Visible: -        Signed: -

Status: -
 

Name: fastfat.SYS

Image Path: C:\Windows\System32\Drivers\fastfat.SYS

Address: 0x92983000        Size: 163840        File Visible: -        Signed: -

Status: -
 

Name: fetnd5.sys

Image Path: C:\Windows\system32\DRIVERS\fetnd5.sys

Address: 0x84BF0000        Size: 45568        File Visible: -        Signed: -

Status: -
 

Name: fileinfo.sys

Image Path: C:\Windows\system32\drivers\fileinfo.sys

Address: 0x80ED6000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: fltmgr.sys

Image Path: C:\Windows\system32\drivers\fltmgr.sys

Address: 0x80EA4000        Size: 204800        File Visible: -        Signed: -

Status: -
 

Name: Fs_Rec.SYS

Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS

Address: 0x927B8000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: fwpkclnt.sys

Image Path: C:\Windows\System32\drivers\fwpkclnt.sys

Address: 0x8C6EA000        Size: 110592        File Visible: -        Signed: -

Status: -
 

Name: GEARAspiWDM.sys

Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys

Address: 0x90FEF000        Size: 21120        File Visible: -        Signed: -

Status: -
 

Name: hal.dll

Image Path: C:\Windows\system32\hal.dll

Address: 0x84415000        Size: 208896        File Visible: -        Signed: -

Status: -
 

Name: HDAudBus.sys

Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys

Address: 0x8C71D000        Size: 577536        File Visible: -        Signed: -

Status: -
 

Name: HdAudio.sys

Image Path: C:\Windows\system32\drivers\HdAudio.sys

Address: 0x9153E000        Size: 258048        File Visible: -        Signed: -

Status: -
 

Name: HIDCLASS.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS

Address: 0x928B3000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: HIDPARSE.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS

Address: 0x927D8000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: hidusb.sys

Image Path: C:\Windows\system32\DRIVERS\hidusb.sys

Address: 0x928AA000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: HTTP.sys

Image Path: C:\Windows\system32\drivers\HTTP.sys

Address: 0xA8E06000        Size: 446464        File Visible: -        Signed: -

Status: -
 

Name: i8042prt.sys

Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys

Address: 0x80F89000        Size: 77824        File Visible: -        Signed: -

Status: -
 

Name: intelppm.sys

Image Path: C:\Windows\system32\DRIVERS\intelppm.sys

Address: 0x8C70E000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: kbdclass.sys

Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys

Address: 0x9146E000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: kbdhid.sys

Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys

Address: 0x928EA000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: kdcom.dll

Image Path: C:\Windows\system32\kdcom.dll

Address: 0x8060D000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: ks.sys

Image Path: C:\Windows\system32\DRIVERS\ks.sys

Address: 0x9147B000        Size: 172032        File Visible: -        Signed: -

Status: -
 

Name: ksecdd.sys

Image Path: C:\Windows\System32\Drivers\ksecdd.sys

Address: 0x80EE6000        Size: 462848        File Visible: -        Signed: -

Status: -
 

Name: kwryrpow.sys

Image Path: C:\Users\Lynaya\AppData\Local\Temp\kwryrpow.sys

Address: 0xA8E83000        Size: 93056        File Visible: No        Signed: -

Status: -
 

Name: lltdio.sys

Image Path: C:\Windows\system32\DRIVERS\lltdio.sys

Address: 0x838B3000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: luafv.sys

Image Path: C:\Windows\system32\drivers\luafv.sys

Address: 0x8C9DF000        Size: 110592        File Visible: -        Signed: -

Status: -
 

Name: mcupdate_GenuineIntel.dll

Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll

Address: 0x80614000        Size: 458752        File Visible: -        Signed: -

Status: -
 

Name: monitor.sys

Image Path: C:\Windows\system32\DRIVERS\monitor.sys

Address: 0x914E9000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: mouclass.sys

Image Path: C:\Windows\system32\DRIVERS\mouclass.sys

Address: 0x80F9C000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: mountmgr.sys

Image Path: C:\Windows\System32\drivers\mountmgr.sys

Address: 0x80E6E000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: mpsdrv.sys

