Trojaner-Board - fheydbueyj.exe im Autostart. Was ist das?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - fheydbueyj.exe im Autostart. Was ist das? (https://www.trojaner-board.de/91967-fheydbueyj-exe-autostart.html)

fheydbueyj.exe im Autostart. Was ist das?

Hallo,
wollte mal fragen ob sich mal jemand meinen Autostart angucken kann und mir sagen kann, was dort rein gehört und was nicht!

Diese Datei: fheydbueyj.exe kann ich mir jedenfalls nicht erklären!

http://img257.imageshack.us/img257/9452/unbenanntpn.jpg

http://img714.imageshack.us/img714/3851/unbenannt2x.jpg

Hab auch schon nach der Datei gegoogelt aber dabei nichts sinnvolles gefunden.
Kann mir wer sagen, was das ist? Danke im Vorraus

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

► vermutlich hast Du dir einen bösen Schädling eingefangenhttp://www.world-of-smilies.com/wos_sonstige/crying.gif

1.
- Lade dir RSIT - http://filepony.de/download-rsit/:
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool "Ccleaner" herunter
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird Gmer beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Lade und installiere das Tool RootRepeal herunter

setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
"Stealth Objects" -> "Scan"-> Save Report"...
"Hidden Services" -> "Scan"-> Save Report"...
speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Hallo,
es hat ein bisschen gedauert alles zusammen zu tragen.
Aber hier die Log-files....ich hoffe es ist nicht zu unübersichtlich!

rsit log:

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Administrator at 2010-10-20 15:20:30

WIN_XP Service Pack 3

System drive C: has 211 MB (3%) free of 7 GB

Total RAM: 3582 MB (76% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:20:40, on 20.10.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programme\Avira\AntiVir Desktop\avgnt.exe

D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

D:\Programme\Mozilla Firefox\firefox.exe

D:\Programme\Mozilla Firefox\plugin-container.exe

D:\Programme\ICQ6.5\ICQ.exe

C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe

C:\Programme\trend micro\Administrator.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
 

--

End of file - 6158 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]

D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe]

C:\fheydbueyj.exe\fheydbueyj.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programme\Java\jre6\bin\jusched.exe [2009-05-26 148888]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]

C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk]

C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoRecentDocsNetHood"=1
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"

"D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe:*:Enabled:hl2"

"D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\SIERRA\Steam\steamapps\***************\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\************\counter-strike\hl.exe:*:Enabled:Counter-Strike"

"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
 

======File associations======
 

.js - edit - "D:\Programme\************************************" "%1"
 

======List of files/folders created in the last 1 months======
 

2010-10-18 20:04:36 ----D---- C:\Programme\trend micro

2010-10-18 20:04:35 ----D---- C:\rsit

2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
 

======List of files/folders modified in the last 1 months======
 

2010-10-20 15:17:23 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ

2010-10-20 15:17:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype

2010-10-20 15:03:15 ----SD---- C:\WINDOWS\Tasks

2010-10-20 15:01:40 ----D---- C:\WINDOWS\Temp

2010-10-20 15:01:36 ----D---- C:\WINDOWS\system32\CatRoot2

2010-10-20 13:45:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-10-20 13:27:08 ----D---- C:\WINDOWS\Prefetch

2010-10-20 09:39:16 ----D---- C:\WINDOWS

2010-10-20 02:11:35 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc

2010-10-19 16:50:31 ----HD---- C:\fheydbueyj.exe

2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft

2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software

2010-10-19 12:08:01 ----RD---- C:\Programme

2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix

2010-10-19 11:50:01 ----D---- C:\WINDOWS\system32\drivers

2010-10-18 20:06:57 ----SHD---- C:\WINDOWS\Installer

2010-10-18 20:06:42 ----SHD---- C:\Config.Msi

2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft

2010-10-16 21:23:26 ----D---- C:\WINDOWS\security

2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-10-16 21:17:00 ----D---- C:\WINDOWS\system32
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904]

R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]

R3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]

R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]

R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys []

S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 a8p200u1;a8p200u1; C:\WINDOWS\system32\drivers\a8p200u1.sys []

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]

S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]

S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys []

S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]

S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-26 152984]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]

S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office  Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912]
 

-----------------EOF-----------------

Hijacklist-log

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Administrator at 2010-10-20 15:20:30

WIN_XP Service Pack 3

System drive C: has 211 MB (3%) free of 7 GB

Total RAM: 3582 MB (76% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:20:40, on 20.10.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programme\Avira\AntiVir Desktop\avgnt.exe

D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

D:\Programme\Mozilla Firefox\firefox.exe

D:\Programme\Mozilla Firefox\plugin-container.exe

D:\Programme\ICQ6.5\ICQ.exe

C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe

C:\Programme\trend micro\Administrator.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
 

--

End of file - 6158 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]

D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe]

C:\fheydbueyj.exe\fheydbueyj.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programme\Java\jre6\bin\jusched.exe [2009-05-26 148888]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]

C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk]

C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoRecentDocsNetHood"=1
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"

"D:\SIERRA\Steam\steamapps\XXXX\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\XXXXXX\counter-strike source\hl2.exe:*:Enabled:hl2"

"D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\SIERRA\Steam\steamapps\***************\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\************\counter-strike\hl.exe:*:Enabled:Counter-Strike"

"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
 

======File associations======
 

.js - edit - "D:\Programme\************************************" "%1"
 

======List of files/folders created in the last 1 months======
 

2010-10-18 20:04:36 ----D---- C:\Programme\trend micro

2010-10-18 20:04:35 ----D---- C:\rsit

2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
 

======List of files/folders modified in the last 1 months======
 

2010-10-20 15:17:23 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ

2010-10-20 15:17:06 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype

2010-10-20 15:03:15 ----SD---- C:\WINDOWS\Tasks

2010-10-20 15:01:40 ----D---- C:\WINDOWS\Temp

2010-10-20 15:01:36 ----D---- C:\WINDOWS\system32\CatRoot2

2010-10-20 13:45:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-10-20 13:27:08 ----D---- C:\WINDOWS\Prefetch

2010-10-20 09:39:16 ----D---- C:\WINDOWS

2010-10-20 02:11:35 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc

2010-10-19 16:50:31 ----HD---- C:\fheydbueyj.exe

2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft

2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software

2010-10-19 12:08:01 ----RD---- C:\Programme

2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix

2010-10-19 11:50:01 ----D---- C:\WINDOWS\system32\drivers

2010-10-18 20:06:57 ----SHD---- C:\WINDOWS\Installer

2010-10-18 20:06:42 ----SHD---- C:\Config.Msi

2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft

2010-10-16 21:23:26 ----D---- C:\WINDOWS\security

2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-10-16 21:17:00 ----D---- C:\WINDOWS\system32
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904]

R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]

R3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]

R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]

R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys []

S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 a8p200u1;a8p200u1; C:\WINDOWS\system32\drivers\a8p200u1.sys []

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]

S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]

S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys []

S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]

S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-26 152984]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]

S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office  Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912]
 

-----------------EOF-----------------

Hjtscanlist:

Code:

 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows XP [Version 5.1.2600]

 

 

C:
 

        C:\pagefile.sys ---------  

  20.10.2010 15:00      C:\aaw7boot.log --------- 70286 

  20.10.2010 09:39      C:\WINDOWS --------- 0 

  19.10.2010 16:50      C:\fheydbueyj.exe --------- 0 

  19.10.2010 12:08      C:\Programme --------- 0 

  18.10.2010 20:06      C:\Config.Msi --------- 0 

  18.10.2010 20:04      C:\rsit --------- 0 

  25.08.2010 20:35      C:\Dokumente und Einstellungen --------- 0 

  25.08.2010 20:32      C:\boot.ini --------- 211 

  25.08.2010 16:34      C:\boot.ini.backup.txt --------- 325 

  25.08.2010 16:14      C:\RECYCLER --------- 0 

  25.08.2010 16:10      C:\System Volume Information --------- 0 

  31.05.2010 13:39      C:\MSOCache --------- 0 

  20.05.2010 10:56      C:\ntldr --------- 251712 

  20.01.2010 22:12      C:\ptcsetup.log --------- 5653 

  20.01.2010 22:11      C:\ptcsetup.bak --------- 17723 

  28.08.2009 11:36      C:\crashAddress.txt --------- 160 

  25.06.2009 17:08      C:\1100 --------- 0 

  11.06.2009 20:43      C:\usr --------- 0 

  03.03.2009 13:25      C:\found.000 --------- 0 

  22.02.2009 21:07      C:\ImageOutput --------- 0 

  21.01.2009 14:27      C:\Intel --------- 0 

  21.01.2009 14:24      C:\csb.log --------- 10 

  21.01.2009 00:57      C:\ATI --------- 0 

  21.01.2009 00:48      C:\MSDOS.SYS --------- 0 

  21.01.2009 00:48      C:\IO.SYS --------- 0 

  21.01.2009 00:48      C:\AUTOEXEC.BAT --------- 0 

  21.01.2009 00:48      C:\CONFIG.SYS --------- 0 

  11.11.2004 14:00      C:\NTDETECT.COM --------- 47564 

  11.11.2004 14:00      C:\bootfont.bin --------- 4952 

----------------------------------------
 

 

