RSIT Log bitte prüfen auf Trojaner!

#0
21.08.2009, 10:50
Member

Beiträge: 15
#1 Hallo,
habe mir durch das Internet irgendwie Viren und Trojaner eingefangen. Dies fängt damit an das sich die Oberfläche von Microsoft Outlook verändert hat. Außerdem gelange ich bei Google mit Surfen des Firefox auf diverse Internetseiten wie DiskDoctor usw.
Hijackthis und MBAM liesen sich leider nicht installieren.
Von daher konnte ich nur eine Log mit RSIT machen.

Vielen Dank schon mal für eure Unterstützung.

Zitat

Logfile of random's system information tool 1.06 (written by random/random)
Run by R�hle at 2009-08-20 22:18:20
Microsoft Windows XP Professional Service Pack 2
System drive C: has 832 MB (-9223372036854775807%) free of 21 GB
Total RAM: 3071 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:26, on 20.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHa ndler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ICQ6.5\ICQ.exe
P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe
P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.e xe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
P:\Programme\Sonstige\BlueSoleil\BTNtService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe
P:\Programme\Internet\Advanced VPN Client\ncprwsnt.exe
P:\Programme\Internet\Advanced VPN Client\ncpsec.exe
C:\WINDOWS\system32\nvsvc32.exe
P:\Programme\Internet\Advanced VPN Client\rwsrsu.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
P:\Programme\Office\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\R�hle\Desktop\RSIT.exe
P:\Programme\Sicherheit\HijackThis\R�hle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Programme\Office\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - P:\Programme\Internet\robocom\roboform.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.e xe
O8 - Extra context menu item: Ausgew�hlte Verkn�pfungen in Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgew�hlte Verkn�pfungen in vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzuf�gen - res://P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://P:\PROGRA~1\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausf�llen - file://P:\Programme\Internet\robocom\RoboFormComFillForms .html
O8 - Extra context menu item: RF - Formular speichern - file://P:\Programme\Internet\robocom\RoboFormComSavePass. html
O8 - Extra context menu item: RF - Men� anpassen - file://P:\Programme\Internet\robocom\RoboFormComCustomize IEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://P:\Programme\Internet\robocom\RoboFormComShowToolb ar.html
O8 - Extra context menu item: Verkn�pfungsziel in Adobe PDF konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verkn�pfungsziel in vorhandene PDF-Datei konvertieren - res://P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Ausf�llen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://P:\Programme\Internet\robocom\RoboFormComFillForms .html
O9 - Extra 'Tools' menuitem: RF - Formular ausf�llen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://P:\Programme\Internet\robocom\RoboFormComFillForms .html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://P:\Programme\Internet\robocom\RoboFormComSavePass. html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://P:\Programme\Internet\robocom\RoboFormComSavePass. html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://P:\Programme\Internet\robocom\RoboFormComShowToolb ar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://P:\Programme\Internet\robocom\RoboFormComShowToolb ar.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intelligenter Hintergrund�bertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - P:\Programme\Sonstige\BlueSoleil\BTNtService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c9891622ea6ae6) (gupdate1c9891622ea6ae6) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - P:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ncpclcfg - Unknown owner - P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - P:\Programme\Internet\Advanced VPN Client\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - P:\Programme\Internet\Advanced VPN Client\ncpsec.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - P:\Programme\Internet\Advanced VPN Client\rwsrsu.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11664 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - P:\Programme\Office\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Programme\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-07-17 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Programme\pdfforge Toolbar\SearchSettings.dll [2009-05-04 1114112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - P:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - P:\Programme\Internet\robocom\roboform.dll [2006-04-02 4666424]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll [2009-05-04 650752]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - P:\Programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"nwiz"=nwiz.exe /install []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.d ll [2009-02-09 86016]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart
Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe
BlueSoleil.lnk - P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe
Logitech Desktop Messenger.lnk - P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
Logitech SetPoint.lnk - P:\Programme\Sonstige\Logitech\SetPoint\SetPoint.e xe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=43010000
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\emule.exe"="P:\Programme\Internet\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\eMule0.46c-ionix-4.33-uni-bin\emule.exe:*:Enabled:eMule iONiX Mod"
"G:\Programme\GameSpy Arcade\Aphex.exe"="G:\Programme\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"G:\Programme\EA GAMES\Need for Speed Underground 2\SPEED2.EXE"="G:\Programme\EA GAMES\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2"
"G:\Programme\Electronic Arts\Need for Speed Carbon\NFSC.exe"="G:\Programme\Electronic Arts\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC"
"P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe"= "P:\Programme\Sonstige\BlueSoleil\BlueSoleil.exe:* :Enabled:BlueSoleil"
"C:\Programme\Java\jre1.5.0_10\bin\javaw.exe"="C:\ Programme\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled :Java(TM) 2 Platform Standard Edition binary"
"P:\Programme\Internet\Azureus\Azureus.exe"="P:\Pr ogramme\Internet\Azureus\Azureus.exe:*:Enabled:Azu reus"
"P:\Programme\Video\VideoLAN\vlc.exe"="P:\Programm e\Video\VideoLAN\vlc.exe:*:Enabled:VLC media player"
"P:\utorrent161.exe"="P:\utorrent161.exe:*:Enabled :�Torrent"
"P:\Programme\Hardware\WMU-6500FS\Configure.exe"="P:\Programme\Hardware\WMU-6500FS\Configure.exe:*:Enabled:Configure"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\ITscope MarketViewer 2.0\jre\bin\javaw.exe"="C:\Programme\ITscope MarketViewer 2.0\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre1.6.0_03\bin\javaw.exe"="C:\ Programme\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled :Java(TM) Platform SE binary"
"P:\Programme\Internet\Advanced VPN Client\NCPMON.exe"="P:\Programme\Internet\Advanced VPN Client\NCPMON.exe:*:Enabled:ncpmon.exe"
"C:\Programme\Java\jre1.6.0_05\bin\javaw.exe"="C:\ Programme\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled :Java(TM) Platform SE binary"
"G:\Programme\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe"="G:\Programme\Empire Interactive\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage"
"C:\Programme\Java\jre1.6.0_07\bin\javaw.exe"="C:\ Programme\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled :Java(TM) Platform SE binary"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer"
"C:\Programme\Java\jre6\bin\javaw.exe"="C:\Program me\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe"="P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:*:Enabled:Logitech Desktop Messenger"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme \Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5 \ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe"="P:\Programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe:*:Enabled:Logitech Desktop Messenger"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f97c1d28-02b7-11de-8145-806d6172696f}]
shell\AutoRun\command - D:\setup.exe

======List of files/folders created in the last 1 months======

2009-08-11 08:35:01 ----D---- C:\Programme\ICQ6.5
2009-08-03 22:19:44 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-08-03 22:19:42 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-08-03 22:19:39 ----D---- C:\Dokumente und Einstellungen\R�hle\Anwendungsdaten\TuneUp Software
2009-08-03 22:19:39 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-08-03 22:19:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2009-08-03 22:17:38 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}