Image Path: C:\Windows\System32\drivers\mpsdrv.sys

Address: 0x83940000        Size: 86016        File Visible: -        Signed: -

Status: -
 

Name: mrxsmb.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys

Address: 0x83955000        Size: 126976        File Visible: -        Signed: -

Status: -
 

Name: mrxsmb10.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys

Address: 0x83974000        Size: 233472        File Visible: -        Signed: -

Status: -
 

Name: mrxsmb20.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys

Address: 0x839AD000        Size: 98304        File Visible: -        Signed: -

Status: -
 

Name: Msfs.SYS

Image Path: C:\Windows\System32\Drivers\Msfs.SYS

Address: 0x927EF000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: msisadrv.sys

Image Path: C:\Windows\system32\drivers\msisadrv.sys

Address: 0x80CE4000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: msiscsi.sys

Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys

Address: 0x80FA7000        Size: 192512        File Visible: -        Signed: -

Status: -
 

Name: msrpc.sys

Image Path: C:\Windows\system32\drivers\msrpc.sys

Address: 0x84B15000        Size: 176128        File Visible: -        Signed: -

Status: -
 

Name: mssmbios.sys

Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys

Address: 0x914A5000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: mup.sys

Image Path: C:\Windows\System32\Drivers\mup.sys

Address: 0x8C96E000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: ndis.sys

Image Path: C:\Windows\system32\drivers\ndis.sys

Address: 0x84A0A000        Size: 1093632        File Visible: -        Signed: -

Status: -
 

Name: ndistapi.sys

Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys

Address: 0x80E00000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: ndisuio.sys

Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys

Address: 0x838ED000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: ndiswan.sys

Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys

Address: 0x91403000        Size: 143360        File Visible: -        Signed: -

Status: -
 

Name: NDProxy.SYS

Image Path: C:\Windows\System32\Drivers\NDProxy.SYS

Address: 0x9152D000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: netbios.sys

Image Path: C:\Windows\system32\DRIVERS\netbios.sys

Address: 0x928C3000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: netbt.sys

Image Path: C:\Windows\System32\DRIVERS\netbt.sys

Address: 0x92862000        Size: 204800        File Visible: -        Signed: -

Status: -
 

Name: NETIO.SYS

Image Path: C:\Windows\system32\drivers\NETIO.SYS

Address: 0x84B40000        Size: 241664        File Visible: -        Signed: -

Status: -
 

Name: Npfs.SYS

Image Path: C:\Windows\System32\Drivers\Npfs.SYS

Address: 0x915CF000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: nsiproxy.sys

Image Path: C:\Windows\system32\drivers\nsiproxy.sys

Address: 0x9292F000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: Ntfs.sys

Image Path: C:\Windows\System32\Drivers\Ntfs.sys

Address: 0x8C80C000        Size: 1114112        File Visible: -        Signed: -

Status: -
 

Name: ntkrnlpa.exe

Image Path: C:\Windows\system32\ntkrnlpa.exe

Address: 0x84448000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: Null.SYS

Image Path: C:\Windows\System32\Drivers\Null.SYS

Address: 0x927C1000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: nwifi.sys

Image Path: C:\Windows\system32\DRIVERS\nwifi.sys

Address: 0x838C3000        Size: 172032        File Visible: -        Signed: -

Status: -
 

Name: pacer.sys

Image Path: C:\Windows\system32\DRIVERS\pacer.sys

Address: 0x92894000        Size: 90112        File Visible: -        Signed: -

Status: -
 

Name: parport.sys

Image Path: C:\Windows\system32\DRIVERS\parport.sys

Address: 0x80F71000        Size: 98304        File Visible: -        Signed: -

Status: -
 

Name: partmgr.sys

Image Path: C:\Windows\System32\drivers\partmgr.sys

Address: 0x80DCD000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: parvdm.sys

Image Path: C:\Windows\system32\DRIVERS\parvdm.sys

Address: 0x9E85A000        Size: 28672        File Visible: -        Signed: -

Status: -
 

Name: pci.sys

Image Path: C:\Windows\system32\drivers\pci.sys

Address: 0x80CEC000        Size: 159744        File Visible: -        Signed: -

Status: -
 

Name: PCIIDEX.SYS

Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS

Address: 0x80E60000        Size: 57344        File Visible: -        Signed: -

Status: -
 

Name: peauth.sys

Image Path: C:\Windows\system32\drivers\peauth.sys

Address: 0x9E8A4000        Size: 909312        File Visible: -        Signed: -

Status: -
 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x84448000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: portcls.sys