C:\WINDOWS
 

  20.10.2010 15:01     C:\WINDOWS\0.log --------- 0 

  20.10.2010 15:01     C:\WINDOWS\wiadebug.log --------- 159 

  20.10.2010 15:00     C:\WINDOWS\wiaservc.log --------- 50 

  20.10.2010 15:00     C:\WINDOWS\bootstat.dat --------- 2048 

  20.10.2010 13:45     C:\WINDOWS\SchedLgU.Txt --------- 32386 

  20.10.2010 13:45     C:\WINDOWS\WindowsUpdate.log --------- 1288 

  19.10.2010 20:15     C:\WINDOWS\setupapi.log --------- 5090 

  25.05.2010 21:50     C:\WINDOWS\citamis.str --------- 3241 

  20.05.2010 11:41     C:\WINDOWS\SiInst.ini --------- 1331 

  20.05.2010 11:14     C:\WINDOWS\WMSysPr9.prx --------- 316640 

  03.05.2010 14:24     C:\WINDOWS\wininit.ini --------- 209 

  03.05.2010 13:31     C:\WINDOWS\win.ini --------- 477 

  03.05.2010 13:31     C:\WINDOWS\system.ini --------- 227 

  14.01.2010 21:02     C:\WINDOWS\pwc62ud.INI --------- 279 

  14.01.2010 17:32     C:\WINDOWS\ODBC.INI --------- 400 

  14.01.2010 17:32     C:\WINDOWS\vbaddin.ini --------- 63 

  27.08.2009 14:20     C:\WINDOWS\ULead32.ini --------- 315 

  27.08.2009 14:20     C:\WINDOWS\u3dedit3.INI --------- 2602 

  21.01.2009 16:31     C:\WINDOWS\HideWin.exe --------- 319488 

  21.01.2009 15:46     C:\WINDOWS\gdrv.sys --------- 15600 

  21.01.2009 15:36     C:\WINDOWS\winamp.ini --------- 1065 

  21.01.2009 14:32     C:\WINDOWS\nsreg.dat --------- 0 

  21.01.2009 01:03     C:\WINDOWS\ativpsrm.bin --------- 0 

  21.01.2009 00:51     C:\WINDOWS\REGLOCS.OLD --------- 8192 

  21.01.2009 00:48     C:\WINDOWS\control.ini --------- 0 

  21.01.2009 00:47     C:\WINDOWS\ODBCINST.INI --------- 4161 

  21.01.2009 00:47     C:\WINDOWS\WindowsShell.Manifest --------- 749 

  21.01.2009 00:45     C:\WINDOWS\vb.ini --------- 36 

  17.10.2008 16:19     C:\WINDOWS\atiogl.xml --------- 15079 

  23.07.2008 17:51     C:\WINDOWS\RTHDCPL.exe --------- 16804864 

  15.07.2008 14:58     C:\WINDOWS\RtlExUpd.dll --------- 524288 

  15.07.2008 14:47     C:\WINDOWS\RtlUpd.exe --------- 1196032 

  19.06.2008 17:42     C:\WINDOWS\alcwzrd.exe --------- 2808832 

  19.06.2008 17:27     C:\WINDOWS\RTLCPL.exe --------- 9715200 

  19.06.2008 17:20     C:\WINDOWS\Alcmtr.exe --------- 57344 

  18.06.2008 19:01     C:\WINDOWS\SoundMan.exe --------- 77824 

  14.04.2008 07:53     C:\WINDOWS\winhlp32.exe --------- 288768 

  14.04.2008 07:53     C:\WINDOWS\slrundll.exe --------- 32866 

  14.04.2008 07:53     C:\WINDOWS\regedit.exe --------- 153600 

  14.04.2008 07:52     C:\WINDOWS\notepad.exe --------- 70144 

  14.04.2008 07:52     C:\WINDOWS\hh.exe --------- 10752 

  14.04.2008 07:52     C:\WINDOWS\explorer.exe --------- 1036800 

  14.04.2008 07:52     C:\WINDOWS\twain_32.dll --------- 50688 

  01.01.2008 01:58     C:\WINDOWS\Sti_Trace.log --------- 0 

  20.11.2007 19:15     C:\WINDOWS\SkyTel.exe --------- 1826816 

  14.11.2007 01:18     C:\WINDOWS\USetup.iss --------- 553 

  20.07.2007 12:33     C:\WINDOWS\snpstd3.ini --------- 15478 

  20.07.2007 12:18     C:\WINDOWS\snpstd3.src --------- 13003 

  28.06.2007 17:44     C:\WINDOWS\MicCal.exe --------- 2165760 

  29.12.2006 00:31     C:\WINDOWS\002671_.tmp --------- 19569 

  01.08.2006 13:31     C:\WINDOWS\ffmpeg.exe --------- 3600384 

  31.07.2006 12:27     C:\WINDOWS\alcrmv.exe --------- 217088 

  31.07.2006 12:19     C:\WINDOWS\alcupd.exe --------- 315392 

  11.11.2004 14:00     C:\WINDOWS\Zapotek.bmp --------- 9522 

  11.11.2004 14:00     C:\WINDOWS\SET8.tmp --------- 14043 

  11.11.2004 14:00     C:\WINDOWS\SET4.tmp --------- 1086058 

  11.11.2004 14:00     C:\WINDOWS\SET3.tmp --------- 106147 

  11.11.2004 14:00     C:\WINDOWS\Seifenblase.bmp --------- 65978 

  11.11.2004 14:00     C:\WINDOWS\Santa Fe-Stuck.bmp --------- 65832 

  11.11.2004 14:00     C:\WINDOWS\TASKMAN.EXE --------- 15872 

  11.11.2004 14:00     C:\WINDOWS\twain.dll --------- 94800 

  11.11.2004 14:00     C:\WINDOWS\msdfmap.ini --------- 1405 

  11.11.2004 14:00     C:\WINDOWS\twunk_16.exe --------- 49680 

  11.11.2004 14:00     C:\WINDOWS\Granit.bmp --------- 26582 

  11.11.2004 14:00     C:\WINDOWS\Feder.bmp --------- 16730 

  11.11.2004 14:00     C:\WINDOWS\explorer.scf --------- 80 

  11.11.2004 14:00     C:\WINDOWS\wmprfDEU.prx --------- 34818 

  11.11.2004 14:00     C:\WINDOWS\winnt256.bmp --------- 48680 

  11.11.2004 14:00     C:\WINDOWS\desktop.ini --------- 2 

  11.11.2004 14:00     C:\WINDOWS\vmmreg32.dll --------- 18944 

  11.11.2004 14:00     C:\WINDOWS\clock.avi --------- 82944 

  11.11.2004 14:00     C:\WINDOWS\Blaue Spitzen 16.bmp --------- 1272 

  11.11.2004 14:00     C:\WINDOWS\Angler.bmp --------- 17336 

  11.11.2004 14:00     C:\WINDOWS\Rhododendron.bmp --------- 17362 

  11.11.2004 14:00     C:\WINDOWS\twunk_32.exe --------- 25600 

  11.11.2004 14:00     C:\WINDOWS\F„cher.bmp --------- 26680 

  11.11.2004 14:00     C:\WINDOWS\winhelp.exe --------- 257568 

  11.11.2004 14:00     C:\WINDOWS\Kaffeetasse.bmp --------- 17062 

  11.11.2004 14:00     C:\WINDOWS\Pr„riewind.bmp --------- 65954 

  11.11.2004 14:00     C:\WINDOWS\winnt.bmp --------- 48680 

  11.11.2004 14:00     C:\WINDOWS\_default.pif --------- 707 

  12.01.2001 18:04     C:\WINDOWS\setdebug.exe --------- 46352 

  12.01.2001 16:10     C:\WINDOWS\jautoexp.dat --------- 6550 

  17.11.1998 12:44     C:\WINDOWS\IsUn0407.exe --------- 328704 

  29.10.1998 16:45     C:\WINDOWS\IsUninst.exe --------- 306688 

----------------------------------------
 

 

C:\WINDOWS\System
 

 14.04.2008 07:53    C:\WINDOWS\System\winspool.drv --------- 146944 

 11.11.2004 14:00    C:\WINDOWS\System\AVIFILE.DLL --------- 109504 

 11.11.2004 14:00    C:\WINDOWS\System\COMMDLG.DLL --------- 33744 

 11.11.2004 14:00    C:\WINDOWS\System\WFWNET.DRV --------- 13600 

 11.11.2004 14:00    C:\WINDOWS\System\VGA.DRV --------- 2176 

 11.11.2004 14:00    C:\WINDOWS\System\VER.DLL --------- 9200 

 11.11.2004 14:00    C:\WINDOWS\System\KEYBOARD.DRV --------- 2000 

 11.11.2004 14:00    C:\WINDOWS\System\LZEXPAND.DLL --------- 9936 

 11.11.2004 14:00    C:\WINDOWS\System\MCIAVI.DRV --------- 73760 

 11.11.2004 14:00    C:\WINDOWS\System\MCISEQ.DRV --------- 25296 

 11.11.2004 14:00    C:\WINDOWS\System\MCIWAVE.DRV --------- 28160 

 11.11.2004 14:00    C:\WINDOWS\System\MMSYSTEM.DLL --------- 69632 

 11.11.2004 14:00    C:\WINDOWS\System\MMTASK.TSK --------- 1152 

 11.11.2004 14:00    C:\WINDOWS\System\MOUSE.DRV --------- 2032 

 11.11.2004 14:00    C:\WINDOWS\System\TIMER.DRV --------- 4048 

 11.11.2004 14:00    C:\WINDOWS\System\TAPI.DLL --------- 19200 

 11.11.2004 14:00    C:\WINDOWS\System\SYSTEM.DRV --------- 3360 

 11.11.2004 14:00    C:\WINDOWS\System\stdole.tlb --------- 5532 

 11.11.2004 14:00    C:\WINDOWS\System\MSVIDEO.DLL --------- 127104 

 11.11.2004 14:00    C:\WINDOWS\System\AVICAP.DLL --------- 70368 

 11.11.2004 14:00    C:\WINDOWS\System\OLECLI.DLL --------- 82944 

 11.11.2004 14:00    C:\WINDOWS\System\OLESVR.DLL --------- 24064 

 11.11.2004 14:00    C:\WINDOWS\System\SOUND.DRV --------- 1744 

 11.11.2004 14:00    C:\WINDOWS\System\setup.inf --------- 59167 

 11.11.2004 14:00    C:\WINDOWS\System\SHELL.DLL --------- 5120 

 13.08.2002 10:57    C:\WINDOWS\System\tabctl16.ocx --------- 113056 

 13.08.2002 10:57    C:\WINDOWS\System\threed16.ocx --------- 177824 

 13.08.2002 10:57    C:\WINDOWS\System\oc25.dll --------- 536048 

 13.08.2002 10:57    C:\WINDOWS\System\mscomm16.ocx --------- 71104 

 13.08.2002 10:57    C:\WINDOWS\System\grid16.ocx --------- 85552 

 13.08.2002 10:56    C:\WINDOWS\System\dao2516.dll --------- 543584 

 13.08.2002 10:56    C:\WINDOWS\System\vbajet.dll --------- 2920 

 13.08.2002 10:56    C:\WINDOWS\System\vbdb16.dll --------- 86848 

 13.08.2002 10:56    C:\WINDOWS\System\vb40016.dll --------- 935632 

 13.08.2002 10:56    C:\WINDOWS\System\vaen21.olb --------- 35200 

 13.08.2002 10:56    C:\WINDOWS\System\msjetint.dll --------- 15936 

 13.08.2002 10:56    C:\WINDOWS\System\regsvr.exe --------- 7216 

 13.08.2002 10:56    C:\WINDOWS\System\msjeterr.dll --------- 11232 

 13.08.2002 10:56    C:\WINDOWS\System\msajt200.dll --------- 995136 

 13.08.2002 10:56    C:\WINDOWS\System\compobj.dll --------- 108544 

----------------------------------------
 

 