======List of files/folders modified in the last 1 months======

2009-08-20 22:08:40 ----D---- C:\Programme\Mozilla Firefox
2009-08-20 21:47:59 ----D---- C:\WINDOWS\system32
2009-08-20 21:47:33 ----D---- C:\WINDOWS\Temp
2009-08-20 21:45:28 ----SHD---- C:\WINDOWS\CSC
2009-08-20 21:42:59 ----D---- C:\WINDOWS\system32\drivers
2009-08-20 21:42:44 ----D---- C:\WINDOWS
2009-08-20 21:32:46 ----D---- C:\WINDOWS\Prefetch
2009-08-20 14:40:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 01:08:14 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-08-13 22:09:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-11 08:35:01 ----RD---- C:\Programme
2009-08-07 17:17:36 ----SD---- C:\WINDOWS\Tasks
2009-08-06 20:22:33 ----D---- C:\Dokumente und Einstellungen\R�hle\Anwendungsdaten\pdfforge
2009-08-06 15:21:02 ----D---- C:\Dokumente und Einstellungen\R�hle\Anwendungsdaten\ZoomBrowser EX
2009-08-06 15:18:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZoomBrowser
2009-08-05 23:08:15 ----D---- C:\Dokumente und Einstellungen\R�hle\Anwendungsdaten\Adobe
2009-08-03 22:19:50 ----SHD---- C:\WINDOWS\Installer
2009-08-03 22:19:50 ----SHD---- C:\Config.Msi
2009-08-03 22:19:46 ----D---- C:\WINDOWS\system32\config
2009-08-03 22:02:02 ----D---- C:\WINDOWS\Minidump
2009-08-03 22:02:02 ----D---- C:\WINDOWS\Debug
2009-08-03 21:12:22 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2009-08-03 21:12:05 ----AC---- C:\WINDOWS\QIII.INI
2009-08-03 21:08:37 ----RSD---- C:\WINDOWS\Fonts
2009-08-02 11:23:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-02 11:22:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-21 23:56:23 ----D---- C:\Programme\NCH Swift Sound
2009-07-21 23:56:22 ----D---- C:\Dokumente und Einstellungen\R�hle\Anwendungsdaten\NCH Swift Sound
2009-07-21 21:10:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; \??\C:\WINDOWS\system32\drivers\AsIO.sys []
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2005-02-13 4484]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTictwl.sys [2004-10-11 12062]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterst�tzungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-07-17 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-19 278728]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-19 25416]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-07-17 88448]
R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-07-17 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-07-17 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2006-07-17 60800]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-29 11988]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-05-24 446020]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-07-17 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 ncplentp;LANCOM Secure Client Adapter Driver; C:\WINDOWS\system32\DRIVERS\ncplentp.sys [2007-05-03 73408]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2006-07-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-07-17 5888]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-07-17 31616]
R3 usbehci;Miniporttreiber f�r erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-07-17 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-07-17 57600]
R3 usbohci;Miniporttreiber f�r Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-07-17 17024]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-07-17 26496]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2005-07-29 11736]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-08-19 189568]
S2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
S2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\zntport.sys []
S3 61883;61883-Einheitsger�t; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC-Ger�t; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-07-29 23000]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DSDrv4;DSDrv4; \??\P:\PROGRA~1\TV-Karte\DScaler\DSDrv4.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FTDIBUS;SEMC DSS SyncStation Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2005-12-19 19153]
S3 FTLUND;Lundinova Filter Driver; C:\WINDOWS\system32\drivers\ftlund.sys [2005-12-19 6828]
S3 FTSER2K;SEMC DSS SyncStation Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2005-12-19 50396]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-02-08 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-02-08 24616]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2006-07-17 15360]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-07-17 10880]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 phil2vid;Philips VGA-Kamera (USB); C:\WINDOWS\system32\DRIVERS\philcam2.sys [2001-08-17 173696]
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-07-17 11136]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-07-17 15360]
S3 ttBudget2;TechnoTrend BDA/DVB (BDA); C:\WINDOWS\system32\drivers\ttBudget2.sys [2008-07-07 455296]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; P:\Programme\Sonstige\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-03 152984]
R2 ncpclcfg;ncpclcfg; P:\Programme\Internet\Advanced VPN Client\ncpclcfg.exe [2007-04-05 77824]
R2 ncprwsnt;ncprwsnt; P:\Programme\Internet\Advanced VPN Client\ncprwsnt.exe [2007-06-11 1019904]
R2 NcpSec;NcpSec; P:\Programme\Internet\Advanced VPN Client\ncpsec.exe [2004-05-24 45056]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R2 rwsrsu;RwsRsu; P:\Programme\Internet\Advanced VPN Client\rwsrsu.exe [2007-02-21 266240]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-08-03 604488]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2006-07-17 14336]
S2 gupdate1c9891622ea6ae6;Google Update Service (gupdate1c9891622ea6ae6); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-17 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; P:\Programme\iPod\bin\iPodService.exe []
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MSCSPTISRV;MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-03 361288]
S3 usnjsvc;Messenger USN Journal Reader-Service f�r freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WMConnectCDS;Windows Media Connect-Dienst; C:\Programme\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]

-----------------EOF-----------------
Seitenanfang Seitenende
21.08.2009, 12:25
Moderator

Beiträge: 5694
#2 >>
Versteckte Dateien sichtbar machen:

1. Klicke unter Start auf Arbeitsplatz.
2. Klicke im Menü Extras auf Ordneroptionen.
3. Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden --> Haken entfernen
4. Geschützte und Systemdateien ausblenden --> Haken entfernen
5. Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen --> Haken setzen.

Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.
http://virus-protect.org/invisible.html

>>
Lasse folgende Datei bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis:

C:\WINDOWS\system32\drivers\restore.sys


Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind)

Zitat

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} -
C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
und wähle fix checked.

Starte den Rechner neu.

>>
Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log:
(Vor der Anwendung Update nicht vergessen)
http://virus-protect.org/artikel/tools/malwarebytes.html

>>
Führe einene Rootkitscan mit GMER durch und poste das Log:
http://virus-protect.org/artikel/tools/gmer.html

>>
Nun poste noch das zweite LOg von RSIT:
C:\rsit\info.txt

Gruss Swiss

Für mich:

Zitat

S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys
[/u]
Seitenanfang Seitenende
21.08.2009, 15:14
Member

Themenstarter

Beiträge: 15
#3 Hallo Swisstreasure,

vielen Dank für deine schnelle Antwort.

Anbei die Log von Virustotal der Datei restore.sys

Zitat

Die Datei wurde bereits analysiert:
MD5: 1939704a4c1f37bd62b04e46c7843939
First received: 2008.12.18 11:29:33 UTC
Datum 2009.05.31 15:25:32 UTC [>81D]
Ergebnisse 29/40
Permalink: analisis/d79b95afddd7d8de68e8fdd1ab9cb2fade869b07bb763bdd9ee8fdefaddc8864-1243783532

Zitat

Datei restore.sys empfangen 2009.08.21 12:55:18 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 32/41 (78.05%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 40 und 57 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.08.21 Rootkit.Win32.Small!IK
AhnLab-V3 5.0.0.2 2009.08.20 Win-Trojan/Rootkit.6656.L
AntiVir 7.9.1.3 2009.08.21 TR/Rootkit.Gen
Antiy-AVL 2.0.3.7 2009.08.21 Trojan/Win32.Small.gen
Authentium 5.1.2.4 2009.08.20 -
Avast 4.8.1335.0 2009.08.20 Win32:Rootkit-gen
AVG 8.5.0.406 2009.08.21 BackDoor.Generic10.ACET
BitDefender 7.2 2009.08.21 Virtool.17234
CAT-QuickHeal 10.00 2009.08.21 Worm.Small.hz
ClamAV 0.94.1 2009.08.21 -
Comodo 2045 2009.08.21 TrojWare.Win32.Rootkit.Small.hz
DrWeb 5.0.0.12182 2009.08.21 Trojan.AVClean.1151
eSafe 7.0.17.0 2009.08.20 -
eTrust-Vet 31.6.6693 2009.08.21 Win32/Cutwail.WO
F-Prot 4.4.4.56 2009.08.20 -
F-Secure 8.0.14470.0 2009.08.21 Rootkit.Win32.Small.hz
Fortinet 3.120.0.0 2009.08.21 -
GData 19 2009.08.21 Virtool.17234
Ikarus T3.1.1.68.0 2009.08.21 Rootkit.Win32.Small
Jiangmin 11.0.800 2009.08.21 Rootkit.Small.bj
K7AntiVirus 7.10.823 2009.08.20 Rootkit.Win32.Small.hz
Kaspersky 7.0.0.125 2009.08.21 Rootkit.Win32.Small.hz
McAfee 5715 2009.08.20 Generic.dx
McAfee+Artemis 5715 2009.08.20 Generic.dx
McAfee-GW-Edition 6.8.5 2009.08.21 Heuristic.BehavesLike.Win32.Rootkit.L
Microsoft 1.4903 2009.08.21 VirTool:WinNT/Cutwail.C
NOD32 4355 2009.08.21 Win32/Wigon
Norman 6.01.09 2009.08.20 W32/Rootkit.ABCO
nProtect 2009.1.8.0 2009.08.21 -
Panda 10.0.0.14 2009.08.21 Rootkit/Restore.A
PCTools 4.4.2.0 2009.08.21 -
Prevx 3.0 2009.08.21 Medium Risk Malware
Rising 21.43.43.00 2009.08.21 -
Sophos 4.44.0 2009.08.21 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.08.21 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.08.21 Hacktool.Rootkit
TheHacker 6.3.4.3.384 2009.08.21 Trojan/Small.hz
TrendMicro 8.950.0.1094 2009.08.21 TROJ_PANDEX.FV
VBA32 3.12.10.9 2009.08.20 Rootkit.Win32.Small.hz
ViRobot 2009.8.21.1895 2009.08.21 Trojan.Win32.RT-Small.6656
VirusBuster 4.6.5.0 2009.08.20 -
weitere Informationen
File size: 6656 bytes
MD5...: 1939704a4c1f37bd62b04e46c7843939
SHA1..: 5fc08998090bf520d6645ed9e8f1c2be4138e7ba
SHA256: d79b95afddd7d8de68e8fdd1ab9cb2fade869b07bb763bdd9ee8fdefaddc8864
ssdeep: 192:2G/t3pGb5rtNKnEy6ozmUJm4b3hEwGvdqH:55pwvNyXXmU74vdqH
PEiD..: -
TrID..: File type identification
Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1685
timedatestamp.....: 0x493fbda3 (Wed Dec 10 13:01:23 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xf6d 0xf80 6.42 722a245777030f4676e020959695302a
.rdata 0x1400 0x144 0x180 3.45 3ebb277bbdee7f67818d3691c25ad2a4
.data 0x1580 0xf4 0x100 4.32 967c0c655371e66e974ac959f83ec5ac
INIT 0x1680 0x24a 0x280 5.04 022dc05c38f8b55d7fed0a062ad0cc8f
.reloc 0x1900 0xb8 0x100 3.85 52276e8e08407b09fc535f27dcd1551d