Image Path: C:\Windows\system32\drivers\portcls.sys

Address: 0x9157D000        Size: 184320        File Visible: -        Signed: -

Status: -
 

Name: PSHED.dll

Image Path: C:\Windows\system32\PSHED.dll

Address: 0x80684000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: rasacd.sys

Image Path: C:\Windows\System32\DRIVERS\rasacd.sys

Address: 0x927CF000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: rasl2tp.sys

Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys

Address: 0x80FE1000        Size: 94208        File Visible: -        Signed: -

Status: -
 

Name: raspppoe.sys

Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys

Address: 0x91426000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: raspptp.sys

Image Path: C:\Windows\system32\DRIVERS\raspptp.sys

Address: 0x91435000        Size: 81920        File Visible: -        Signed: -

Status: -
 

Name: rassstp.sys

Image Path: C:\Windows\system32\DRIVERS\rassstp.sys

Address: 0x91449000        Size: 86016        File Visible: -        Signed: -

Status: -
 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x84448000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: rdbss.sys

Image Path: C:\Windows\system32\DRIVERS\rdbss.sys

Address: 0x928F3000        Size: 245760        File Visible: -        Signed: -

Status: -
 

Name: RDPCDD.sys

Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys

Address: 0x927DF000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: rdpencdd.sys

Image Path: C:\Windows\system32\drivers\rdpencdd.sys

Address: 0x927E7000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xA8E9A000        Size: 49152        File Visible: No        Signed: -

Status: -
 

Name: rspndr.sys

Image Path: C:\Windows\system32\DRIVERS\rspndr.sys

Address: 0x838F7000        Size: 77824        File Visible: -        Signed: -

Status: -
 

Name: RTKVHDA.sys

Image Path: C:\Windows\system32\drivers\RTKVHDA.sys

Address: 0x92605000        Size: 1780864        File Visible: -        Signed: -

Status: -
 

Name: secdrv.SYS

Image Path: C:\Windows\System32\Drivers\secdrv.SYS

Address: 0x9E982000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: serenum.sys

Image Path: C:\Windows\system32\DRIVERS\serenum.sys

Address: 0x84A00000        Size: 40960        File Visible: -        Signed: -

Status: -
 

Name: serial.sys

Image Path: C:\Windows\system32\DRIVERS\serial.sys

Address: 0x80F57000        Size: 106496        File Visible: -        Signed: -

Status: -
 

Name: smb.sys

Image Path: C:\Windows\system32\DRIVERS\smb.sys

Address: 0x80DEB000        Size: 81920        File Visible: -        Signed: -

Status: -
 

Name: spldr.sys

Image Path: C:\Windows\System32\Drivers\spldr.sys

Address: 0x8C966000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: spsys.sys

Image Path: C:\Windows\system32\drivers\spsys.sys

Address: 0x83803000        Size: 720896        File Visible: -        Signed: -

Status: -
 

Name: srv.sys

Image Path: C:\Windows\System32\DRIVERS\srv.sys

Address: 0x9E80C000        Size: 319488        File Visible: -        Signed: -

Status: -
 

Name: srv2.sys

Image Path: C:\Windows\System32\DRIVERS\srv2.sys

Address: 0x839C5000        Size: 159744        File Visible: -        Signed: -

Status: -
 

Name: srvnet.sys

Image Path: C:\Windows\System32\DRIVERS\srvnet.sys

Address: 0x8390A000        Size: 118784        File Visible: -        Signed: -

Status: -
 

Name: ssmdrv.sys

Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys

Address: 0x928E4000        Size: 23040        File Visible: -        Signed: -

Status: -
 

Name: storport.sys

Image Path: C:\Windows\system32\DRIVERS\storport.sys

Address: 0x807BE000        Size: 266240        File Visible: -        Signed: -

Status: -
 

Name: swenum.sys

Image Path: C:\Windows\system32\DRIVERS\swenum.sys

Address: 0x91479000        Size: 4992        File Visible: -        Signed: -

Status: -
 

Name: tcpip.sys

Image Path: C:\Windows\System32\drivers\tcpip.sys

Address: 0x8C600000        Size: 958464        File Visible: -        Signed: -

Status: -
 

Name: tcpipreg.sys

Image Path: C:\Windows\System32\drivers\tcpipreg.sys

Address: 0x9E98C000        Size: 49152        File Visible: -        Signed: -

Status: -
 

Name: TDI.SYS

Image Path: C:\Windows\system32\DRIVERS\TDI.SYS

Address: 0x80FD6000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: tdx.sys