C:\WINDOWS\System32
 

 20.10.2010 15:01     C:\WINDOWS\system32\CatRoot2 --------- 0 

 19.10.2010 11:50     C:\WINDOWS\system32\drivers --------- 0 

 16.10.2010 21:17     C:\WINDOWS\system32\dllcache --------- 0 

 09.10.2010 10:33     C:\WINDOWS\system32\wpa.dbl --------- 2206 

 17.09.2010 12:12     C:\WINDOWS\system32\CatRoot --------- 0 

 17.09.2010 12:12     C:\WINDOWS\system32\de-DE --------- 0 

 29.07.2010 18:39     C:\WINDOWS\system32\FNTCACHE.DAT --------- 232776 

 15.07.2010 22:40     C:\WINDOWS\system32\Restore --------- 0 

 15.06.2010 17:44     C:\WINDOWS\system32\lsdelete.exe --------- 15880 

 11.06.2010 17:46     C:\WINDOWS\system32\DRVSTORE --------- 0 

 25.05.2010 22:59     C:\WINDOWS\system32\config --------- 0 

 20.05.2010 11:13     C:\WINDOWS\system32\spupdwxp.log --------- 247 

 20.05.2010 11:13     C:\WINDOWS\system32\Setup --------- 0 

 20.05.2010 11:13     C:\WINDOWS\system32\wbem --------- 0 

 20.05.2010 11:00     C:\WINDOWS\system32\inetsrv --------- 0 

 20.05.2010 10:59     C:\WINDOWS\system32\usmt --------- 0 

 20.05.2010 10:59     C:\WINDOWS\system32\de --------- 0 

 20.05.2010 10:59     C:\WINDOWS\system32\bits --------- 0 

 20.05.2010 10:57     C:\WINDOWS\system32\npp --------- 0 

 20.05.2010 10:57     C:\WINDOWS\system32\Com --------- 0 

 20.05.2010 10:57     C:\WINDOWS\system32\oobe --------- 0 

 20.05.2010 10:55     C:\WINDOWS\system32\ReinstallBackups --------- 0 

 03.05.2010 15:34     C:\WINDOWS\system32\lowsec --------- 0 

 20.03.2010 20:11     C:\WINDOWS\system32\FM20DEU.DLL --------- 36736 

 07.03.2010 17:31     C:\WINDOWS\system32\d3d9caps.dat --------- 664 

 05.03.2010 22:04     C:\WINDOWS\system32\PnkBstrB.exe --------- 189488 

 05.03.2010 22:04     C:\WINDOWS\system32\PnkBstrB.xtr --------- 189488 

 04.03.2010 20:59     C:\WINDOWS\system32\PnkBstrA.exe --------- 75064 

 04.03.2010 20:59     C:\WINDOWS\system32\pbsvc_heroes.exe --------- 2407792 

 20.02.2010 17:20     C:\WINDOWS\system32\FM20ENU.DLL --------- 31616 

 31.01.2010 17:29     C:\WINDOWS\system32\HWC HD --------- 0 

 25.12.2009 02:28     C:\WINDOWS\system32\quicktime --------- 0 

 27.08.2009 14:19     C:\WINDOWS\system32\DKRNL.JAX --------- 24 

 30.06.2009 22:08     C:\WINDOWS\system32\pbsvc.exe --------- 794408 

 30.06.2009 22:08     C:\WINDOWS\system32\LogFiles --------- 0 

 26.05.2009 21:10     C:\WINDOWS\system32\javacpl.cpl --------- 73728 

 26.05.2009 21:10     C:\WINDOWS\system32\javaw.exe --------- 144792 

 26.05.2009 21:10     C:\WINDOWS\system32\javaws.exe --------- 148888 

 26.05.2009 21:10     C:\WINDOWS\system32\java.exe --------- 144792 

 26.05.2009 21:10     C:\WINDOWS\system32\deploytk.dll --------- 410984 

 30.03.2009 14:29     C:\WINDOWS\system32\appmgmt --------- 0 

 29.03.2009 14:09     C:\WINDOWS\system32\perfh007.dat --------- 405448 

 29.03.2009 14:09     C:\WINDOWS\system32\perfh009.dat --------- 392432 

 29.03.2009 14:09     C:\WINDOWS\system32\perfc007.dat --------- 70778 

 29.03.2009 14:09     C:\WINDOWS\system32\perfc009.dat --------- 58732 

 29.03.2009 14:09     C:\WINDOWS\system32\PerfStringBackup.INI --------- 938224 

 17.03.2009 20:16     C:\WINDOWS\system32\mui --------- 0 

 08.03.2009 15:29     C:\WINDOWS\system32\ieframe.dll.mui --------- 1302528 

 08.03.2009 15:29     C:\WINDOWS\system32\msrating.dll.mui --------- 57344 

 08.03.2009 15:28     C:\WINDOWS\system32\mshta.exe.mui --------- 2560 

 08.03.2009 15:27     C:\WINDOWS\system32\ie4uinit.exe.mui --------- 4096 

 08.03.2009 15:27     C:\WINDOWS\system32\advpack.dll.mui --------- 12288 

 08.03.2009 15:27     C:\WINDOWS\system32\iedkcs32.dll.mui --------- 81920 

 08.03.2009 15:09     C:\WINDOWS\system32\iedkcs32.dll --------- 391536 

 08.03.2009 05:41     C:\WINDOWS\system32\mshtml.dll --------- 5937152 

 08.03.2009 05:39     C:\WINDOWS\system32\ieframe.dll --------- 11063808 

 08.03.2009 05:35     C:\WINDOWS\system32\html.iec --------- 385024 

 08.03.2009 05:34     C:\WINDOWS\system32\wininet.dll --------- 914944 

 08.03.2009 05:34     C:\WINDOWS\system32\urlmon.dll --------- 1206784 

 08.03.2009 05:34     C:\WINDOWS\system32\inetcpl.cpl --------- 1469440 

 08.03.2009 05:34     C:\WINDOWS\system32\WinFXDocObj.exe --------- 208384 

 08.03.2009 05:34     C:\WINDOWS\system32\webcheck.dll --------- 236544 

 08.03.2009 05:34     C:\WINDOWS\system32\licmgr10.dll --------- 43008 

 08.03.2009 05:34     C:\WINDOWS\system32\url.dll --------- 105984 

 08.03.2009 05:34     C:\WINDOWS\system32\msrating.dll --------- 193536 

 08.03.2009 05:34     C:\WINDOWS\system32\occache.dll --------- 109568 

 08.03.2009 05:33     C:\WINDOWS\system32\corpol.dll --------- 18944 

 08.03.2009 05:33     C:\WINDOWS\system32\jsproxy.dll --------- 25600 

 08.03.2009 05:33     C:\WINDOWS\system32\jscript.dll --------- 726528 

 08.03.2009 05:33     C:\WINDOWS\system32\ieaksie.dll --------- 229376 

 08.03.2009 05:33     C:\WINDOWS\system32\vbscript.dll --------- 420352 

 08.03.2009 05:33     C:\WINDOWS\system32\ieakeng.dll --------- 125952 

 08.03.2009 05:32     C:\WINDOWS\system32\admparse.dll --------- 72704 

 08.03.2009 05:32     C:\WINDOWS\system32\ie4uinit.exe --------- 173056 

 08.03.2009 05:32     C:\WINDOWS\system32\ieakui.dll --------- 163840 

 08.03.2009 05:32     C:\WINDOWS\system32\iesetup.dll --------- 71680 

 08.03.2009 05:32     C:\WINDOWS\system32\iernonce.dll --------- 55808 

 08.03.2009 05:32     C:\WINDOWS\system32\advpack.dll --------- 128512 

 08.03.2009 05:32     C:\WINDOWS\system32\inseng.dll --------- 94720 

 08.03.2009 05:32     C:\WINDOWS\system32\msfeeds.dll --------- 594432 

 08.03.2009 05:32     C:\WINDOWS\system32\iertutil.dll --------- 1985024 

 08.03.2009 05:32     C:\WINDOWS\system32\mstime.dll --------- 611840 

 08.03.2009 05:31     C:\WINDOWS\system32\iepeers.dll --------- 183808 

 08.03.2009 05:31     C:\WINDOWS\system32\msfeedssync.exe --------- 13312 

 08.03.2009 05:31     C:\WINDOWS\system32\icardie.dll --------- 59904 

 08.03.2009 05:31     C:\WINDOWS\system32\msfeedsbs.dll --------- 55296 

 08.03.2009 05:31     C:\WINDOWS\system32\dxtmsft.dll --------- 348160 

 08.03.2009 05:31     C:\WINDOWS\system32\dxtrans.dll --------- 216064 

 08.03.2009 05:31     C:\WINDOWS\system32\imgutil.dll --------- 34816 

 08.03.2009 05:31     C:\WINDOWS\system32\pngfilt.dll --------- 46592 

 08.03.2009 05:31     C:\WINDOWS\system32\mshtmled.dll --------- 66560 

 08.03.2009 05:31     C:\WINDOWS\system32\mshtmler.dll --------- 48128 

 08.03.2009 05:31     C:\WINDOWS\system32\mshtml.tlb --------- 1638912 

 08.03.2009 05:31     C:\WINDOWS\system32\mshta.exe --------- 45568 

 08.03.2009 05:30     C:\WINDOWS\system32\tdc.ocx --------- 66560 

 08.03.2009 05:22     C:\WINDOWS\system32\ieui.dll --------- 164352 

 08.03.2009 05:22     C:\WINDOWS\system32\msls31.dll --------- 156160 

 08.03.2009 05:15     C:\WINDOWS\system32\ieuinit.inf --------- 57667 

 08.03.2009 05:11     C:\WINDOWS\system32\ieapfltr.dll --------- 445952 

 08.03.2009 04:32     C:\WINDOWS\system32\ieudinit.exe --------- 36864 

----------------------------------------
 

 

C:\WINDOWS\Prefetch
 

 20.10.2010 15:38     C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 11724 

 20.10.2010 15:31     C:\WINDOWS\Prefetch\AVWSC.EXE-1742FD55.pf --------- 37996 

 20.10.2010 15:30     C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 16000 

 20.10.2010 15:29     C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-3643707F.pf --------- 25714 

 20.10.2010 15:20     C:\WINDOWS\Prefetch\ADMINISTRATOR.EXE-2711813F.pf --------- 28090 

 20.10.2010 15:20     C:\WINDOWS\Prefetch\RSIT.EXE-3AC3D3D1.pf --------- 18966 

 20.10.2010 15:17     C:\WINDOWS\Prefetch\ICQ.EXE-1AD5010D.pf --------- 75120 

 20.10.2010 15:05     C:\WINDOWS\Prefetch\SKYPE.EXE-0D322358.pf --------- 56458 

 20.10.2010 15:04     C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 15704 

 20.10.2010 15:04     C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-022F6795.pf --------- 94680 

 20.10.2010 15:04     C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf --------- 7768 

 20.10.2010 15:04     C:\WINDOWS\Prefetch\FIREFOX.EXE-28BE8AE1.pf --------- 114524 

 20.10.2010 15:03     C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf --------- 48562 

 20.10.2010 15:03     C:\WINDOWS\Prefetch\AUTOLAUNCH.EXE-343E795D.pf --------- 51288 

 20.10.2010 15:03     C:\WINDOWS\Prefetch\AD-AWARE.EXE-2B8B58D1.pf --------- 60898 

 20.10.2010 15:03     C:\WINDOWS\Prefetch\AAWTRAY.EXE-31E33C30.pf --------- 62728 

 20.10.2010 15:02     C:\WINDOWS\Prefetch\AAWWSC.EXE-3513A2B5.pf --------- 23786 

 20.10.2010 15:02     C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 17814 

 20.10.2010 15:01     C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf --------- 45698 

 20.10.2010 15:01     C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 15274 

 20.10.2010 15:01     C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf --------- 30444 

 20.10.2010 15:01     C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 16738 

 20.10.2010 15:01     C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1209232 

 20.10.2010 13:30     C:\WINDOWS\Prefetch\OSE.EXE-313A091F.pf --------- 9116 

 20.10.2010 13:27     C:\WINDOWS\Prefetch\IMAGECONVERTER.EXE-2FB34E09.pf --------- 14808 

 20.10.2010 13:26     C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 20032 

 20.10.2010 13:25     C:\WINDOWS\Prefetch\EXCEL.EXE-09824C88.pf --------- 88220 

 20.10.2010 13:24     C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-19B1D743.pf --------- 58140 

 20.10.2010 13:24     C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 27152 

 20.10.2010 12:44     C:\WINDOWS\Prefetch\WINAMP.EXE-065B55C4.pf --------- 85116 

 20.10.2010 02:11     C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 25124 

 20.10.2010 01:38     C:\WINDOWS\Prefetch\VLC.EXE-2584CE07.pf --------- 97026 

 20.10.2010 01:38     C:\WINDOWS\Prefetch\ADOBEARM.EXE-237273D1.pf --------- 23250 

 20.10.2010 01:37     C:\WINDOWS\Prefetch\ACRORD32.EXE-2E761392.pf --------- 58328 

 20.10.2010 01:22     C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf --------- 36308 

 19.10.2010 21:55     C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22D2A6A0.pf --------- 41626 

 19.10.2010 21:55     C:\WINDOWS\Prefetch\UPDATE.EXE-33FE454B.pf --------- 50738 

 19.10.2010 20:14     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C51EBAA.pf --------- 17256 

 19.10.2010 20:14     C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf --------- 16154 

 19.10.2010 19:56     C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 100946 

 19.10.2010 17:50     C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 19538 

 19.10.2010 17:49     C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 88286 

 19.10.2010 17:49     C:\WINDOWS\Prefetch\Layout.ini --------- 499202 

 19.10.2010 17:45     C:\WINDOWS\Prefetch\AAWSERVICE.EXE-1E1DE6D1.pf --------- 81572 

 19.10.2010 17:44     C:\WINDOWS\Prefetch\AD-AWAREADMIN.EXE-1618EEEB.pf --------- 37580 