( 1 imports )
> ntoskrnl.exe: ExFreePoolWithTag, RtlAnsiStringToUnicodeString, RtlInitString, ExAllocatePool, ZwQuerySystemInformation, memset, memcpy, ZwClose, ZwReadFile, ZwQueryInformationFile, ZwOpenFile, NtBuildNumber, KeServiceDescriptorTable, ObfDereferenceObject, ObReferenceObjectByName, IoDriverObjectType, RtlInitUnicodeString, KeTickCount, KeBugCheckEx, RtlUnwind

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CE1CC314002B7D0C1A2C00A25E21A400AD14A588' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CE1CC314002B7D0C1A2C00A25E21A400AD14A588</a>
->Die Einträge wurde mit HiJackthis entfernt!

-> Malwarebytes lies sich leider nicht installieren und auch nicht starten, keine Reaktion von Windows!

-> der gleiche Fall auch bei GMER, lies sich nicht starten und keine Reaktion von Windows!

Aktuelles RSIT Log der Info.txt

Zitat

info.txt logfile of random's system information tool 1.06 2009-08-21 15:13:34

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x7 UNINSTALL
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3GP Video Converter 3-->P:\Programme\Sonstige\3GP Video Converter 3\Uninstall.exe
ACDSee Foto-Manager 2009-->MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463}
Adobe Acrobat 7.0 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x7
Adobe Reader 7.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AI RoboForm (All Users)-->"P:\Programme\Internet\robocom\rfwipeout.exe"
AirLive WMU-6500FS-->C:\WINDOWS\system32\ss2uinst.exe "P:\Programme\Hardware\WMU-6500FS\ss2uinst.dat"
Alcatech BPM Studio Professional v4.9.1-->P:\PROGRA~1\Music\BPM-ST~1\UNWISE.EXE P:\PROGRA~1\Music\BPM-ST~1\INSTALL.LOG
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus-->P:\Programme\Internet\Azureus\Uninstall.exe
BayWotch Update v3.1.101-->"P:\Programme\Internet\BayWotch3\unins000.exe"
BlueSoleil-->MsiExec.exe /X{4A0BAA62-FE2F-4C93-A10B-5E6DE3B424A5}
Canon Camera Access Library-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programme\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Programme\Canon\CSCLIB\Uninst.ini"
Canon EOS 5D WIA-Treiber-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1031
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\RAW Image Task\Uninst.ini"
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x7 anything
Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.4-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities Easy-PhotoPrint-->P:\Programme\Hardware\Drucker\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Canon Utilities EOS Utility-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture DC-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Programme\Canon\CameraWindow\RemoteCaptureDC\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3 Utility-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.4.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Programme\Gemeinsame Dateien\Canon\UIW\1.5.0.0\Uninst.exe" "P:\Programme\Grafik\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only)-->"P:\Programme\Sonstige\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CD-LabelPrint-->"P:\Programme\Hardware\Drucker\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Citrix XenApp Plugin für gehostete Anwendungen-->MsiExec.exe /I{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Programme\Codec Pack - All In 1\irunin.ini"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivX Content Uploader-->C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->P:\Programme\DVD\DivX\DivXCodecUninstall.exe /CODEC
DRI Tool 2.0-->"P:\Programme\Grafik\DRI Tool 2.0\unins000.exe"
DScaler 4.1.10-->P:\Programme\TV-Karte\DScaler\unins000.exe
DVD Decrypter (Remove Only)-->"P:\Programme\DVD\DVD Decrypter\uninstall.exe"
Dynamic-Photo HDR Trial 4.5-->"P:\Programme\Sonstige\DynamicPhotoHDR4\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fP:\Programme\Hardware\Drucker\Canon\Easy-WebPrint\Uninst.isu
Exif-Viewer 2.40 -->C:\WINDOWS\uninstall\Exif-Viewer\setup.exe
FlatOut Ultimate Carnage-->G:\Programme\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe
FLV Player 2.0, build 24-->P:\Programme\DVD\FLV Player\uninst.exe
Free PDF to Word Doc Converter v1.1-->"P:\Programme\Sonstige\Free PDF to Word Doc Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"P:\Programme\Internet\Free YouTube to Mp3 Converter\unins000.exe"
Freez FLV to AVI/MPEG/WMV Converter-->"P:\Programme\Sonstige\Freez FLV to AVI MPEG WMV Converter\unins000.exe"
GameSpy Arcade-->G:\PROGRA~1\GAMESP~1\UNWISE.EXE G:\PROGRA~1\GAMESP~1\INSTALL.LOG
GcMail-->P:\Programme\Internet\GcMail\unins000.exe
GIMP 2.6.6-->"P:\Programme\Grafik\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Gears-->MsiExec.exe /I{F724042F-367A-3B58-9BE3-8EF7A6F058D6}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hauppauge WinTV NT4/Win2000 Drivers-->C:\WINDOWS\system32\HCW848UN.EXE
Hauppauge WinTV2000-->P:\PROGRA~1\TV-Karte\WinTV\UNTV32.EXE P:\PROGRA~1\TV-Karte\WinTV\WINTV2K.LOG
HijackThis 2.0.2-->"P:\Programme\Sicherheit\HijackThis\HijackThis.exe" /uninstall
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImageShack QuickLoad-->MsiExec.exe /I{CD522250-7AEE-4266-A821-6FB7C7018F13}
IndyCar Series-->MsiExec.exe /I{CCD58DA0-8FC9-40F6-9346-5B1528DEA638}
InterVideo WinDVD 5-->"C:\Programme\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
InterVideo WinDVR 3-->"C:\Programme\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL
IrfanView (remove only)-->P:\Programme\Grafik\IrfanView\iv_uninstall.exe
IsoBuster 1.7-->P:\Programme\Brenner\IsoBuster\Uninst\unins000.exe
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LANCOM Advanced VPN Client-->P:\Programme\Internet\Advanced VPN Client\uninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x7 UNINSTALL
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
MagicTune3.6_Client_pivot-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1C04D433-2EDF-4AFB-B31B-C0B13065092F}\setup.exe" -l0x7
MAGIX Media Manager 2004 gold-->P:\Programme\Media_Manager_2004\instslct.exe
MAGIX Online Druck Service-->C:\PROGRA~1\MAGIXO~1\UNWISE.EXE C:\PROGRA~1\MAGIXO~1\INSTALL.LOG
MAGIX Video deLuxe 2005 PLUS-->P:\Programme\Video_deLuxe_2005_PLUS\instslct.exe
MarketViewer 2.0.8-->C:\Programme\ITscope MarketViewer 2.0\uninst.exe
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Project Professional 2002-->MsiExec.exe /I{903B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Web Publishing Wizard 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.20)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{B5E8B139-9A06-4D97-BA4E-1256F8D6968D}
MyPhoneExplorer-->P:\Programme\Handy\MyPhoneExplorer\uninstall.exe
Natural Color-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Need for Speed™ Carbon-->G:\Programme\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 6 Ultra Edition-->P:\Programme\Brenner\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Programme\Gemeinsame Dateien\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
PDFCreator-->P:\Programme\Office\PDFCreator\unins000.exe
pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}
PDFill PDF Writer-->C:\WINDOWS\system32\uninstpw.exe C:\Programme\PlotSoft\PDFill
PDF-XChange 3-->"P:\Programme\Sonstige\CADViewer7\PDF-XChange\unins000.exe"
Personal Translator 2004 Office plus-->P:\PROGRA~1\Office\PTP2004\UNWISE.EXE P:\PROGRA~1\Office\PTP2004\INSTALL.LOG
Philips Vesta (Pro) Camera-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\PHILIP~1\Vesta.isu
Philips Vesta Camera WebUpdate-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\PHILIP~1\VestaWeb.isu
Photomatix Basic version 1.0-->P:\Programme\Grafik\Photomatix\unins000.exe
Photomatix Pro version 3.1.3-->"P:\Programme\Grafik\PhotomatixPro3\unins000.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Qtpfsgui 1.9.1-->"P:\Programme\Grafik\Qtpfsgui\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
SEMC DSS SyncStation Driver-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Shape Collage-->P:\Programme\Grafik\Shape Collage\uninstall.exe
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Sony USB Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
Total Commander (Remove or Repair)-->P:\Programme\Sonstige\Total Commander\tcuninst.exe
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Turbo Lister 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Update Service-->"P:\Programme\Sonstige\Sony Ericsson\Update Service\Uninstall Update Service\Uninstall Update Service.exe"
VideoLAN VLC media player 0.8.1-->P:\Programme\Video\VideoLAN\uninstall.exe
Winamp-->"P:\Programme\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x7 -removeonly
WinISO 5.3-->P:\Programme\Brenner\WinISO\unins000.exe
WinRAR-->P:\Programme\Sonstige\WinRAR\uninstall.exe
XnView 1.96-->"P:\Programme\Grafik\XnView\unins000.exe"
XP Codec Pack-->P:\Programme\DVD\XP Codec Pack\Uninstall.exe
YouTube Downloader 2.3-->"P:\Programme\Internet\YouTube Downloader\unins000.exe"
Zeitungen und Visitenkarten-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AA9CCD6A-495C-43B3-8CBC-71BE9B0B9DC2}\setup.exe"