Image Path: C:\Windows\system32\DRIVERS\tdx.sys

Address: 0x915DD000        Size: 90112        File Visible: -        Signed: -

Status: -
 

Name: termdd.sys

Image Path: C:\Windows\system32\DRIVERS\termdd.sys

Address: 0x9145E000        Size: 65536        File Visible: -        Signed: -

Status: -
 

Name: TSDDD.dll

Image Path: C:\Windows\System32\TSDDD.dll

Address: 0x9BCC0000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: tunmp.sys

Image Path: C:\Windows\system32\DRIVERS\tunmp.sys

Address: 0x8C705000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: tunnel.sys

Image Path: C:\Windows\system32\DRIVERS\tunnel.sys

Address: 0x8C800000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: uagp35.sys

Image Path: C:\Windows\system32\DRIVERS\uagp35.sys

Address: 0x8C955000        Size: 69632        File Visible: -        Signed: -

Status: -
 

Name: umbus.sys

Image Path: C:\Windows\system32\DRIVERS\umbus.sys

Address: 0x914AF000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: usbccgp.sys

Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys

Address: 0x92849000        Size: 94208        File Visible: -        Signed: -

Status: -
 

Name: USBD.SYS

Image Path: C:\Windows\system32\DRIVERS\USBD.SYS

Address: 0x92860000        Size: 8192        File Visible: -        Signed: -

Status: -
 

Name: usbehci.sys

Image Path: C:\Windows\system32\DRIVERS\usbehci.sys

Address: 0x8C7E8000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: usbhub.sys

Image Path: C:\Windows\system32\DRIVERS\usbhub.sys

Address: 0x914F8000        Size: 217088        File Visible: -        Signed: -

Status: -
 

Name: USBPORT.SYS

Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS

Address: 0x8C7AA000        Size: 253952        File Visible: -        Signed: -

Status: -
 

Name: USBSTOR.SYS

Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS

Address: 0x9296E000        Size: 86016        File Visible: -        Signed: -

Status: -
 

Name: usbuhci.sys

Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys

Address: 0x90FF5000        Size: 45056        File Visible: -        Signed: -

Status: -
 

Name: vga.sys

Image Path: C:\Windows\System32\drivers\vga.sys

Address: 0x914BC000        Size: 49152        File Visible: -        Signed: -

Status: -
 

Name: viaide.sys

Image Path: C:\Windows\system32\drivers\viaide.sys

Address: 0x80E58000        Size: 32768        File Visible: -        Signed: -

Status: -
 

Name: VIDEOPRT.SYS

Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS

Address: 0x914C8000        Size: 135168        File Visible: -        Signed: -

Status: -
 

Name: volmgr.sys

Image Path: C:\Windows\system32\drivers\volmgr.sys

Address: 0x80DDC000        Size: 61440        File Visible: -        Signed: -

Status: -
 

Name: volmgrx.sys

Image Path: C:\Windows\System32\drivers\volmgrx.sys

Address: 0x80E0E000        Size: 303104        File Visible: -        Signed: -

Status: -
 

Name: volsnap.sys

Image Path: C:\Windows\system32\drivers\volsnap.sys

Address: 0x8C91C000        Size: 233472        File Visible: -        Signed: -

Status: -
 

Name: wanarp.sys

Image Path: C:\Windows\system32\DRIVERS\wanarp.sys

Address: 0x928D1000        Size: 77824        File Visible: -        Signed: -

Status: -
 

Name: watchdog.sys

Image Path: C:\Windows\System32\drivers\watchdog.sys

Address: 0x90FCB000        Size: 49152        File Visible: -        Signed: -

Status: -
 

Name: Wdf01000.sys

Image Path: C:\Windows\system32\drivers\Wdf01000.sys

Address: 0x80C0C000        Size: 507904        File Visible: -        Signed: -

Status: -
 

Name: WDFLDR.SYS

Image Path: C:\Windows\system32\drivers\WDFLDR.SYS

Address: 0x80C88000        Size: 53248        File Visible: -        Signed: -

Status: -
 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0x9BAA0000        Size: 2105344        File Visible: -        Signed: -