 19.10.2010 16:50     C:\WINDOWS\Prefetch\AVSCAN.EXE-068A2CAC.pf --------- 86356 

 19.10.2010 13:03     C:\WINDOWS\Prefetch\AVCENTER.EXE-377C5668.pf --------- 62604 

 19.10.2010 13:01     C:\WINDOWS\Prefetch\THREATWORK.EXE-2CC668FF.pf --------- 31900 

 19.10.2010 12:59     C:\WINDOWS\Prefetch\GUARDGUI.EXE-1FA25B88.pf --------- 15708 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf --------- 53742 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\_IU14D2N.TMP-38A1306E.pf --------- 26292 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\UNINS001.EXE-1EB18737.pf --------- 19506 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\UNINS000.EXE-02BCB9C7.pf --------- 18766 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\FOTOFUSIONV4 UNINSTALLER.EXE-1AB6D74C.pf --------- 19102 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf --------- 128060 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf --------- 23888 

 19.10.2010 12:09     C:\WINDOWS\Prefetch\COLLAGE.EXE-34742083.pf --------- 56016 

 19.10.2010 12:08     C:\WINDOWS\Prefetch\UNINST.EXE-1E1D427F.pf --------- 16754 

 19.10.2010 12:08     C:\WINDOWS\Prefetch\UNINST.EXE-1910BCF3.pf --------- 28430 

 19.10.2010 12:08     C:\WINDOWS\Prefetch\UNINS000.EXE-0B5F6769.pf --------- 16692 

 19.10.2010 12:07     C:\WINDOWS\Prefetch\UNINS000.EXE-2C46BE05.pf --------- 18628 

 19.10.2010 12:07     C:\WINDOWS\Prefetch\CCLEANER.EXE-17ADB38C.pf --------- 113546 

 19.10.2010 11:50     C:\WINDOWS\Prefetch\AU_.EXE-1563F1CE.pf --------- 24870 

 19.10.2010 11:50     C:\WINDOWS\Prefetch\UNINSTALL.EXE-2B525910.pf --------- 13676 

 19.10.2010 11:50     C:\WINDOWS\Prefetch\UNINS000.EXE-2AE40FD4.pf --------- 24612 

 19.10.2010 11:49     C:\WINDOWS\Prefetch\NMSACCESSU.EXE-0836AD64.pf --------- 8794 

 19.10.2010 11:34     C:\WINDOWS\Prefetch\RUNDLL32.EXE-481F709A.pf --------- 48596 

 19.10.2010 11:34     C:\WINDOWS\Prefetch\JAVA.EXE-2167859B.pf --------- 72862 

 18.10.2010 22:48     C:\WINDOWS\Prefetch\WINRAR.EXE-1A0EFB18.pf --------- 52964 

 18.10.2010 20:06     C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 26442 

 18.10.2010 20:06     C:\WINDOWS\Prefetch\RUNDLL32.EXE-13404D23.pf --------- 63118 

 18.10.2010 14:03     C:\WINDOWS\Prefetch\SYSTEMLOOK.EXE-047336E8.pf --------- 18400 

 18.10.2010 13:07     C:\WINDOWS\Prefetch\HJTINSTALL.EXE-120AE2D7.pf --------- 20036 

 18.10.2010 12:44     C:\WINDOWS\Prefetch\POWERPNT.EXE-2A26805E.pf --------- 69842 

 18.10.2010 11:39     C:\WINDOWS\Prefetch\CLEANSWEEPUPD.EXE-1F1C0D67.pf --------- 22106 

 18.10.2010 00:07     C:\WINDOWS\Prefetch\RUNDLL32.EXE-207E54C3.pf --------- 14962 

 18.10.2010 00:07     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4BA7A70C.pf --------- 15130 

 17.10.2010 19:37     C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf --------- 21290 

 17.10.2010 19:16     C:\WINDOWS\Prefetch\AGENT.EXE-241FAAD9.pf --------- 60418 

 17.10.2010 19:16     C:\WINDOWS\Prefetch\ISUSPM.EXE-1D77C392.pf --------- 153370 

 16.10.2010 22:41     C:\WINDOWS\Prefetch\LEECHER.EXE-2319A22A.pf --------- 29676 

 16.10.2010 22:40     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C40A48F.pf --------- 15630 

 16.10.2010 22:40     C:\WINDOWS\Prefetch\RUNDLL32.EXE-188DF14E.pf --------- 23664 

 16.10.2010 22:36     C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --------- 16732 

 16.10.2010 22:19     C:\WINDOWS\Prefetch\CLVIEW.EXE-23D169C2.pf --------- 65234 

 16.10.2010 22:01     C:\WINDOWS\Prefetch\WINWORD.EXE-2811918F.pf --------- 98858 

 16.10.2010 21:23     C:\WINDOWS\Prefetch\STATION2.EXE-038805B3.pf --------- 53856 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf --------- 22744 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-49A1D709.pf --------- 19928 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-15206D5C.pf --------- 19980 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-188D9E9C.pf --------- 19996 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D3D8701.pf --------- 19968 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3085D5CC.pf --------- 19968 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-43854211.pf --------- 19968 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C703AED.pf --------- 17738 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-14EC1EE8.pf --------- 17738 

 16.10.2010 21:17     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4ABAF25B.pf --------- 17738 

 16.10.2010 21:14     C:\WINDOWS\Prefetch\MMC.EXE-39071BCC.pf --------- 36142 

 16.10.2010 21:14     C:\WINDOWS\Prefetch\RUNDLL32.EXE-44A0B4BC.pf --------- 32444 

 16.10.2010 21:08     C:\WINDOWS\Prefetch\RUNDLL32.EXE-23061B8F.pf --------- 16074 

 16.10.2010 19:17     C:\WINDOWS\Prefetch\PLAYER.EXE-3A1D4B43.pf --------- 47752 

 16.10.2010 19:12     C:\WINDOWS\Prefetch\VEETLE-0.9.18.EXE-1F1D1ED4.pf --------- 31336 

 16.10.2010 16:19     C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf --------- 17398 

 15.10.2010 23:48     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B08ECFB.pf --------- 23268 

 15.10.2010 22:44     C:\WINDOWS\Prefetch\RUNDLL32.EXE-47DAD21C.pf --------- 43988 

 15.10.2010 22:33     C:\WINDOWS\Prefetch\SETUP.EXE-002F50CE.pf --------- 35118 

 15.10.2010 22:33     C:\WINDOWS\Prefetch\SEAGATE-RELEASE.EXE-1589B8C9.pf --------- 49106 

 15.10.2010 22:32     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4207E90B.pf --------- 15260 

 14.10.2010 22:25     C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf --------- 19036 

 14.10.2010 21:22     C:\WINDOWS\Prefetch\RUNDLL32.EXE-28DAF2FD.pf --------- 17296 

 14.10.2010 21:06     C:\WINDOWS\Prefetch\FHEYDBUEYJ.EXE-2CFB0202.pf --------- 15354 

 13.10.2010 23:43     C:\WINDOWS\Prefetch\RUNDLL32.EXE-19411A95.pf --------- 16748 

 13.10.2010 23:02     C:\WINDOWS\Prefetch\FIREWORKS 4.EXE-28616533.pf --------- 56422 

 12.10.2010 23:48     C:\WINDOWS\Prefetch\RUNDLL32.EXE-418EC388.pf --------- 35126 

 12.10.2010 23:02     C:\WINDOWS\Prefetch\CRASHREPORTER.EXE-05610F59.pf --------- 20764 

 12.10.2010 18:33     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B495574.pf --------- 15772 

 12.10.2010 16:38     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3E116FC1.pf --------- 15686 

 12.10.2010 16:30     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BA10EF7.pf --------- 44256 

 12.10.2010 16:30     C:\WINDOWS\Prefetch\RUNDLL32.EXE-27CA4AF1.pf --------- 38154 

 12.10.2010 15:49     C:\WINDOWS\Prefetch\RUNDLL32.EXE-29192C59.pf --------- 46622 

 12.10.2010 14:10     C:\WINDOWS\Prefetch\DW20.EXE-005BA42F.pf --------- 10146 

 12.10.2010 14:09     C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 62202 

 11.10.2010 22:35     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf --------- 35656 

 11.10.2010 22:35     C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf --------- 32918 

 11.10.2010 22:34     C:\WINDOWS\Prefetch\0.40520102324780105.EXE-38E656CB.pf --------- 7862 

 11.10.2010 22:34     C:\WINDOWS\Prefetch\JAVAW.EXE-0159D575.pf --------- 5432 

 11.10.2010 22:34     C:\WINDOWS\Prefetch\JAVAWS.EXE-1714DD62.pf --------- 15864 

 11.10.2010 22:13     C:\WINDOWS\Prefetch\RUNDLL32.EXE-14F71516.pf --------- 47326 

----------------------------------------
 

 

C:\WINDOWS\Tasks
 

 20.10.2010 15:23     C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job --------- 892 

 20.10.2010 15:03     C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job --------- 470 

 20.10.2010 15:00     C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job --------- 888 

 20.10.2010 15:00     C:\WINDOWS\Tasks\SA.DAT --------- 6 

 11.11.2004 14:00     C:\WINDOWS\Tasks\desktop.ini --------- 65 

----------------------------------------
 

 

C:\WINDOWS\Temp
 

 20.10.2010 15:00     C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat --------- 16384 

 19.10.2010 16:50     C:\WINDOWS\Temp\History --------- 0 

 19.10.2010 16:50     C:\WINDOWS\Temp\Cookies --------- 0 

 19.10.2010 16:50     C:\WINDOWS\Temp\Temporary Internet Files --------- 0 

 16.10.2010 14:54     C:\WINDOWS\Temp\Perflib_Perfdata_9dc.dat --------- 16384 

----------------------------------------
 

 

C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp
 

 20.10.2010 15:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\JETB906.tmp --------- 0 

 20.10.2010 15:16      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\plugtmp --------- 0 

 20.10.2010 15:04      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\foxtab --------- 0 

 20.10.2010 01:38      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AdobeARM_NotLocked.log --------- 735 

 20.10.2010 01:38      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ArmUI.ini --------- 148526 

 19.10.2010 12:56      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\hsperfdata_Administrator --------- 0 

 19.10.2010 11:37      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AdobeARM.log --------- 245330 

 19.10.2010 11:34      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\java_install_reg.log --------- 1580 

 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\34661.dmp --------- 45671 

 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\34576.dmp --------- 26234 

 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\45b3_appcompat.txt --------- 16174 

 17.10.2010 19:17      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\437f_appcompat.txt --------- 16174 

 16.10.2010 19:12      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\veetleb --------- 0 

 16.10.2010 14:54      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\AD85.dmp --------- 27778 

 16.10.2010 14:54      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\95a0_appcompat.txt --------- 11664 

 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2316889501280927226.tmp --------- 37809 

 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache3801248208306411390.tmp --------- 43975 

 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache1710087421479198575.tmp --------- 84096 

 13.10.2010 20:57      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache6640324910098707211.tmp --------- 59439 

 13.10.2010 20:56      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2351662818532060136.tmp --------- 9457 

 13.10.2010 20:56      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\jar_cache2700756697933379298.tmp --------- 14802 

 12.10.2010 22:55      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\plugtmp-2 --------- 0 

 11.10.2010 22:34      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\0.40163477446917484.exe --------- 101071 

 21.09.2010 13:22      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\SkypeSetup.exe --------- 19075976 

 30.08.2010 23:25      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\tmp10.tmp --------- 349517 

 13.06.2010 11:06      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\German.bin --------- 25764 

 30.04.2010 23:13      C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\uninst.exe --------- 991236 

----------------------------------------
 

 