=====HijackThis Backups=====

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll [2009-08-21]
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll [2009-08-21]
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll [2009-08-21]
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll [2009-08-21]

======Security center information======

AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz
AV: Avira AntiVir PersonalEdition
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz
AV: AntiVir PersonalEdition Classic Virenschutz

======System event log======

Computer Name: TOMMY
Event Code: 7000
Message: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


Record Number: 10318
Source Name: Service Control Manager
Time Written: 20090725182456.000000+120
Event Type: Fehler
User:

Computer Name: TOMMY
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.

Record Number: 10317
Source Name: Service Control Manager
Time Written: 20090725182456.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: TOMMY
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Smartcard" gesendet.

Record Number: 10316
Source Name: Service Control Manager
Time Written: 20090725182456.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: TOMMY
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 10315
Source Name: Service Control Manager
Time Written: 20090725182456.000000+120
Event Type: Informationen
User:

Computer Name: TOMMY
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 10314
Source Name: Service Control Manager
Time Written: 20090725182456.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: TOMMY
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090225200939.000000+060
Event Type: Informationen
User:

Computer Name: TOMMY
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden entfernt. Die Daten
enthalten die neuen Werte der Registrierungseinträge Last Counter
und Last Help.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090225200939.000000+060
Event Type: Informationen
User:

Computer Name: TOMMY
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090225200915.000000+060
Event Type: Informationen
User:

Computer Name: TOMMY
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090225200906.000000+060
Event Type: Informationen
User:

Computer Name: TOMMY
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst PSched (QoS-Paketplaner) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090225200855.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Mozilla Firefox;P:\Programme\Office\PTP2004;P:\Programme\Sonstige\PTP2004;G:\PROGRA~1\ThriXXX\3D SexVilla;P:\programme\DVD\quicktime\QTSystem;;C:\Programme\Gemeinsame Dateien\Teleca Shared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
Vielen Dank schon mal!
Seitenanfang Seitenende
21.08.2009, 15:31
Moderator

Beiträge: 5694
#4 >>
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Drivers to disable:
restore.sys
restore

Drivers to delete:
restore.sys
restore


Files to delete:
C:\WINDOWS\system32\drivers\restore.sys
- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

>>
lade Dir Malwarebytes auf den Desktop und benenne es nach Scan.exe um und versuche es so zu installieren.

>>
Nun auch noch eiN GMER Scan.

Gruss Swiss[/u]
Seitenanfang Seitenende
21.08.2009, 16:51
Member

Themenstarter

Beiträge: 15
#5 Hallo,
Avenger wurde ausgeführt.
Anbei die Log:

Zitat

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Warning: Invalid contents in ServiceGroupOrder key!
There may be a driver loading earlier than Avenger!


Completed script processing.

*******************

Finished! Terminate.

-> Malewarebytes lies sich jetzt zwar installieren, aber leider immer noch nicht starten!

-> GMER Scan wurde ausgeführt, wusste allerdings nicht genau ob ich alle Partitionen scanen sollte oder nicht. Ich hatte von daher erst mal nur C: gescannt wo sich auch WINDOWS drunterbefindet. Auf den anderen Partitionen befinden sich nur Programme und Daten usw.

Anbei die Log von GMER:

Zitat

GMER 1.0.15.15077 [test.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 16:46:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 8A4ED2A0 ZwEnumerateKey
Code 8A4EC2D8 ZwFlushInstructionCache
Code 8A4ED2D6 IofCallDriver
Code 8A53B296 IofCompleteRequest
Code 8A4EC29D ZwSaveKey
Code 8A4EB2D5 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EDE00 5 Bytes JMP 8A4ED2DB
.text ntkrnlpa.exe!IofCompleteRequest 804EDE90 5 Bytes JMP 8A53B29B
.text ntkrnlpa.exe!ZwSaveKey 804FE2A0 5 Bytes JMP 8A4EC2A2
.text ntkrnlpa.exe!ZwSaveKeyEx 804FE2B4 5 Bytes JMP 8A4EB2DA
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AA8F6 5 Bytes JMP 8A4EC2DC
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061941A 5 Bytes JMP 8A4ED2A4

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Mozilla Firefox\firefox.exe[2124] WS2_32.dll!connect 71A1406A 5 Bytes JMP 100127E0 \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[2124] WS2_32.dll!send 71A1428A 5 Bytes JMP 100127C0 \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[2124] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 100129A0 \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7DCDD70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7DCBE60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest] [B7DCDF80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7DCE080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7DCBE60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest] [B7DCDF80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7DCE080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7DCDD70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7DCDD70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7DCE080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7DCBE60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest] [B7DCDF80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B7DCBE60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B7DCE080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRequest] [B7DCDF80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B7DCDD70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRequest] [B7DCDF80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [B7DCBE60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [B7DCE080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [B7DCDD70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7DCDD70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest] [B7DCDF80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7DCBE60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7DCE080] \SystemRoot\system32\DRIVERS\ncplentp.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B0C6530

---- Modules - GMER 1.0.15 ----

Module _________ B9EE4000-B9EFC000 (98304 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [288] 0x10000000
Library \\?\globalroot\systemroot\system32\UACasrgppcvbw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [288] 0x00710000
Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [388] 0x025B0000
Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [504] 0x10000000
Library \\?\globalroot\systemroot\system32\UACasrgppcvbw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [504] 0x00710000
Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [620] 0x10000000
Library \\?\globalroot\systemroot\system32\UACasrgppcvbw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [620] 0x00710000
Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [684] 0x10000000
Library \\?\globalroot\systemroot\system32\UACasrgppcvbw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [684] 0x00710000
Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [792] 0x10000000
Library \\?\globalroot\systemroot\system32\UACasrgppcvbw.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [792] 0x00710000
Library \\?\globalroot\systemroot\system32\UACewflxrptul.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1324] 0x00B90000
Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1888] 0x10000000
Library \\?\globalroot\systemroot\system32\UACasrgppcvbw.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1888] 0x00710000
Library \\?\globalroot\systemroot\system32\UAChcxdsippbr.dll (*** hidden *** ) @ C:\Programme\Mozilla Firefox\firefox.exe [2124] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACmomqrqmuyy.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----
Besten Dank im voraus!
Seitenanfang Seitenende
21.08.2009, 18:56
Moderator

Beiträge: 5694
#6 Hallo TommyXP08

Dein Masterbootrecorder wurde infiziert. Zudem hast DU Rootkits auf Deinem System.