Status: -
 

Name: win32k.sys

Image Path: C:\Windows\System32\win32k.sys

Address: 0x9BAA0000        Size: 2105344        File Visible: -        Signed: -

Status: -
 

Name: WMILIB.SYS

Image Path: C:\Windows\system32\drivers\WMILIB.SYS

Address: 0x80CDB000        Size: 36864        File Visible: -        Signed: -

Status: -
 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x84448000        Size: 3903488        File Visible: -        Signed: -

Status: -
 

Name: WUDFPf.sys

Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys

Address: 0x9E9AD000        Size: 73728        File Visible: -        Signed: -

Status: -
 

Name: WUDFRd.sys

Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys

Address: 0x9E998000        Size: 83328        File Visible: -        Signed: -

Status: -

Stealth Objects:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/06/09 23:33

Program Version:                Version 1.3.5.0

Windows Version:                Windows Vista SP2

==================================================
 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System        Address: 0x88a9b538        Size: 861

Hidden Services:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:                2010/06/09 23:34

Program Version:                Version 1.3.5.0

Windows Version:                Windows Vista SP2

==================================================
 

Hidden Services

-------------------

Service Name: abfayyq

Image PathC:\Windows\system32\drivers\abfayyq.sys

hi

1.
- zwei gleichzeitig installierte und aktivierte Antivirenprogramme: AntiVir/Avira & BullGuard
Beide Scanner haben nämlich nur ein Ziel, dein System sinnvoll gegen Schädlingen zu prüfen/schützen. Damit sie behindern sich gegenseitig und eine Doppelbelastung ist im System, die Folge kann ein Crash sein, oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Mehr AV Programme bedeutet nicht mehr Sicherheit!
Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen!!

2.
CCleaner - hast Du nicht richtig gemacht!
Liste der installierten Programme anzuzeigen und mir posten:

CCleaner starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

3.
- Kopiere den Text aus der Code-Box in ein Notepad-Dokument und speichere ihn als remove.txt auf deiner Festplatte C:\

Code:

Drivers to delete:

abfayyq

Files to delete:

C:\Windows\system32\drivers\abfayyq.sys

→ Lade den Avenger herunter und entzippe ihn auf den Desktop. (direkt als `EXE` *hier* erhältlich )
→ Empfehle ich Dir die Antivirus-Software zu deaktivieren - nach dem Lauf nicht vergessen wieder einzuschalten
→ die avenger.exe per Doppelklick starten
→ füge den Inhalt aus der Codebox vollständig und unverändert in das leere Textfeld bei "Input script here" ein
→ dann klicke auf "Execute"
→ wirst Du gefragt, ob Du das Script ausführen willst. Beantworte die Frage "Ja".
→ auf die Fragae ob dein Rechner jetzt neu starten soll "Rebot now" bejahe bitte auch
→ nach Neustart wird ein Dos Fenster aufgehen.
→ wenn wieder geschlossen ist, es öffnet sich der Editor mit die Scanergebnisse : C:\avenger.txt
→ kopiere und füge den Inhalt direkt aus der Textdatei hier rein

Vielen Dank, dass du mir hilfst.

Jetzt hoffentlich das richtige Log von CCLeaner:

Code:

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        21.01.2009                10.0.12.36

Adobe Flash Player Plugin        Adobe Systems Incorporated        08.07.2008                9.0.124.0

Adobe Reader 8.1.3 - Deutsch        Adobe Systems Incorporated        24.08.2009        100,0MB        8.1.3

Apple Application Support        Apple Inc.        04.05.2010        39,7MB        1.2.1

Apple Mobile Device Support        Apple Inc.        04.05.2010        19,7MB        3.0.1.3

Apple Software Update        Apple Inc.        02.10.2008        2,16MB        2.1.1.116

ATI Catalyst Install Manager        ATI Technologies, Inc.        12.09.2009        13,8MB        3.0.641.0

Avira AntiVir Personal - Free Antivirus        Avira GmbH        30.06.2009        71,7MB        

AVM FRITZ!Box Dokumentation        AVM Berlin        03.02.2009        3,07MB        

AVM FRITZ!Box Druckeranschluss        AVM Berlin        03.02.2009                

Bonjour        Apple Inc.        04.05.2010        0,76MB        2.0.1.2

BullGuard 7.0 for Vista        BullGuard Software        01.01.2008        31,4MB        7.0 for Vista