C:\Programme
 

 20.10.2010 15:20     C:\Programme\trend micro --------- 0 

 19.10.2010 12:08     C:\Programme\NCH Software --------- 0 

 18.10.2010 20:06     C:\Programme\Lavasoft --------- 0 

 17.09.2010 12:19     C:\Programme\Internet Explorer --------- 0 

 25.08.2010 16:02     C:\Programme\Windows Media Player --------- 0 

 25.08.2010 16:02     C:\Programme\Movie Maker --------- 0 

 25.08.2010 16:02     C:\Programme\NetMeeting --------- 0 

 25.08.2010 16:02     C:\Programme\Outlook Express --------- 0 

 25.08.2010 16:01     C:\Programme\ComPlus Applications --------- 0 

 25.08.2010 16:01     C:\Programme\Messenger --------- 0 

 25.08.2010 16:00     C:\Programme\Windows NT --------- 0 

 12.06.2010 13:48     C:\Programme\MSECache --------- 0 

 11.06.2010 22:40     C:\Programme\Microsoft Office --------- 0 

 31.05.2010 13:24     C:\Programme\Gemeinsame Dateien --------- 0 

 02.02.2010 20:22     C:\Programme\LG Soft India --------- 0 

 02.02.2010 20:21     C:\Programme\InstallShield Installation Information --------- 0 

 14.01.2010 17:31     C:\Programme\Microsoft.NET --------- 0 

 25.12.2009 02:28     C:\Programme\NimoCodec Pack --------- 0 

 25.12.2009 02:28     C:\Programme\XviD --------- 0 

 25.12.2009 02:28     C:\Programme\DivX --------- 0 

 25.12.2009 02:28     C:\Programme\DivXCodec --------- 0 

 23.12.2009 20:12     C:\Programme\UnderCoverXP --------- 0 

 17.06.2009 11:08     C:\Programme\Kyocera --------- 0 

 26.05.2009 21:10     C:\Programme\Java --------- 0 

 29.04.2009 10:39     C:\Programme\DAEMON Tools Lite --------- 0 

 11.04.2009 18:01     C:\Programme\Adobe --------- 0 

 19.03.2009 17:20     C:\Programme\Graphviz2.22 --------- 0 

 17.03.2009 20:17     C:\Programme\Mindjet --------- 0 

 17.03.2009 20:16     C:\Programme\MSXML 6.0 --------- 0 

 21.01.2009 16:31     C:\Programme\Realtek --------- 0 

 21.01.2009 16:04     C:\Programme\Realtek AC97 --------- 0 

 21.01.2009 14:36     C:\Programme\xp-AntiSpy --------- 0 

 21.01.2009 14:27     C:\Programme\Intel --------- 0 

 21.01.2009 00:58     C:\Programme\ATI Technologies --------- 0 

 21.01.2009 00:51     C:\Programme\Uninstall Information --------- 0 

 21.01.2009 00:48     C:\Programme\xerox --------- 0 

 21.01.2009 00:48     C:\Programme\microsoft frontpage --------- 0 

 21.01.2009 00:47     C:\Programme\WindowsUpdate --------- 0 

 21.01.2009 00:47     C:\Programme\Online-Dienste --------- 0 

 21.01.2009 00:45     C:\Programme\Online Services --------- 0 

 21.01.2009 00:44     C:\Programme\MSN Gaming Zone --------- 0 

 21.01.2009 00:44     C:\Programme\MSN --------- 0 

----------------------------------------
 

 

C:\Dokumente und Einstellungen\All Users\.. 
 

Administrator    

LocalService.NT-AUTORITŽT    

NetworkService.NT-AUTORITŽT    

All Users    

LocalService    

NetworkService    

Default User    

----------------------------------------
 

 

C:\WINDOWS\system32\drivers\etc\hosts
 

127.0.0.1       localhost

***************************************

----------------------------------------
 

 
 

 

***** Ende des Scans 20.10.2010 um 15:38:34,31 ***

Ccleaner:
Install:

Code:

3GP Media Player 1.0    vsevensoft.com    

ACDSee Pro 2.5    ACD Systems International    2.5.333

Ad-Aware    Lavasoft    

Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    10.0.42.34

Adobe Flash Player 10 Plugin    Adobe Systems Incorporated    10.1.53.64

Adobe Reader 9.3.4 - Deutsch    Adobe Systems Incorporated    9.3.4

ATI - Software Uninstall Utility        6.14.10.1022

ATI Catalyst Control Center        2.008.1201.1503

ATI Display Driver        8.561-081201a1-072271C-ATI

Avira AntiVir Personal - Free Antivirus    Avira GmbH    10.0.0.565

Battlefield Heroes (Administrator)    EA Digital illusions    

CCleaner    Piriform    2.31

DivX Plus Web Player    DivX,Inc.    2.0.0

Easy Graphic Converter 1.2    Etru Software Development    1.1

Enterprise Dynamics Developer 8.0.0 1617        

forteManager    LG Soft India    3.15

Gigabyte Raid Configurer    Gigabyte Technology Corp.    1.00.0000

Graphviz    AT&T Research Labs    2.22

Hercules Deluxe Optical Glass    Hercules    2.8.0.0

High Definition Audio Driver Package - KB888111    Microsoft Corporation    20040219.000000

HijackThis 2.0.2    TrendMicro    2.0.2

ICQ6.5    ICQ    6.5

Java(TM) 6 Update 13    Sun Microsystems, Inc.    6.0.130

JDownloader    AppWork UG (haftungsbeschränkt)    0.89

xxxxxxxxxxxxxxx

xxxxxxxxxxxxxxx

xxxxxxxxxxxxxxx

xxxxxxxxxxxxxxx

xxxxxxxxxxxxxxx

xxxxxxxxxxxxxxx

xxxxxxxxxxxxxxx

mIRC        

Mozilla Firefox (3.6.10)    Mozilla    3.6.10 (de)

MSXML 6.0 Parser    Microsoft Corporation    6.10.1129.0

Mumble and Murmur    Mumble    1.1.8

Nimo Codecs Pack v5.0 (Remove Only)        

PDF-XChange 3    Tracker Software    

PDF24 Creator    PDF24.org    

Prism Video Converter    NCH Software    

xxxxxxxxxxxxxxx

PunkBuster Services    Even Balance, Inc.    0.988

Realtek AC'97 Audio    Realtek Semiconductor Corp.    5.36

REALTEK GbE & FE Ethernet PCI-E NIC Driver    Realtek    1.08.0000

Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    5.10.0.5672

Skype™ 4.2    Skype Technologies S.A.    4.2.187

Spybot - Search & Destroy    Safer Networking Limited    1.6.2

taraVRbuilder 8.0 Demo    tarakos GmbH    8.0.14

TeamSpeak 2 RC2    Dominating Bytes Design    2.0.32.60

UnderCoverXP 1.22    Wicked & Wild Inc.    

Uninstall 1.0.0.1        

Veetle TV 0.9.18    Veetle, Inc    0.9.18

VLC media player 1.0.3    VideoLAN Team    1.0.3

Winamp    Nullsoft, Inc    5.56 

Windows Internet Explorer 8    Microsoft Corporation    20090308.140743

Windows Media Player Firefox Plugin    Microsoft Corp    1.0.0.8

Windows XP Service Pack 3    Microsoft Corporation    20080414.031514

WinRAR        

xp-AntiSpy 3.97    Christian Taubenheim

Startup

Code:

Ja    HKCU:Run    CTFMON.EXE    C:\WINDOWS\system32\ctfmon.exe

Ja    HKCU:Run    SpybotSD TeaTimer    D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

Nein    HKCU:Run    DAEMON Tools Lite    "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun

Nein    HKCU:Run    fheydbueyj.exe    C:\fheydbueyj.exe\fheydbueyj.exe

Nein    HKCU:Run    Hvh    C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe

Ja    HKLM:Run    StartCCC    "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

Ja    HKLM:Run    JMB36X IDE Setup    C:\WINDOWS\JM\JMInsIDE.exe

Ja    HKLM:Run    avgnt    "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

Nein    HKLM:Run    36X Raid Configurer    C:\WINDOWS\system32\JMRaidSetup.exe boot

Nein    HKLM:Run    Alcmtr    ALCMTR.EXE

Nein    HKLM:Run    AlcWzrd    ALCWZRD.EXE

Nein    HKLM:Run    Camservice    D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe /startup

Nein    HKLM:Run    ISUSPM Startup    C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

Nein    HKLM:Run    ISUSScheduler    "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start

Nein    HKLM:Run    RTHDCPL    RTHDCPL.EXE

Nein    HKLM:Run    SoundMan    SOUNDMAN.EXE

Nein    HKLM:Run    SunJavaUpdateSched    "C:\Programme\Java\jre6\bin\jusched.exe"

Nein    Startup Common    forteManager.lnk    C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe -startup

Nein    Startup Common    Microsoft Office.lnk    D:\PROGRA~1\MICROS~1\Office10\OSA.EXE

Gmer log:

[CODE]
GMER Logfile:

Code:

GMER 1.0.15.15319 - hxxp://www.gmer.net

Rootkit scan 2010-10-20 16:17:09

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdqpod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            A075E656                                                                                                            ZwCreateKey

SSDT            A075E64C                                                                                                            ZwCreateThread

SSDT            A075E65B                                                                                                            ZwDeleteKey

SSDT            A075E665                                                                                                            ZwDeleteValueKey

SSDT            spea.sys                                                                                                            ZwEnumerateKey [0xB9EC5CA4]

SSDT            spea.sys                                                                                                            ZwEnumerateValueKey [0xB9EC6032]

SSDT            A075E66A                                                                                                            ZwLoadKey

SSDT            spea.sys                                                                                                            ZwOpenKey [0xB9EA70C0]

SSDT            A075E638                                                                                                            ZwOpenProcess

SSDT            A075E63D                                                                                                            ZwOpenThread

SSDT            spea.sys                                                                                                            ZwQueryKey [0xB9EC610A]

SSDT            spea.sys                                                                                                            ZwQueryValueKey [0xB9EC5F8A]

SSDT            A075E674                                                                                                            ZwReplaceKey

SSDT            A075E66F                                                                                                            ZwRestoreKey

SSDT            A075E660                                                                                                            ZwSetValueKey

SSDT            A075E647                                                                                                            ZwTerminateProcess
 

INT 0x62        ?                                                                                                                   8B189BF8

INT 0x73        ?                                                                                                                   8B189BF8

INT 0x73        ?                                                                                                                   8B189BF8

INT 0x73        ?                                                                                                                   8B119BF8

INT 0x73        ?                                                                                                                   8AEB5BF8

INT 0x73        ?                                                                                                                   8B189BF8

INT 0x82        ?                                                                                                                   8B189BF8

INT 0x84        ?                                                                                                                   8AEB5BF8

INT 0xA4        ?                                                                                                                   8AEB5BF8

INT 0xA4        ?                                                                                                                   8AEB5BF8

INT 0xA4        ?                                                                                                                   8AEB5BF8

INT 0xA4        ?                                                                                                                   8AEB5BF8

INT 0xB4        ?                                                                                                                   8AEB5BF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               spea.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                            section is writeable [0xB8502000, 0x1B601E, 0xE8000020]

.text           USBPORT.SYS!DllUnload                                                                                               B84B98AC 5 Bytes  JMP 8AEB51D8 

.text           a8p200u1.SYS                                                                                                        B8432386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text           a8p200u1.SYS                                                                                                        B84323AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text           a8p200u1.SYS                                                                                                        B84323C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}

.text           a8p200u1.SYS                                                                                                        B84323C9 1 Byte  [30]

.text           a8p200u1.SYS                                                                                                        B84323C9 11 Bytes  [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text           ...                                                                                                                 
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [B9EA8042] spea.sys

IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [B9EA813E] spea.sys

IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [B9EA80C0] spea.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [B9EA8800] spea.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [B9EA86D6] spea.sys

IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [B9EB7E9C] spea.sys

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C8D9E88

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfRaiseIrql]                                                      00001CA9

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfLowerIrql]                                                      0E798366

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!HalTranslateBusAddress]                                           8186C636

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8386C6

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C8E86

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CAA

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C

IAT             \SystemRoot\System32\Drivers\a8p200u1.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB19E
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                              8B1151F8

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8AEB11F8

Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8AEB11F8

Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8B1171F8

Device          \Driver\dmio \Device\DmControl\DmConfig                                                                             8B1171F8

Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8B1171F8

Device          \Driver\dmio \Device\DmControl\DmInfo                                                                               8B1171F8

Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    8AEB11F8

Device          \Driver\usbehci \Device\USBPDO-3                                                                                    8AEBD500

Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    8AEB11F8
 

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                           Lbd.sys (Boot Driver/Lavasoft AB)
 

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    8AEB11F8

Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    8AEB11F8

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8B18A1F8

Device          \Driver\usbehci \Device\USBPDO-7                                                                                    8AEBD500

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8B18A1F8

Device          \Driver\Cdrom \Device\CdRom0                                                                                        8AE641F8

Device          \Driver\Cdrom \Device\CdRom1                                                                                        8AE641F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [B9DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\PCI_PNP6778 \Device\0000003d                                                                                spea.sys

Device          \Driver\sptd \Device\3100154278                                                                                     spea.sys

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8A3941F8

Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    8A3941F8

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8AEB11F8

Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8AEB11F8

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   8A3861F8

Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    8AEB11F8

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         8A3861F8

Device          \Driver\usbehci \Device\USBFDO-3                                                                                    8AEBD500

Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    8AEB11F8

Device          \Driver\Ftdisk \Device\FtControl                                                                                    8B18A1F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{0779FD98-11CB-4589-B42A-3CE9891FBFEC}                                            8A3941F8

Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    8AEB11F8

Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    8AEB11F8

Device          \Driver\usbehci \Device\USBFDO-7                                                                                    8AEBD500

Device          \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0                                                              8B1161F8

Device          \Driver\a8p200u1 \Device\Scsi\a8p200u11Port5Path0Target0Lun0                                                        8ADC91F8

Device          \Driver\a8p200u1 \Device\Scsi\a8p200u11                                                                             8ADC91F8

Device          \Driver\JRAID \Device\Scsi\JRAID1                                                                                   8B1161F8

Device          \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target1Lun0                                                              8B1161F8

Device          \FileSystem\Cdfs \Cdfs                                                                                              8ADBE500
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x83 0x3C 0x5F 0x9D ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x4F 0xDA 0xA4 0x54 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xD4 0xBF 0x8C 0x1D ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x83 0x3C 0x5F 0x9D ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4F 0xDA 0xA4 0x54 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x39 0xB7 0xC1 0x4B ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x83 0x3C 0x5F 0x9D ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x4F 0xDA 0xA4 0x54 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xD4 0xBF 0x8C 0x1D ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Root repeal log:
Drivers:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:        2010/10/20 17:02

Program Version:        Version 1.3.5.0

Windows Version:        Windows XP SP3

==================================================
 

Drivers

-------------------

Name: aaquiu3r.SYS

Image Path: C:\WINDOWS\System32\Drivers\aaquiu3r.SYS

Address: 0xB8432000    Size: 229376    File Visible: -    Signed: -

Status: -
 

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xB9E5F000    Size: 188800    File Visible: -    Signed: -

Status: -
 

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -

Status: -
 

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xA5DA8000    Size: 138112    File Visible: -    Signed: -

Status: -
 

Name: atapi.sys

Image Path: atapi.sys

Address: 0xB9DF1000    Size: 98304    File Visible: -    Signed: -

Status: -
 

Name: atapi.sys

Image Path: atapi.sys

Address: 0x00000000    Size: 0    File Visible: -    Signed: -

Status: -
 

Name: ati2cqag.dll

Image Path: C:\WINDOWS\System32\ati2cqag.dll

Address: 0xBF06A000    Size: 577536    File Visible: -    Signed: -

Status: -
 

Name: ati2dvag.dll

Image Path: C:\WINDOWS\System32\ati2dvag.dll

Address: 0xBF019000    Size: 331776    File Visible: -    Signed: -

Status: -
 

Name: ati2mtag.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

Address: 0xB8501000    Size: 5455872    File Visible: -    Signed: -

Status: -
 

Name: ati3duag.dll

Image Path: C:\WINDOWS\System32\ati3duag.dll

Address: 0xBF1B4000    Size: 4120576    File Visible: -    Signed: -

Status: -
 

Name: atikvmag.dll

Image Path: C:\WINDOWS\System32\atikvmag.dll

Address: 0xBF0F7000    Size: 471040    File Visible: -    Signed: -

Status: -
 

Name: atiok3x2.dll

Image Path: C:\WINDOWS\System32\atiok3x2.dll

Address: 0xBF16A000    Size: 303104    File Visible: -    Signed: -

Status: -
 

Name: ativvaxx.dll

Image Path: C:\WINDOWS\System32\ativvaxx.dll

Address: 0xBF9C3000    Size: 2498560    File Visible: -    Signed: -

Status: -
 

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000    Size: 286720    File Visible: -    Signed: -

Status: -
 

Name: avgio.sys

Image Path: D:\Programme\Avira\AntiVir Desktop\avgio.sys

Address: 0xA224B000    Size: 6144    File Visible: -    Signed: -

Status: -
 

Name: avgntflt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys

Address: 0x9E1E5000    Size: 81920    File Visible: -    Signed: -

Status: -
 

Name: avipbb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys

Address: 0xA0E06000    Size: 114688    File Visible: -    Signed: -

Status: -
 

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xBA5C4000    Size: 4224    File Visible: -    Signed: -

Status: -
 

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xBA4B8000    Size: 12288    File Visible: -    Signed: -

Status: -
 

Name: camfilt2.sys

Image Path: C:\WINDOWS\system32\DRIVERS\camfilt2.sys

Address: 0xA040A000    Size: 94720    File Visible: -    Signed: -

Status: -
 

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xA1536000    Size: 63744    File Visible: -    Signed: -

Status: -
 

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xBA2F8000    Size: 62976    File Visible: -    Signed: -

Status: -
 

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xBA0F8000    Size: 53248    File Visible: -    Signed: -

Status: -
 

Name: disk.sys

Image Path: disk.sys

Address: 0xBA0E8000    Size: 36352    File Visible: -    Signed: -

Status: -
 

Name: dmio.sys

Image Path: dmio.sys

Address: 0xB9E09000    Size: 154112    File Visible: -    Signed: -

Status: -
 

Name: dmload.sys

Image Path: dmload.sys

Address: 0xBA5AC000    Size: 5888    File Visible: -    Signed: -

Status: -
 

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xBA1F8000    Size: 61440    File Visible: -    Signed: -

Status: -
 

Name: dump_diskdump.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys

Address: 0xA1AE8000    Size: 16384    File Visible: No    Signed: -

Status: -
 

Name: dump_JRAID.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_JRAID.sys

Address: 0xA1506000    Size: 45056    File Visible: No    Signed: -

Status: -
 

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xA109A000    Size: 12288    File Visible: -    Signed: -

Status: -
 

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000    Size: 73728    File Visible: -    Signed: -

Status: -
 

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xA10DE000    Size: 4096    File Visible: -    Signed: -

Status: -
 

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xBA448000    Size: 27392    File Visible: -    Signed: -

Status: -
 

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xA86B9000    Size: 44672    File Visible: -    Signed: -

Status: -
 

Name: flpydisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Address: 0xA8C12000    Size: 20480    File Visible: -    Signed: -

Status: -
 

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xB9DD1000    Size: 129792    File Visible: -    Signed: -

Status: -
 

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xBA5C2000    Size: 7936    File Visible: -    Signed: -

Status: -
 

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xB9E2F000    Size: 126336    File Visible: -    Signed: -

Status: -
 

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806E5000    Size: 134400    File Visible: -    Signed: -

Status: -
 

Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xB84C5000    Size: 163840    File Visible: -    Signed: -

Status: -
 

Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xA82D6000    Size: 36864    File Visible: -    Signed: -

Status: -
 

Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xA8BFA000    Size: 28672    File Visible: -    Signed: -

Status: -
 

Name: hidusb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xA8950000    Size: 10368    File Visible: -    Signed: -

Status: -
 

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0x9D493000    Size: 264832    File Visible: -    Signed: -

Status: -
 

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xBA168000    Size: 52992    File Visible: -    Signed: -

Status: -
 

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xBA2E8000    Size: 42112    File Visible: -    Signed: -

Status: -
 

Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xBA2D8000    Size: 40448    File Visible: -    Signed: -

Status: -
 

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xA5DCA000    Size: 152832    File Visible: -    Signed: -

Status: -
 

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xA5EDE000    Size: 75264    File Visible: -    Signed: -

Status: -
 

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xBA0A8000    Size: 37632    File Visible: -    Signed: -

Status: -
 

Name: JGOGO.sys

Image Path: JGOGO.sys

Address: 0xBA5AE000    Size: 6912    File Visible: -    Signed: -

Status: -
 

Name: jraid.sys

Image Path: jraid.sys

Address: 0xBA0D8000    Size: 44928    File Visible: -    Signed: -

Status: -
 

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xBA450000    Size: 25216    File Visible: -    Signed: -

Status: -
 

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xBA5A8000    Size: 8192    File Visible: -    Signed: -

Status: -
 

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xB847E000    Size: 143360    File Visible: -    Signed: -

Status: -
 

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xB9DA8000    Size: 92288    File Visible: -    Signed: -

Status: -
 

Name: Lbd.sys

Image Path: Lbd.sys

Address: 0xBA108000    Size: 57600    File Visible: -    Signed: -

Status: -
 

Name: LGDispDrv.dll

Image Path: C:\WINDOWS\System32\LGDispDrv.dll

Address: 0xBF012000    Size: 28672    File Visible: -    Signed: -

Status: -
 

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xBA5C6000    Size: 4224    File Visible: -    Signed: -

Status: -
 

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xBA3A0000    Size: 23552    File Visible: -    Signed: -

Status: -
 

Name: mouhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xA898E000    Size: 12288    File Visible: -    Signed: -

Status: -
 

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xBA0B8000    Size: 42368    File Visible: -    Signed: -

Status: -
 

Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0x9E0C8000    Size: 180608    File Visible: -    Signed: -

Status: -
 

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xA5D0D000    Size: 456576    File Visible: -    Signed: -

Status: -
 

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xA9156000    Size: 19072    File Visible: -    Signed: -

Status: -
 

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xB8AA5000    Size: 35072    File Visible: -    Signed: -

Status: -
 

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xBA56C000    Size: 15488    File Visible: -    Signed: -

Status: -
 

Name: Mup.sys

Image Path: Mup.sys

Address: 0xB9CD4000    Size: 105344    File Visible: -    Signed: -

Status: -
 

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xB9CEE000    Size: 182656    File Visible: -    Signed: -

Status: -
 

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xB963F000    Size: 10112    File Visible: -    Signed: -

Status: -
 

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xA22B7000    Size: 14592    File Visible: -    Signed: -

Status: -
 

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xB841B000    Size: 91520    File Visible: -    Signed: -

Status: -
 

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xBA1E8000    Size: 40576    File Visible: -    Signed: -

Status: -
 

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xA86C9000    Size: 34688    File Visible: -    Signed: -

Status: -
 

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xA5DF0000    Size: 162816    File Visible: -    Signed: -

Status: -
 

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xA88F3000    Size: 30848    File Visible: -    Signed: -

Status: -
 

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xB9D1B000    Size: 574976    File Visible: -    Signed: -