Falls Du Ebanking machst oder heikle Daten auf dem System hast, dann sichere diese und setze das System komplett Neu auf.

Eine Reinigung wäre möglich, aber mit viel Arbeit verbunden und man hat auch nicht die Sicherheit, dass bereits unbefugte Zutritt auf das System verschaffen haben.

Nun liegt es an Dir. Neu Aufsetzen oder Reinigen?

Gruss Swiss
Seitenanfang Seitenende
21.08.2009, 19:51
Member

Themenstarter

Beiträge: 15
#7 Hallo Swisstreasure,
ist erst mal eine ziemlich harte Meldung.
Ich würde es wirklich erst mal versuchen mit Reinigung versuchen.
Auch wenn diese sehr zeitaufwendig wäre.
Falls ich wirklich die Lust dran verliere kann ich immer noch neuaufsetzen.
Bloß mein PC-System ist derzeit so komplex aufgebaut das bekomme ich von heut auf morgen nicht mehr so hin.
Seitdem ich mir das eingefangen habe ist der Rechner sowieso Daueroffline.

Also mein Wort ist "Reinigen".

Würde mich nun über die weitere Verfahrensweiße freuen.

Vielen Dank!


P.S. Wie sieht es mit der Windows XP Systemwiederherstellung aus?
Dieser Beitrag wurde am 21.08.2009 um 20:05 Uhr von TommyXP08 editiert.
Seitenanfang Seitenende
21.08.2009, 20:05
Moderator

Beiträge: 5694
#8 >>
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.bat mit 'Speichern unter' auf dem Desktop.
Gebe bei Dateityp 'Alle Dateien' an.
Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

mbr.exe –f
Doppelklick auf fix.bat
Es wird ein Log erstellt ( mbr.log )und poste dessen Inhalt

(Hinweis: der Pfad zu mbr muss der Gleiche sein, also aufpassen, dass mbr auch auf dem Desktop abgespeichert ist)

>>
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html

Gruss Swiss
Seitenanfang Seitenende
22.08.2009, 10:57
Member

Themenstarter

Beiträge: 15
#9 OK, wurde soweit ausgeführt.

MBR Log

Zitat

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
BIOS signateure not found
Combo-Fix Log

Zitat

ComboFix 09-08-21.01 - Rühle 22.08.2009 10:34.4.1 - NTFSx86
ausgeführt von:: c:\dokumente und einstellungen\Rühle\Desktop\Scan.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
c:\dokume~1\ALLUSE~1\STARTM~1\PROGRA~1\Windows Live Messenger .lnk
c:\windows\Installer\13fa80.msp
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\UACmomqrqmuyy.sys
c:\windows\system32\inf
c:\windows\system32\UACasrgppcvbw.dll
c:\windows\system32\UACbfjwieeiyp.db
c:\windows\system32\UACewflxrptul.dll
c:\windows\system32\UAChcxdsippbr.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACqfuymspbcr.dat
c:\windows\system32\UACuoyuygulhr.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((( Dateien erstellt von 2009-07-22 bis 2009-08-22 ))))))))))))))))))))))))))))))
.

2009-08-21 14:06 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 14:06 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 13:53 . 2009-08-21 13:53 574 ----a-w- C:\cleanup.bat
2009-08-21 13:53 . 2009-08-21 13:53 135168 ----a-w- C:\zip.exe
2009-08-21 13:13 . 2009-08-21 13:13 -------- d-----w- C:\rsit
2009-08-21 12:57 . 2009-08-21 13:13 -------- d-----w- C:\HijackThis
2009-08-20 19:43 . 2009-08-20 19:43 71168 ----a-w- c:\windows\system32\drivers\evxtnbqpfuxpbvtf.sys
2009-08-20 19:43 . 2009-08-20 19:43 174 ----a-w- c:\windows\system32\UACkrjnbecjbb.dat
2009-08-11 06:35 . 2009-08-11 06:36 -------- d-----w- c:\programme\ICQ6.5
2009-08-03 20:19 . 2009-08-03 20:19 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-03 20:19 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-03 20:19 . 2009-08-03 20:19 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-03 20:19 . 2009-08-03 20:19 -------- d-----w- c:\dokume~1\ALLUSE~1\ANWEND~1\TuneUp Software
2009-08-03 20:17 . 2009-08-03 20:17 -------- d-sh--w- c:\dokume~1\ALLUSE~1\ANWEND~1\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 12:59 . 2009-05-13 21:07 -------- d-----w- c:\programme\pdfforge Toolbar
2009-08-06 13:18 . 2009-02-08 21:29 -------- d-----w- c:\dokume~1\ALLUSE~1\ANWEND~1\ZoomBrowser
2009-08-03 19:12 . 2008-08-10 17:20 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-07-21 21:56 . 2008-06-08 16:36 -------- d-----w- c:\programme\NCH Swift Sound
2009-07-18 09:39 . 2008-12-06 11:26 -------- d-----w- c:\programme\Google
2009-07-02 07:36 . 2001-08-18 10:00 84872 -c--a-w- c:\windows\system32\perfc007.dat
2009-07-02 07:36 . 2001-08-18 10:00 442514 -c--a-w- c:\windows\system32\perfh007.dat
2009-07-01 12:13 . 2009-07-01 12:13 -------- d-----w- c:\programme\MSECache
2009-05-27 20:18 . 2009-03-09 19:32 75096 -c--a-w- c:\windows\system32\drivers\avipbb.sys
2000-01-28 16:17 . 2004-08-30 17:28 557328 -c--a-w- c:\programme\Gemeinsame Dateien\dao360.dll
2008-12-20 20:12 . 2005-05-16 16:14 67688 -c--a-w- c:\programme\mozilla firefox\components\jar50.dll
2008-12-20 20:12 . 2005-05-16 16:14 54368 -c--a-w- c:\programme\mozilla firefox\components\jsd3250.dll
2008-12-20 20:12 . 2007-07-27 21:55 34944 -c--a-w- c:\programme\mozilla firefox\components\myspell.dll
2008-12-20 20:12 . 2007-07-27 21:55 46712 -c--a-w- c:\programme\mozilla firefox\components\spellchk.dll
2008-12-20 20:12 . 2005-05-16 16:14 172136 -c--a-w- c:\programme\mozilla firefox\components\xpinstal.dll
2004-07-03 20:09 . 2006-03-12 22:08 140800 -c--a-w- c:\programme\mozilla firefox\plugins\al2np.dll
2008-08-16 16:42 . 2008-08-16 16:42 13112 -c--a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42 70456 -c--a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42 91448 -c--a-w- c:\programme\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42 20800 -c--a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43 206136 -c--a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42 31032 -c--a-w- c:\programme\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42 40248 -c--a-w- c:\programme\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2008-05-21 07:41 479232 -c--a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41 548864 -c--a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41 626688 -c--a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll
2008-06-19 08:16 . 2008-06-19 08:16 118784 -c--a-w- c:\programme\mozilla firefox\plugins\MyCamera.dll
2008-06-05 12:58 . 2008-06-05 12:58 648504 -c--a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42 23864 -c--a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll
2007-11-21 23:00 . 2007-11-21 23:00 48 -csha-w- c:\windows\S320FC503.tmp
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\programme\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2006-07-17 15360]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\dokume~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-5-17 25214]
BlueSoleil.lnk - p:\programme\Sonstige\BlueSoleil\BlueSoleil.exe [2005-8-31 1196032]
Logitech Desktop Messenger.lnk - p:\programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-30 67128]
Logitech SetPoint.lnk - p:\programme\Sonstige\Logitech\SetPoint\SetPoint.exe [2008-12-30 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="p:\programme\Office\Acrobat 7.0\Distillr\Acrotray.exe"
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"SearchSettings"=c:\programme\pdfforge Toolbar\SearchSettings.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"p:\\Programme\\Internet\\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\\eMule0.46c-ionix-4.33-uni-bin\\emule.exe"=
"g:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"g:\\Programme\\EA GAMES\\Need for Speed Underground 2\\SPEED2.EXE"=
"g:\\Programme\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"p:\\Programme\\Sonstige\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"p:\\Programme\\Internet\\Azureus\\Azureus.exe"=
"p:\\Programme\\Video\\VideoLAN\\vlc.exe"=
"p:\\utorrent161.exe"=
"p:\\Programme\\Hardware\\WMU-6500FS\\Configure.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\ITscope MarketViewer 2.0\\jre\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"p:\\Programme\\Internet\\Advanced VPN Client\\NCPMON.exe"=
"c:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"g:\\Programme\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"p:\\Programme\\Sonstige\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=