CCleaner        Piriform        08.06.2010        2,82MB        2.32

CVSNT 2.5.03.2382        March Hare Software        19.04.2008        8,92MB        2.5.03.2382

Diagram Designer                13.02.2008        1,38MB        

DivX Codec        DivX, Inc.        06.09.2008        1,40MB        6.8.4

DivX Converter        DivX, Inc.        06.09.2008        30,4MB        6.6.1

DivX Player                06.09.2008        15,4MB        6.8.2

DivX Web Player        DivX,Inc.        06.09.2008        2,93MB        1.4.0

Drakensang        dtp        12.12.2009        9.000,6MB        

Free YouTube Download 2.3        DVDVideoSoft Limited.        06.11.2009        2,65MB        

Free YouTube to iPod Converter version 3.1        DVDVideoSoft Limited.        29.03.2009        2,23MB        

GlassFish V2                24.01.2008        142,5MB        

Guild 2 King's Edition        JoWood        02.02.2009        2.984,6MB        1.0.0

HijackThis 2.0.2        TrendMicro        08.06.2010        0,39MB        2.0.2

ICQ6.5        ICQ        21.01.2009        44,3MB        6.5

IKEA Home Planner        IKEA IT        09.04.2010        167,3MB        2.0.3

iPhone-Konfigurationsprogramm        Apple Inc.        17.09.2009        22,4MB        2.1.0.163

iTunes        Apple Inc.        04.05.2010        160,0MB        9.1.1.12

Java(TM) 6 Update 20        Sun Microsystems, Inc.        26.02.2010        97,7MB        6.0.200

Java(TM) 6 Update 3        Sun Microsystems, Inc.        24.01.2008        133,2MB        1.6.0.30

Java(TM) 6 Update 4        Sun Microsystems, Inc.        08.04.2008        137,7MB        1.6.0.40

Java(TM) 6 Update 5        Sun Microsystems, Inc.        14.05.2008        136,2MB        1.6.0.50

Java(TM) 6 Update 7        Sun Microsystems, Inc.        26.07.2008        136,2MB        1.6.0.70

Java(TM) SE Development Kit 6        Sun Microsystems, Inc.        24.01.2008        245,3MB        1.6.0.0

Java(TM) SE Runtime Environment 6        Sun Microsystems, Inc.        24.01.2008        115,2MB        1.6.0.0

Malwarebytes' Anti-Malware        Malwarebytes Corporation        18.05.2010        3,91MB        

MEDIONbox        Medion        14.08.2007        27,0MB        1.09.0000.00050

Microsoft .NET Framework 1.1                14.08.2007                

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        26.10.2009        37,0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        13.09.2009        27,8MB        

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        19.04.2008        0,41MB        8.0.56336

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.06.2009        0,58MB        9.0.30729

MiKTeX 2.7        MiKTeX.org        01.12.2008        218,3MB        2.7

Mobipocket Reader 6.2        Mobipocket.com        30.03.2009        11,2MB        6.2.608

Mozilla Firefox (3.6.3)        Mozilla        11.04.2010        32,4MB        3.6.3 (de)

Mozilla Sunbird (0.8)        Mozilla        26.05.2008        17,8MB        0.8 (de)

Mozilla Thunderbird (2.0.0.24)        Mozilla        16.03.2010        28,4MB        2.0.0.24 (de)

MSXML 4.0 SP2 (KB925672)        Microsoft Corporation        27.06.2007        1,24MB        4.20.9839.0

MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        27.06.2007        1,24MB        4.20.9841.0

MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        14.08.2007        1,28MB        4.20.9848.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.09.2009        1,29MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,35MB        4.20.9876.0

Nero 7 Essentials        Nero AG        27.06.2007        458,1MB        7.02.4288

NetBeans IDE 6.0                24.01.2008        402,6MB        

OpenOffice.org 3.1        OpenOffice.org        26.02.2010        371,2MB        3.1.9420

ProtectDisc Driver, Version 11        ProtectDisc Software GmbH        12.12.2009        100,00KB        11.0.0.12

QuickTime        Apple Inc.        04.05.2010        73,8MB        7.66.71.0

Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        14.08.2007        14,8MB        6.0.1.5433