Status: -
 

Name: ntkrnlpa.exe

Image Path: C:\WINDOWS\system32\ntkrnlpa.exe

Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -

Status: -
 

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xA8250000    Size: 2944    File Visible: -    Signed: -

Status: -
 

Name: parport.sys

Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys

Address: 0xB846A000    Size: 80384    File Visible: -    Signed: -

Status: -
 

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xBA330000    Size: 19712    File Visible: -    Signed: -

Status: -
 

Name: ParVdm.SYS

Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS

Address: 0xA2241000    Size: 7040    File Visible: -    Signed: -

Status: -
 

Name: pci.sys

Image Path: pci.sys

Address: 0xB9E4E000    Size: 68224    File Visible: -    Signed: -

Status: -
 

Name: PCI_PNP0042

Image Path: \Driver\PCI_PNP0042

Address: 0x00000000    Size: 0    File Visible: No    Signed: -

Status: -
 

Name: pciide.sys

Image Path: pciide.sys

Address: 0xBA670000    Size: 3328    File Visible: -    Signed: -

Status: -
 

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xBA328000    Size: 28672    File Visible: -    Signed: -

Status: -
 

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -

Status: -
 

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xAAF8F000    Size: 147456    File Visible: -    Signed: -

Status: -
 

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xB840A000    Size: 69120    File Visible: -    Signed: -

Status: -
 

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xBA3C8000    Size: 17792    File Visible: -    Signed: -

Status: -
 

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xBA118000    Size: 35712    File Visible: -    Signed: -

Status: -
 

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xA898A000    Size: 8832    File Visible: -    Signed: -

Status: -
 

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xBA178000    Size: 51328    File Visible: -    Signed: -

Status: -
 

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xBA188000    Size: 41472    File Visible: -    Signed: -

Status: -
 

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xB8AB5000    Size: 48384    File Visible: -    Signed: -

Status: -
 

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xBA3D8000    Size: 16512    File Visible: -    Signed: -

Status: -
 

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -

Status: -
 

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xA5D7D000    Size: 175744    File Visible: -    Signed: -

Status: -
 

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xBA5C8000    Size: 4224    File Visible: -    Signed: -

Status: -
 

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xB82B7000    Size: 196224    File Visible: -    Signed: -

Status: -
 

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xBA308000    Size: 57728    File Visible: -    Signed: -

Status: -
 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0x9D57F000    Size: 49152    File Visible: No    Signed: -

Status: -
 

Name: RtkHDAud.sys

Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys

Address: 0xAAFB3000    Size: 4919296    File Visible: -    Signed: -

Status: -
 

Name: RTL8139.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

Address: 0xBA440000    Size: 20992    File Visible: -    Signed: -

Status: -
 

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS

Address: 0xB9E8E000    Size: 98304    File Visible: -    Signed: -

Status: -
 

Name: serenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys

Address: 0xBA55C000    Size: 15744    File Visible: -    Signed: -

Status: -
 

Name: serial.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys

Address: 0xBA158000    Size: 65536    File Visible: -    Signed: -

Status: -
 

Name: snpstd3.sys

Image Path: C:\WINDOWS\system32\DRIVERS\snpstd3.sys

Address: 0xA0422000    Size: 10371072    File Visible: -    Signed: -

Status: -
 

Name: spry.sys

Image Path: spry.sys

Address: 0xB9EA6000    Size: 1052672    File Visible: No    Signed: -

Status: -
 

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000    Size: 0    File Visible: No    Signed: -

Status: -
 

Name: sr.sys

Image Path: sr.sys

Address: 0xB9DBF000    Size: 73472    File Visible: -    Signed: -

Status: -
 

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0x9DDB9000    Size: 334848    File Visible: -    Signed: -

Status: -
 

Name: ssmdrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

Address: 0xA88EB000    Size: 23040    File Visible: -    Signed: -

Status: -
 

Name: STREAM.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS

Address: 0xA1526000    Size: 53248    File Visible: -    Signed: -

Status: -
 

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xBA5F2000    Size: 4352    File Visible: -    Signed: -

Status: -
 

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xA940A000    Size: 60800    File Visible: -    Signed: -

Status: -
 

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xA5E18000    Size: 361344    File Visible: -    Signed: -

Status: -
 

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xBA340000    Size: 20480    File Visible: -    Signed: -

Status: -
 

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xB8A75000    Size: 40704    File Visible: -    Signed: -

Status: -
 

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xB8259000    Size: 384768    File Visible: -    Signed: -

Status: -
 

Name: usbaudio.sys

Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys

Address: 0xA1516000    Size: 60032    File Visible: -    Signed: -

Status: -
 

Name: usbccgp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xA1675000    Size: 32128    File Visible: -    Signed: -

Status: -
 

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xBA5FE000    Size: 8192    File Visible: -    Signed: -

Status: -
 

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xBA438000    Size: 30208    File Visible: -    Signed: -

Status: -
 

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xB81D1000    Size: 59520    File Visible: -    Signed: -

Status: -
 

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xB84A1000    Size: 147456    File Visible: -    Signed: -

Status: -
 

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xBA430000    Size: 20608    File Visible: -    Signed: -

Status: -
 

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xA915E000    Size: 20992    File Visible: -    Signed: -

Status: -
 

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xB84ED000    Size: 81920    File Visible: -    Signed: -

Status: -
 

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xBA0C8000    Size: 53760    File Visible: -    Signed: -

Status: -
 

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xA86D9000    Size: 34560    File Visible: -    Signed: -

Status: -
 

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xA1665000    Size: 20480    File Visible: -    Signed: -

Status: -
 

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0x9E08B000    Size: 83072    File Visible: -    Signed: -

Status: -
 

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000    Size: 1847296    File Visible: -    Signed: -

Status: -
 

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000    Size: 1847296    File Visible: -    Signed: -

Status: -
 

Name: WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS

Address: 0xBA5AA000    Size: 8192    File Visible: -    Signed: -

Status: -
 

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -

Status: -

Stealth Objects:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:        2010/10/20 17:02

Program Version:        Version 1.3.5.0

Windows Version:        Windows XP SP3

==================================================
 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System    Address: 0x8b1151f8    Size: 121
 

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_CREATE]

Process: System    Address: 0x8ade31f8    Size: 121
 

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_CLOSE]

Process: System    Address: 0x8ade31f8    Size: 121
 

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8ade31f8    Size: 121
 

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8ade31f8    Size: 121
 

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_POWER]

Process: System    Address: 0x8ade31f8    Size: 121
 

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8ade31f8    Size: 121
 

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_PNP]

Process: System    Address: 0x8ade31f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System    Address: 0x8ae8b1f8    Size: 121
 

Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE]

Process: System    Address: 0x8b1161f8    Size: 121
 

Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE]

Process: System    Address: 0x8b1161f8    Size: 121
 

Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8b1161f8    Size: 121
 

Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8b1161f8    Size: 121
 

Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER]

Process: System    Address: 0x8b1161f8    Size: 121
 

Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8b1161f8    Size: 121
 

Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP]

Process: System    Address: 0x8b1161f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]

Process: System    Address: 0x8b1171f8    Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System    Address: 0x8aedc1f8    Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System    Address: 0x8aedc1f8    Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8aedc1f8    Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8aedc1f8    Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System    Address: 0x8aedc1f8    Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8aedc1f8    Size: 121
 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System    Address: 0x8aedc1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System    Address: 0x8b18a1f8    Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System    Address: 0x8a39f1f8    Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System    Address: 0x8a39f1f8    Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8a39f1f8    Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8a39f1f8    Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System    Address: 0x8a39f1f8    Size: 121
 

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System    Address: 0x8a39f1f8    Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System    Address: 0x8aea7500    Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System    Address: 0x8aea7500    Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8aea7500    Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8aea7500    Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System    Address: 0x8aea7500    Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8aea7500    Size: 121
 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System    Address: 0x8aea7500    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System    Address: 0x8a3941f8    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CREATE]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CLOSE]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_READ]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_QUERY_INFORMATION]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_SET_INFORMATION]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_DIRECTORY_CONTROL]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_DEVICE_CONTROL]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_SHUTDOWN]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_LOCK_CONTROL]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CLEANUP]

Process: System    Address: 0x8adc8500    Size: 121
 

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_PNP]

Process: System    Address: 0x8adc8500    Size: 121

Hidden Services:

Code:

ROOTREPEAL (c) AD, 2007-2009

==================================================

Scan Start Time:        2010/10/20 17:03

Program Version:        Version 1.3.5.0

Windows Version:        Windows XP SP3

==================================================
 

Hidden Services

-------------------

→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
→ Tipps für die Suche nach Dateien

Code:

C:\fheydbueyj.exe

C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe

→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:

Code:

Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)

Antivirus        Version        letzte aktualisierung        Ergebnis

a-squared        4.0.0.73        2009.01.28        -

AhnLab-V3        5.0.0.2        2009.01.28        -

AntiVir        7.9.0.60        2009.01.28        -

Authentium        5.1.0.4        2009.01.27        -
 

...über 40 Virenscannern...also Geduld!!

Hallo,
die Suche nach der Datei C:\fheydbueyj.exe ergab folgendes:
http://www.image-load.net/page.php?t...5f4244aaf10dc0

Code:

 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

config.bin

Submission date:

2010-10-21 11:43:25 (UTC)

Current status:

queued (#1) queued (#1) analysing finished

Result:

0/ 43 (0.0%)

    

VT Community
 

not reviewed

 Safety score: - 

Compact

Print results

Antivirus     Version     Last Update     Result

AhnLab-V3    2010.10.21.02    2010.10.21    -

AntiVir    7.10.13.13    2010.10.21    -

Antiy-AVL    2.0.3.7    2010.10.21    -

Authentium    5.2.0.5    2010.10.21    -

Avast    4.8.1351.0    2010.10.21    -

Avast5    5.0.594.0    2010.10.21    -

AVG    9.0.0.851    2010.10.21    -

BitDefender    7.2    2010.10.21    -

CAT-QuickHeal    11.00    2010.10.21    -

ClamAV    0.96.2.0-git    2010.10.21    -

Comodo    6463    2010.10.21    -

DrWeb    5.0.2.03300    2010.10.21    -

Emsisoft    5.0.0.50    2010.10.21    -

eSafe    7.0.17.0    2010.10.20    -

eTrust-Vet    36.1.7924    2010.10.21    -

F-Prot    4.6.2.117    2010.10.20    -

F-Secure    9.0.16160.0    2010.10.21    -

Fortinet    4.2.249.0    2010.10.21    -

GData    21    2010.10.21    -

Ikarus    T3.1.1.90.0    2010.10.21    -

Jiangmin    13.0.900    2010.10.21    -

K7AntiVirus    9.66.2798    2010.10.20    -

Kaspersky    7.0.0.125    2010.10.21    -

McAfee    5.400.0.1158    2010.10.21    -

McAfee-GW-Edition    2010.1C    2010.10.21    -

Microsoft    1.6301    2010.10.21    -

NOD32    5550    2010.10.21    -

Norman    6.06.10    2010.10.21    -

nProtect    2010-10-21.01    2010.10.21    -

Panda    10.0.2.7    2010.10.21    -

PCTools    7.0.3.5    2010.10.21    -

Prevx    3.0    2010.10.21    -

Rising    22.70.02.05    2010.10.21    -

Sophos    4.58.0    2010.10.21    -

Sunbelt    7109    2010.10.21    -

SUPERAntiSpyware    4.40.0.1006    2010.10.21    -

Symantec    20101.2.0.161    2010.10.21    -

TheHacker    6.7.0.1.063    2010.10.20    -

TrendMicro    9.120.0.1004    2010.10.21    -

TrendMicro-HouseCall    9.120.0.1004    2010.10.21    -

VBA32    3.12.14.1    2010.10.21    -

ViRobot    2010.10.21.4104    2010.10.21    -

VirusBuster    12.69.9.0    2010.10.20    -

Additional information

Show all

MD5   : cf8424d9769581c43ca09f32ecadba5a

SHA1  : 59abde0f2b08463e5064edeaca5d9855469b7d4c

SHA256: 3301ddda2b6178f599fa380ead9ab82e283badb9436e3910de3a3d4036bc6de3

ssdeep: 3072:/XP+TFpo9Pi+K57mNN+q5Vb9yp7gkzoqLWt:+Fp6PGaR5VbK8rqLO

File size : 124556 bytes

First seen: 2010-10-15 12:47:00

Last seen : 2010-10-21 11:43:25

TrID:

Unknown!