R2 ncpclcfg;ncpclcfg;p:\programme\Internet\Advanced VPN Client\ncpclcfg.exe [06.04.2008 16:23 77824]
R2 ncprwsnt;ncprwsnt;p:\programme\Internet\Advanced VPN Client\NCPRWSNT.EXE [06.04.2008 16:23 1019904]
R2 NcpSec;NcpSec;p:\programme\Internet\Advanced VPN Client\NCPSEC.EXE [06.04.2008 16:23 45056]
R2 rwsrsu;RwsRsu;p:\programme\Internet\Advanced VPN Client\RWSRSU.exe [06.04.2008 16:23 266240]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [03.08.2009 22:19 604488]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [19.02.2005 19:47 446020]
R3 ncplentp;LANCOM Secure Client Adapter Driver;c:\windows\system32\drivers\NCPLENTP.SYS [06.04.2008 16:23 73408]
S2 gupdate1c9891622ea6ae6;Google Update Service (gupdate1c9891622ea6ae6);c:\programme\Google\Update\GoogleUpdate.exe [07.02.2009 13:20 133104]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [05.09.2008 03:01 4352]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [09.02.2006 01:06 6828]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [05.09.2008 03:01 265088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08.02.2009 15:21 13224]
S3 phil2vid;Philips VGA-Kamera (USB);c:\windows\system32\drivers\philcam2.sys [22.08.2005 20:07 173696]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [03.10.2007 12:39 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [03.10.2007 12:39 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [03.10.2007 12:39 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [03.10.2007 12:39 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [03.10.2007 12:39 98568]
S3 ttBudget2;TechnoTrend BDA/DVB (BDA);c:\windows\system32\drivers\ttBudget2.sys [07.01.2009 22:20 455296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Easy-WebPrint - Drucken - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - p:\progra~1\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://p:\programme\Internet\robocom\RoboFormComFillForms.html
IE: RF - Formular speichern - file://p:\programme\Internet\robocom\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://p:\programme\Internet\robocom\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://p:\programme\Internet\robocom\RoboFormComShowToolbar.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - p:\programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\dokume~1\RHLE~1\ANWEND~1\Mozilla\Firefox\Profiles\6r2guqhk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\dokumente und einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programme\Google\Google Gears\Firefox\lib\ff2\gears.dll
FF - component: c:\programme\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\programme\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 10:46
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,e0,05,72,95,d1,
a8,f8,4a,c8,28,51,af,b0,29,a3,98,1f,8b,8a,9c,b4,ac,09,b3,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,81,e3,ce,d6,d1,
05,66,69,71,3b,04,66,8b,46,0d,96,8b,14,54,51,92,80,ca,46,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,4a,35,b2,88,cb,
8c,05,13,25,da,ec,7e,55,20,c9,26,21,13,3f,c0,b5,89,24,92,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,7f,98,b1,b4,39,
27,65,b1,3e,1e,9e,e0,57,5a,93,61,83,20,84,9b,f3,5d,5a,14,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,cc,b0,83,18,65,
da,1c,2e,cd,44,cd,b9,a6,33,6c,cd,b8,ac,e7,09,0b,67,3c,87,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,aa,c8,11,ce,92,
0e,e4,c0,b0,18,ed,a7,3f,8d,37,a4,9d,1b,76,aa,5f,dc,9e,1b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,a2,b4,24,8a,
18,e6,fd,31,77,e1,ba,b1,f8,68,02,12,a3,e1,1f,3e,bd,a1,de,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,12,f0,a0,80,84,
7d,00,dc,83,6c,56,8b,a0,85,96,ab,0d,90,af,2d,38,d1,14,36,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,5c,ac,c7,15,b3,
2d,96,a2,51,fa,6e,91,28,9e,14,cc,a7,f4,9f,52,0f,f4,92,1a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3a,0f,74,1f,5d,
72,52,1f,b1,cd,45,5a,a8,c4,f8,b9,8e,f2,d0,52,28,4c,06,b2,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,94,84,68,e4,ed,
63,2a,b2,e3,0e,66,d5,eb,bc,2f,6b,a3,d1,e2,f6,67,55,bf,c9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0c,f8,0e,3d,4c,
60,03,a7,fa,ea,66,7f,d4,3b,6b,70,0f,92,37,7c,9f,66,81,81,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Hauppauge\NT]
@DACL=(02 0000)
"Version"="3.11.19205"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(276)
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2009-08-22 10:49
ComboFix-quarantined-files.txt 2009-08-22 08:47
ComboFix2.txt 2009-02-23 21:11
ComboFix3.txt 2009-02-22 18:52

Vor Suchlauf: 834.433.024 Bytes frei
Nach Suchlauf: 814.874.624 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4,5
282
Vielen Dank!
Seitenanfang Seitenende
22.08.2009, 11:29
Moderator

Beiträge: 5694
#10 >>
Combofix entfernen:
Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK"
(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
Avenger

http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Files to delete:
c:\windows\system32\drivers\evxtnbqpfuxpbvtf.sys
c:\windows\system32\UACkrjnbecjbb.dat
- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
Scanne mit Superantispyware und poste das Log:
http://board.protecus.de/t31252.htm

>>
Rootkitscan mit RootRepeal

* Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
* Entpacke die Datei auf Deinen Desktop.
* Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
* Klicke auf den Reiter Report und dann auf den Button Scan.
* Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

.
* Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
* Wähle C:\ und klicke wieder Ok.
* Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
* Wenn der Suchlauf beendet ist, klicke auf Save Report.
* Speichere das Logfile als RootRepeal.txt auf dem Desktop.
* Kopiere den Inhalt hier in den Thread.

>>
Scanne erneut mit GMER und poste das neue Log.


Gruss Swiss
Seitenanfang Seitenende
23.08.2009, 19:35
Member

Themenstarter

Beiträge: 15
#11 Ok wurde soweit alles ausgeführt.

Anbei die Logs.

Avenger

Zitat

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\drivers\evxtnbqpfuxpbvtf.sys" deleted successfully.
File "c:\windows\system32\UACkrjnbecjbb.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Superantispyware

Zitat

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/23/2009 at 01:59 PM

Application Version : 4.27.1002

Core Rules Database Version : 4040
Trace Rules Database Version: 2007

Scan type : Complete Scan
Total Scan Time : 01:35:00

Memory items scanned : 506
Memory threats detected : 0
Registry items scanned : 7457
Registry threats detected : 6
File items scanned : 23239
File threats detected : 43

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@tradedoubler[1].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@msnportal.112.2o7[1].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@atwola[1].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@serving-sys[1].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@atdmt[2].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@tracking.quisma[1].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@zbox.zanox[1].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@adserver.71i[1].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@doubleclick[2].txt
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@bs.serving-sys[2].txt
.doubleclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
ww251.smartadserver.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.smartadserver.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.smartadserver.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.smartadserver.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
keyword-advertising.web.de [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
keyword-advertising.web.de [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
keyword-advertising.web.de [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.imrworldwide.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.imrworldwide.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.adviva.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.adfarm1.adition.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.specificclick.net [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.ads.quartermedia.de [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.ads.quartermedia.de [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.ads.quartermedia.de [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.overture.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
.overture.com [ C:\Dokumente und Einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\cookies.txt ]
C:\Dokumente und Einstellungen\Rühle\Cookies\rühle@tracking[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@doubleclick[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@msnaccountservices.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@dynamic.media.adrevolver[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.adrevolver[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adrevolver[1].txt