Roll                22.05.2010        322,7MB        

Sid Meier's Civilization 4        Firaxis Games        23.12.2008        1.509,4MB        1.74

Sid Meier's Civilization 4 - Beyond the Sword        Firaxis Games        23.12.2008        1.439,0MB        3.01

Sid Meier's Civilization 4 - Warlords        Firaxis Games        23.12.2008        562,9MB        2.13

Skype™ 4.0        Skype Technologies S.A.        26.05.2009        32,3MB        4.0.226

Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        24.08.2009        32,5MB        8.0.0

SupernaturalScreensaver                21.09.2009                

TeamSpeak 2 RC2        Dominating Bytes Design        03.01.2008                2.0.32.60

TeXnicCenter Version 1 Beta 7.50        TeXnicCenter.org        01.12.2008        11,6MB        Version 1 Beta 7.50

TeXnicCenter Version 2.0 Alpha 2        The TeXnicCenter Team        19.02.2010        16,9MB        2.0 Alpha 2

TuneUp Utilities 2009        TuneUp Software        18.05.2010        190,4MB        8.0.3100.31

Uninstall 1.0.0.1                06.11.2009        14,6MB        

VideoLAN VLC media player 0.8.6d        VideoLAN Team        15.02.2008        32,2MB        0.8.6d

Winamp        Nullsoft, Inc        03.01.2008        27,1MB        5.51 

Windows Installer Clean Up        Microsoft Corporation        12.09.2009        0,30MB        3.00.00.0000

Windows Mobile Device Center Driver Update        Microsoft Corporation        18.03.2009        42,4MB        6.1.6965.0

Windows Mobile-Gerätecenter        Microsoft Corporation        18.03.2009        27,5MB        6.1.6965.0

Windows Mobile-Ressourcen        Microsoft Corporation        19.03.2009        7,20MB        1.0

WinRAR                27.04.2008        3,66MB        

World of Warcraft        Blizzard Entertainment        25.05.2010                3.3.3.11723

Avenger:

Code:

Logfile of The Avenger Version 2.0, (c) by Swandog46

hxxp://swandog46.geekstogo.com
 

Platform:  Windows Vista
 

*******************
 

Script file opened successfully.

Script file read successfully.
 

Backups directory opened successfully at C:\Avenger
 

*******************
 

Beginning to process script file:
 

Rootkit scan active.

No rootkits found!
 

Driver "abfayyq" deleted successfully.

File "C:\Windows\system32\drivers\abfayyq.sys" deleted successfully.
 

Completed script processing.
 

*******************
 

Finished!  Terminate.

AntiVir/Avira hat das Rootkit gerade wieder gemeldet ...
nachdem Avenger rebootet hatte ... behält Avender den Driver (und AntiVir meldet es jedes Mal) oder ist das nur beim ersten Reboot?

Code:

In der Datei 'C:\Avenger\abfayyq.sys'

wurde ein Virus oder unerwünschtes Programm 'RKIT/Bubnix.AU' [trojan] gefunden.

Ausgeführte Aktion: Zugriff verweigern

Welchen würdest du behalten ? Bullguard oder AntiVir?

hi

Die Entscheidung ist nicht einfach, die Zeiten für PC-Nutzer sind härter geworden, da die "Virenprogrammierer" fast täglich produzieren hunderttausende neue Viren und einen großen Schritt voran...

Zitat:

Die Flut der Schädlinge: Die Zahl der Malware steigt fast exponentiell, die Signatur-Datenbanken halten nicht mit.
Der Grund für die neue Strategie der Antiviren-Spezialisten: Die Malware-Explosion des vergangenen Jahres zeigt, dass die Virenschreiber mit sich immer schneller verbreitenden Varianten versuchen, die Scanner auszutricksen. Bevor eine Sicherheitsfirma reagieren kann, gibt es bereits eine andere Version des Schädlings.

Also eine 100-Prozent-Erkennung gibt`s nicht!