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned
 

VT Community

Die Suche nach der Datei unter folgendem Pfad C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe
ergab keine Ergebnisse. ...aber ich glaube die wurde schonmal von Antivir entdeckt und gelöscht. Oder ist sie noch da?

Danke erstmal für die schnelle Reaktion!
:dankeschoen:

versteckte Datein sichtbar machen...ja hab ich gemacht wie im Punkt 2. beschrieben war.
Ich hab ja die Datei mit dem CCleaner deaktiviert, kann das sein das die dadurch gelöscht ist?

1.
einfach löschen, danach den Papierkorb leeren:

Code:

C:\fheydbueyj.exe

C:\WINDOWS\system32\lowsec

2.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

4.
Lösche unter C:\rsit die log.txt und info.txt
Doppelklick auf die RSIT.exe
Poste beide Logfiles.

Hallo,
sorry das es so lange gedauert hat.
Also die Suche ergab folgendes:

info.txt
[CODE]info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.08 2010-10-28 16:50:22
 

======Uninstall list======
 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

3GP Media Player 1.0-->"D:\Programme\3GP Media Player\unins000.exe"

ACDSee Pro 2.5-->MsiExec.exe /I{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}

Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}

ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Avira AntiVir Personal - Free Antivirus-->D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE

Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}

CCleaner-->"D:\Programme\CCleaner\uninst.exe"

DivX Plus Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Easy Graphic Converter 1.2-->"D:\Easy Graphic Converter\unins000.exe"

Enterprise Dynamics Developer 8.0.0 1617-->"D:\Programme\Enterprise Dynamics 8 Developer\uninstall.exe"

forteManager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x7  -removeonly

Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x7  -removeonly

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Graphviz-->MsiExec.exe /I{F5345C76-AC35-4EDA-8406-1346DE9BFDFA}

Hercules Deluxe Optical Glass-->C:\Programme\InstallShield Installation Information\{56298F72-C2CC-4FE5-ACEA-30C7A866BF4C}\setup.exe -runfromtemp -l0x0007 -removeonly

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2-->"D:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall

ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

JDownloader-->D:\Programme\JDownloader\uninstall.exe

*********************

Macromedia Extension Manager-->MsiExec.exe /I{0F022A2E-7022-497D-90A5-0F46746D8275}

Malwarebytes' Anti-Malware-->"D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE}

********

********

********

mIRC-->"D:\Programme\Xperience-Irc\mirc.exe" -uninstall

Mozilla Firefox (3.6.11)-->D:\Programme\Mozilla Firefox\uninstall\helper.exe

MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}

Mumble and Murmur-->D:\Programme\Mumble\Uninstall.exe

Nimo Codecs Pack v5.0 (Remove Only)-->"C:\Programme\NimoCodec Pack\uninstall.exe"

PDF24 Creator-->"D:\Programme\pdf24\unins000.exe"

PDF-XChange 3-->"C:\Programme\Mindjet\MindManager 8\PDF-XChange\unins000.exe"

Prism Video Converter-->C:\Programme\NCH Software\Prism\uninst.exe

************************

PunkBuster Services-->C:\WINDOWS\system32\pbsvc_heroes.exe -u

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7  -removeonly

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0007 -removeonly

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709

Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Spybot - Search & Destroy-->"D:\Programme\Spybot - Search & Destroy\unins000.exe"

taraVRbuilder 8.0 Demo-->MsiExec.exe /X{675BF0A6-E6E6-4316-8EC8-E88E592E46C4}

TeamSpeak 2 RC2-->D:\Programme\Teamspeak2_RC2\unins000.exe

UnderCoverXP 1.22-->"C:\Programme\UnderCoverXP\unins000.exe"

Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"

VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}

Veetle TV 0.9.18-->D:\Programme\Veetle\UninstallVeetleTV.exe

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

VLC media player 1.0.3-->D:\Programme\VideoLAN\VLC\uninstall.exe

Winamp-->"D:\Programme\Winamp\UninstWA.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR-->D:\Programme\WinRAR\uninstall.exe

xp-AntiSpy 3.97-->C:\Programme\xp-AntiSpy\Uninstall.exe
 

======Hosts File======
 

127.0.0.1        www.007guard.com

127.0.0.1        007guard.com

127.0.0.1        008i.com

127.0.0.1        www.008k.com

127.0.0.1        008k.com

127.0.0.1        www.00hq.com

127.0.0.1        00hq.com

127.0.0.1        010402.com

127.0.0.1        www.032439.com

127.0.0.1        032439.com
 

Securitycenter WMI appears to be broken
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\Graphviz2.22\bin;D:\Programme\proeWildfire 4.0\bin

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=1706

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP
 

-----------------EOF-----------------

--- --- ---

log.txt
RSIT Logfile:

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Administrator at 2010-10-28 16:50:09

WIN_XP Service Pack 3

System drive C: has 312 MB (4%) free of 7 GB

Total RAM: 3582 MB (82% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:50:21, on 28.10.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Programme\Avira\AntiVir Desktop\sched.exe

D:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

C:\Dokumente und Einstellungen\Administrator\Desktop\logs\RSIT.exe

C:\Programme\trend micro\Administrator.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1085031214-73586283-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
 

--

End of file - 6206 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]

"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"SpybotSD TeaTimer"=D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

C:\WINDOWS\system32\JMRaidSetup.exe [2007-02-06 1953792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceDeluxe2]

D:\Programme\Hercules\Deluxe Optical Glass\Camservice.exe [2007-08-10 81920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fheydbueyj.exe]

C:\fheydbueyj.exe\fheydbueyj.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Programme\Java\jre6\bin\jusched.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YVIBBBHA8C]

C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.lnk]

C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-12-12 1687552]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]

D:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoRecentDocsNetHood"=1
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Programme\ICQ6\ICQ.exe"="D:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library"

"D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe"="D:\SIERRA\Steam\steamapps\cagiva82\counter-strike source\hl2.exe:*:Enabled:hl2"

"D:\Programme\SFT Loader\leecher.exe"="D:\Programme\SFT Loader\leecher.exe:*:Enabled:leecher"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"D:\SIERRA\Steam\steamapps\master.nito@gmx.de\counter-strike\hl.exe"="D:\SIERRA\Steam\steamapps\master.nito@gmx.de\counter-strike\hl.exe:*:Enabled:Counter-Strike"

"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
 

======File associations======
 

.js - edit - "D:\Programme\*********" "%1"
 

======List of files/folders created in the last 1 months======
 

2010-10-22 15:31:19 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2010-10-22 15:31:11 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-10-22 15:31:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-10-22 15:31:07 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2010-10-22 15:30:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

2010-10-22 15:30:16 ----D---- C:\Programme\Gemeinsame Dateien\Java

2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\javaws.exe

2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\javaw.exe

2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\java.exe

2010-10-22 15:30:06 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-10-18 20:04:36 ----D---- C:\Programme\trend micro

2010-10-18 20:04:35 ----D---- C:\rsit

2010-10-15 22:33:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech
 

======List of files/folders modified in the last 1 months======
 

2010-10-28 16:50:17 ----D---- C:\WINDOWS\Prefetch

2010-10-28 16:12:04 ----SD---- C:\WINDOWS\Tasks

2010-10-28 16:10:26 ----D---- C:\WINDOWS\Temp

2010-10-28 16:10:22 ----D---- C:\WINDOWS\system32\CatRoot2

2010-10-28 16:09:20 ----D---- C:\WINDOWS\system32\drivers

2010-10-28 16:09:20 ----D---- C:\WINDOWS\system32

2010-10-28 16:08:46 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-10-28 02:16:00 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ

2010-10-28 01:52:22 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc

2010-10-28 01:41:30 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype

2010-10-25 00:37:52 ----D---- C:\WINDOWS

2010-10-24 01:31:00 ----SHD---- C:\WINDOWS\Installer

2010-10-22 15:30:17 ----SHD---- C:\Config.Msi

2010-10-22 15:30:16 ----D---- C:\Programme\Gemeinsame Dateien

2010-10-22 15:30:04 ----D---- C:\Programme\Java

2010-10-19 12:09:52 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft

2010-10-19 12:08:36 ----D---- C:\Programme\NCH Software

2010-10-19 12:08:01 ----RD---- C:\Programme

2010-10-19 11:50:53 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LumaPix

2010-10-18 20:06:42 ----D---- C:\Programme\Lavasoft

2010-10-16 21:23:26 ----D---- C:\WINDOWS\security

2010-10-16 21:17:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 JGOGO;JMicron Hot-Plug Driver; C:\WINDOWS\system32\DRIVERS\JGOGO.sys [2006-02-07 6912]

R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-02-16 44928]

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-06-11 64288]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-04-28 721904]

R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S0 fupkkzul;fupkkzul; C:\WINDOWS\system32\drivers\fupkkzul.sys []

S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S3 aosbizcf;aosbizcf; C:\WINDOWS\system32\drivers\aosbizcf.sys []

S3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]

S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]

S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys []

S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 SNPSTD3;Hercules Deluxe Optical Glass; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]

S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]

S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]

R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-09-15 153376]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-03-04 75064]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]

S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe /svc []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office  Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-11-11 38912]
 

-----------------EOF-----------------

--- --- ---

und vom scan die logdatei:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 4974
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

28.10.2010 16:05:27

mbam-log-2010-10-28 (16-05-27).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)

Durchsuchte Objekte: 357242

Laufzeit: 1 Stunde(n), 38 Minute(n), 41 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 5

Infizierte Registrierungswerte: 2

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 7
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> No action taken.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\0.40163477446917484.exe (Spyware.Passwords.XGen) -> No action taken.

D:\Programme\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.

D:\Programme\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.

D:\Programme\Anti-Leech\ALNN\alhlp.exe (Trojan.AntiLeechPlugin) -> No action taken.

D:\Programme\Anti-Leech\ALNN\npalnn.dll (Trojan.AntiLeechPlugin) -> No action taken.

D:\Programme\Anti-Leech\ALNN\setup2.exe (Rogue.Installer) -> No action taken.

D:\Programme\Aoe2\sxuninst.exe (Backdoor.Bot) -> No action taken.

Danke für deine Hilfe!

Systemreinigung und Prüfung:

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/ADMINI~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

oder - So bekommst du den Eintrag weg: Start => Systemsteuerung => Anzeige => Desktop => Desktop anpassen => den Reiter Web wählen => hier siehst Du nun eine Liste der Active Desktop Komponenten => selektiere die Komponente, die Du entfernen willst => rechts dann auf löschen klicken => OK => Fenster schließen => übernehmen => OK"

2.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...
danach deinstalliere:
`Systemsteuerung → Software → Ändern/Entfernen...`

Code:

Java(TM) 6 Update 11

3.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

4.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!

`Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
`Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
für jedes Benutzerkonto bitte durchführen
anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
→ Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
→ Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
→ Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.
Achtung!:
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ Internetoptionen→ Sicherheit":
→ alles auf Standardstufe stellen
→ Active X erlauben - damit die neue Virendefinitionen installiert werden können

** Hat Dein Rechner noch Probleme?