Adware.NetPumper
HKU\S-1-5-21-1844237615-920026266-839522115-1003\Software\NetPumper

Rogue.Component/Trace
HKLM\Software\Microsoft\B8FE8CE4
HKLM\Software\Microsoft\B8FE8CE4#b8fe8ce4
HKLM\Software\Microsoft\B8FE8CE4#Version
HKLM\Software\Microsoft\B8FE8CE4#b8fe2164
HKLM\Software\Microsoft\B8FE8CE4#b8fe4881
RootRepeal

Zitat

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 15:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xB9EE4000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB0EC5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5CE000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAFDD0000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "d347bus.sys" at address 0xb9f5f818

#: 041 Function Name: NtCreateKey
Status: Hooked by "d347bus.sys" at address 0xb9f5f7d0

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "d347bus.sys" at address 0xb9f53a20

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba7acc2c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "d347bus.sys" at address 0xb9f542a8

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "d347bus.sys" at address 0xb9f5f910

#: 119 Function Name: NtOpenKey
Status: Hooked by "d347bus.sys" at address 0xb9f5f794

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba7acc18

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba7acc1d

#: 160 Function Name: NtQueryKey
Status: Hooked by "d347bus.sys" at address 0xb9f542c8

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "d347bus.sys" at address 0xb9f5f866

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "d347bus.sys" at address 0xb9f5f0b0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Programme\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb54d20b0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xba7acc22

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8b0899b0 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x89f0a778 Size: 11

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8ad4b228 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8ac37208 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]
Process: System Address: 0x8aa4df00 Size: 99

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a17c7c8 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x89bf4c18 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a777180 Size: 11

Object: Hidden Code [Driver: NpfsЅఌ扏济Volume{e2c4f, IRP_MJ_READ]
Process: System Address: 0x8a17e7d8 Size: 11

Object: Hidden Code [Driver: STORAGE#, IRP_MJ_READ]
Process: System Address: 0x8a145738 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x8a7e3c68 Size: 11

Object: Hidden Code [Driver: CdfsЅఄ灐畳⨨푀대, IRP_MJ_READ]
Process: System Address: 0x8b0edc90 Size: 11

==EOF==
GMER

Zitat

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-08-23 19:28:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xB9F5F818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB9F5F7D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9F53A20]
SSDT BA7ACC2C ZwCreateThread
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9F542A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9F5F910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB9F5F794]
SSDT BA7ACC18 ZwOpenProcess
SSDT BA7ACC1D ZwOpenThread
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9F542C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9F5F866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9F5F0B0]
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB54D20B0]
SSDT BA7ACC22 ZwWriteVirtualMemory

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B7D25D70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B7D23E60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest] [B7D25F80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B7D26080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B7D23E60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest] [B7D25F80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B7D26080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B7D25D70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B7D25D70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B7D26080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B7D23E60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest] [B7D25F80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B7D23E60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B7D26080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRequest] [B7D25F80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B7D25D70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRequest] [B7D25F80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [B7D23E60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [B7D26080] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [B7D25D70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B7D25D70] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest] [B7D25F80] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B7D23E60] \SystemRoot\system32\DRIVERS\ncplentp.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B7D26080] \SystemRoot\system32\DRIVERS\ncplentp.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B0899B0
Device \FileSystem\Fastfat \FatCdrom 89F0A778
Device \Driver\Cdrom \Device\CdRom0 8AC37208
Device \FileSystem\Rdbss \Device\FsWrap 8A17C7C8

---- Modules - GMER 1.0.15 ----

Module _________ B9EE4000-B9EFC000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\$winnt32$_test
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x02 0x02 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x02 0x02 0x45 ...
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\controlset003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x02 0x02 0x45 ...
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxymnadmlo.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxymnadmlo.sys
Reg HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtqxtpjyk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x02 0x02 0x45 ...
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UAChtoaiyxd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UAChtoaiyxd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqbhwktei.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACxsklartb.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACxckbowba.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACeotpksuo.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACtyruhitu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACjcvjrsoy.log
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACywvcbfdn.log
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACvebfvaos.log
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxymnadmlo.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxymnadmlo.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtqxtpjyk.dll
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0x02 0x02 0x45 ...
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32\drivers\UAChtoaiyxd.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UAChtoaiyxd.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqbhwktei.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACxsklartb.dat
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACxckbowba.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACeotpksuo.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACtyruhitu.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACjcvjrsoy.log
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACywvcbfdn.log
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACvebfvaos.log
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----
Vielen Dank im voraus!
Seitenanfang Seitenende
23.08.2009, 20:03
Moderator

Beiträge: 5694
#12 >>
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Drivers to disable:
gaopdxymnadmlo.sys
gaopdxserv.sys
UAChtoaiyxd.sys
UACd.sys

Drivers to delete:
gaopdxymnadmlo.sys
gaopdxserv.sys
UAChtoaiyxd.sys
UACd.sys

Registry keys to delete:
HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys
HKLM\SYSTEM\ControlSet004\Services\UACd.sys
HKLM\SYSTEM\ControlSet005\Services\UACd.sys

Files to delete:
c:\windows\system32\drivers\gaopdxymnadmlo.sys
c:\windows\system32\drivers\gaopdxymnadmlo.sys
c:\windows\system32\drivers\UAChtoaiyxd.sys
c:\windows\system32\drivers\gaopdxymnadmlo.sys
c:\windows\system32\gaopdxtqxtpjyk.dll
c:\windows\system32\UACxsklartb.dat
c:\windows\system32\UACxckbowba.dll
c:\windows\system32\UACeotpksuo.dll
c:\windows\system32\UACtyruhitu.dll
c:\windows\system32\UACjcvjrsoy.log
c:\windows\system32\UACywvcbfdn.log
c:\windows\system32\UACvebfvaos.log
c:\windows\system32\UACqbhwktei.dll
- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

>>
Deinstallier GMER und installiere es neu, poste ein neues Log.

Gruss Swiss
Seitenanfang Seitenende
24.08.2009, 20:36
Member

Themenstarter

Beiträge: 15
#13 OK, anbei die Log von Avenger

Zitat

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open driver "gaopdxymnadmlo.sys"
Disablement of driver "gaopdxymnadmlo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "gaopdxserv.sys"
Disablement of driver "gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "UAChtoaiyxd.sys"
Disablement of driver "UAChtoaiyxd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open driver "UACd.sys"
Disablement of driver "UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxymnadmlo.sys" not found!
Deletion of driver "gaopdxymnadmlo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv.sys" not found!
Deletion of driver "gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\UAChtoaiyxd.sys" not found!
Deletion of driver "UAChtoaiyxd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\UACd.sys" not found!
Deletion of driver "UACd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet004\Services\gaopdxserv.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet004\Services\UACd.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet005\Services\UACd.sys" deleted successfully.

Error: file "c:\windows\system32\drivers\gaopdxymnadmlo.sys" not found!
Deletion of file "c:\windows\system32\drivers\gaopdxymnadmlo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\drivers\gaopdxymnadmlo.sys" not found!
Deletion of file "c:\windows\system32\drivers\gaopdxymnadmlo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\drivers\UAChtoaiyxd.sys" not found!
Deletion of file "c:\windows\system32\drivers\UAChtoaiyxd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\drivers\gaopdxymnadmlo.sys" not found!
Deletion of file "c:\windows\system32\drivers\gaopdxymnadmlo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\gaopdxtqxtpjyk.dll" not found!
Deletion of file "c:\windows\system32\gaopdxtqxtpjyk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACxsklartb.dat" not found!
Deletion of file "c:\windows\system32\UACxsklartb.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACxckbowba.dll" not found!
Deletion of file "c:\windows\system32\UACxckbowba.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACeotpksuo.dll" not found!
Deletion of file "c:\windows\system32\UACeotpksuo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACtyruhitu.dll" not found!
Deletion of file "c:\windows\system32\UACtyruhitu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACjcvjrsoy.log" not found!
Deletion of file "c:\windows\system32\UACjcvjrsoy.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACywvcbfdn.log" not found!
Deletion of file "c:\windows\system32\UACywvcbfdn.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACvebfvaos.log" not found!
Deletion of file "c:\windows\system32\UACvebfvaos.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\UACqbhwktei.dll" not found!
Deletion of file "c:\windows\system32\UACqbhwktei.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Mit GMER bekomme ich leider Log mehr hin. Denn während des Scanvorganges startet jeder mal der Rechner neu. Hatte es bisher schon deinstalliert und auch wieder neu installiert. Allerdings immer während des Scanvorganges (nach ca. 5 Minuten) startet der PC mit einmal neu. Als Scanordner habe ich die normalen standardmäßigen Sachen ausgewählt sowie die Partition C:.
Nachm Neustart kommt dann auch keine Fehlermeldung, Log o.ä.
Vorher war dieses Problem nicht gewesen mit dem abstürzen, also bei den vorherigen Scans.