Als weitere wichtige Vorsichtsmaßnahme:
- Aktuellen Sicherheitsstand ist oberstes Gebot - Aktualisiern der Betriebssysteme (Patches und Service Packs) und ALLE Anwendungsprogramme
- Eingeschränktes Benutzerkonto - nicht als Administrator surfen! -> Benutzerkonten einrichten
- Unbekannten E-Mail-Anhang und Link in E-Mail (Chatprogramme) nicht öffnen - E-Mails mit angehängter Datei sind ideale Transporteure für trojanische Pferde und Viren.
- Auf Filesharing-Tauschbörse verzichten - Man weiß nicht, was man bekommt, da jeder dritte Download Spyware oder andere Schädlinge enthält.
- Den Besuch unsicherer Seiten vermeiden - Webseiten können so programmiert sein, dass ein Klick auf weiterführende Links eine Schadsoftware startet "Drive by Download"
- Vorsicht vor Internetschwindlereien! Worum geht es? Neben seriösen Gratisangeboten locken im Internet viele schein-bare Gratisangebote - wenn die heruntergeladene Datei oder Programm ursprunglich selbst infiziert (Keygen, gecrackte Software), es gibt kein Antivirenprogramm und/oder Sicherheitstool der Welt, das dir 100 % zentigen Schutz bietet bzw das Eindringen von Trojanern zu verhindern kann!
** Das gesunde Misstrauen im Netz soll vor Gefahren und Fallen bewahren!-> SETI@home - [Sicherheit] Sicherheitskonzept
Wenn ich mich entscheiden müsste, zwischen Avira und BullGuard, dann der kostenlosen AntiVir Personal (Freeware) ist mein TopFavorit. Neben einer guten Erkennung von Schadsoftware, der Ressourcenverbrauch ist gering, tägliche Aktualisierung
Überzeug dich selbst: Hol dir Informationen bei Google...

1.
C:\avenger\backup.zip löschen– (mit den Inhalt der gelöschten Dateien) → Papierkorb leeren

2.
Nun bitte noch mal, wie oben beschrieben, Gmer laufen lassen:-> Punkt 5. - http://www.trojaner-board.de/86267-t...tml#post527196

Danke für die Tipps.
Eigehandelt hab ich mir das ganze über eine angebliche PayPal-Email ..

hier nochmal Gmer:
[CODE]
GMER Logfile:
GMER Logfile:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-06-12 11:55:03

Windows 6.0.6002 Service Pack 2

Running: io7wnz65.exe; Driver: C:\Users\Lynaya\AppData\Local\Temp\kwryrpow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            9C93F2DC                                                                                                 ZwCreateThread

SSDT            9C93F2C8                                                                                                 ZwOpenProcess

SSDT            9C93F2CD                                                                                                 ZwOpenThread

SSDT            9C93F2D7                                                                                                 ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                            848B4984 4 Bytes  [DC, F2, 93, 9C] {FDIVR ST(2), ST; XCHG EBX, EAX; PUSHF }

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                            848B4B54 4 Bytes  [C8, F2, 93, 9C] {ENTER 0x93f2, 0x9c}

.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                            848B4B70 4 Bytes  [CD, F2, 93, 9C] {INT 0xf2; XCHG EBX, EAX; PUSHF }

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                            848B4D84 4 Bytes  [D7, F2, 93, 9C]

.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                 section is executable [0x83872300, 0x25D4C, 0xE0000060]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                   BdFileSpy.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                 fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                 BdFileSpy.sys
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@t!s!d!f!`!`!\24!t!s!t!t!r!d!r!s!\30!  19583823
 

---- EOF - GMER 1.0.15 ----

--- --- ---

--- --- ---

Ok, sieht schon mla gut aus :)
für eine gründliche Reinigung werden noch einige Schritte nötig:
1.
Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten!
also die alten Einträge bitte deinstallieren/entfernen

Code:

Java(TM) 6 Update 3        

Java(TM) 6 Update 4        

Java(TM) 6 Update 5        

Java(TM) 6 Update 7

2.
den Java-Cache leeren/Punkt 7. u. 8.
über Systemsteuerung -> Java...

3.
Adobe Reader aktualisieren :
um die neueste Version von Adobe zu erhalten klick hier: Adobe Reader - oder über das Programm selbst kannst auch die Updatefunktion aufrufen

4.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!

`Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
`Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
für jedes Benutzerkonto bitte durchführen
anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
→ Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
→ Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
→ Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.

→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ Internetoptionen→ Sicherheit":
→ alles auf Standardstufe stellen
→ Active X erlauben - damit die neue Virendefinitionen installiert werden können

8.
poste erneut - nach der vorgenommenen Reinigungsaktion:
► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!