Vielen Dank schon mal...
Seitenanfang Seitenende
25.08.2009, 11:43
Moderator

Beiträge: 5694
#14 >>
Scanne mit Blacklight und poste das LOg:
http://virus-protect.org/artikel/tools/blacklight.html

>>
Installier DIr erneut Combofix, scanne und poste das Log:
http://virus-protect.org/artikel/tools/blacklight.html

Gruss Swiss
Seitenanfang Seitenende
25.08.2009, 19:15
Member

Themenstarter

Beiträge: 15
#15 So, hate nun Scan mit Backlight durchlaufen lassen.
Anbei die Log.
Dateien zum umbennnen gab es nicht!



Zitat

08/25/09 18:10:27 [Info]: BlackLight Engine 2.2.1092 initialized
08/25/09 18:10:27 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/25/09 18:10:28 [Note]: 7019 4
08/25/09 18:10:28 [Note]: 7005 0
08/25/09 18:10:40 [Note]: 7006 0
08/25/09 18:10:40 [Note]: 7011 940
08/25/09 18:10:40 [Note]: 7035 0
08/25/09 18:10:40 [Note]: 7026 0
08/25/09 18:10:40 [Note]: 7026 0
08/25/09 18:10:43 [Note]: FSRAW library version 1.7.1024
08/25/09 18:16:53 [Note]: 2000 1012
08/25/09 18:31:47 [Note]: 7007 0
Combofix-Log

Zitat

ComboFix 09-08-24.06 - Rühle 25.08.2009 19:04.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.3071.2595 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Rühle\Desktop\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {00000000-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {00000000-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00F1-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((( Dateien erstellt von 2009-07-25 bis 2009-08-25 ))))))))))))))))))))))))))))))
.

2009-08-23 10:21 . 2009-08-23 10:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-08-23 10:21 . 2009-08-23 10:21 -------- d-----w- c:\programme\SUPERAntiSpyware
2009-08-21 14:06 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 14:06 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 13:13 . 2009-08-21 13:13 -------- d-----w- C:\rsit
2009-08-21 12:57 . 2009-08-21 13:13 -------- d-----w- C:\HijackThis
2009-08-11 06:35 . 2009-08-11 06:36 -------- d-----w- c:\programme\ICQ6.5
2009-08-03 20:19 . 2009-08-03 20:19 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-03 20:19 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-08-03 20:19 . 2009-08-03 20:19 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-03 20:19 . 2009-08-03 20:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2009-08-03 20:17 . 2009-08-03 20:17 -------- d-sh--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 10:21 . 2005-02-13 00:09 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-08-21 12:59 . 2009-05-13 21:07 -------- d-----w- c:\programme\pdfforge Toolbar
2009-08-06 13:18 . 2009-02-08 21:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ZoomBrowser
2009-08-03 19:12 . 2008-08-10 17:20 -------- d-----w- c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-08-03 19:04 . 2008-12-03 07:39 36864 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2009-07-21 21:56 . 2008-06-08 16:36 -------- d-----w- c:\programme\NCH Swift Sound
2009-07-18 09:39 . 2008-12-06 11:26 -------- d-----w- c:\programme\Google
2009-07-02 07:36 . 2001-08-18 10:00 84872 -c--a-w- c:\windows\system32\perfc007.dat
2009-07-02 07:36 . 2001-08-18 10:00 442514 -c--a-w- c:\windows\system32\perfh007.dat
2009-07-01 12:13 . 2009-07-01 12:13 -------- d-----w- c:\programme\MSECache
2009-05-27 20:18 . 2009-03-09 19:32 75096 -c--a-w- c:\windows\system32\drivers\avipbb.sys
2000-01-28 16:17 . 2004-08-30 17:28 557328 -c--a-w- c:\programme\Gemeinsame Dateien\dao360.dll
2008-12-20 20:12 . 2005-05-16 16:14 67688 -c--a-w- c:\programme\mozilla firefox\components\jar50.dll
2008-12-20 20:12 . 2005-05-16 16:14 54368 -c--a-w- c:\programme\mozilla firefox\components\jsd3250.dll
2008-12-20 20:12 . 2007-07-27 21:55 34944 -c--a-w- c:\programme\mozilla firefox\components\myspell.dll
2008-12-20 20:12 . 2007-07-27 21:55 46712 -c--a-w- c:\programme\mozilla firefox\components\spellchk.dll
2008-12-20 20:12 . 2005-05-16 16:14 172136 -c--a-w- c:\programme\mozilla firefox\components\xpinstal.dll
2004-07-03 20:09 . 2006-03-12 22:08 140800 -c--a-w- c:\programme\mozilla firefox\plugins\al2np.dll
2008-08-16 16:42 . 2008-08-16 16:42 13112 -c--a-w- c:\programme\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2008-08-16 16:42 70456 -c--a-w- c:\programme\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2008-08-16 16:42 91448 -c--a-w- c:\programme\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2008-08-16 16:42 20800 -c--a-w- c:\programme\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2008-08-16 16:43 206136 -c--a-w- c:\programme\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2008-08-16 16:42 31032 -c--a-w- c:\programme\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2008-08-16 16:42 40248 -c--a-w- c:\programme\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2008-05-21 07:41 479232 -c--a-w- c:\programme\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2008-05-21 07:41 548864 -c--a-w- c:\programme\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2008-05-21 07:41 626688 -c--a-w- c:\programme\mozilla firefox\plugins\msvcr80.dll
2008-06-19 08:16 . 2008-06-19 08:16 118784 -c--a-w- c:\programme\mozilla firefox\plugins\MyCamera.dll
2008-06-05 12:58 . 2008-06-05 12:58 648504 -c--a-w- c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2008-08-16 16:42 23864 -c--a-w- c:\programme\mozilla firefox\plugins\TcpPServ.dll
2007-11-21 23:00 . 2007-11-21 23:00 48 -csha-w- c:\windows\S320FC503.tmp
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\programme\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2006-07-17 15360]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-5-17 25214]
BlueSoleil.lnk - p:\programme\Sonstige\BlueSoleil\BlueSoleil.exe [2005-8-31 1196032]
Logitech Desktop Messenger.lnk - p:\programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-30 67128]
Logitech SetPoint.lnk - p:\programme\Sonstige\Logitech\SetPoint\SetPoint.exe [2008-12-30 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="p:\programme\Office\Acrobat 7.0\Distillr\Acrotray.exe"
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"SearchSettings"=c:\programme\pdfforge Toolbar\SearchSettings.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"p:\\Programme\\Internet\\eMule0.46c-ionix-4.33-uni-bin.dl.by.www.emulebase.de\\eMule0.46c-ionix-4.33-uni-bin\\emule.exe"=
"g:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"g:\\Programme\\EA GAMES\\Need for Speed Underground 2\\SPEED2.EXE"=
"g:\\Programme\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"p:\\Programme\\Sonstige\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"p:\\Programme\\Internet\\Azureus\\Azureus.exe"=
"p:\\Programme\\Video\\VideoLAN\\vlc.exe"=
"p:\\utorrent161.exe"=
"p:\\Programme\\Hardware\\WMU-6500FS\\Configure.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\ITscope MarketViewer 2.0\\jre\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"p:\\Programme\\Internet\\Advanced VPN Client\\NCPMON.exe"=
"c:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"g:\\Programme\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"p:\\Programme\\Sonstige\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [05.08.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [05.08.2009 16:06 74480]
R2 ncpclcfg;ncpclcfg;p:\programme\Internet\Advanced VPN Client\ncpclcfg.exe [06.04.2008 16:23 77824]
R2 ncprwsnt;ncprwsnt;p:\programme\Internet\Advanced VPN Client\NCPRWSNT.EXE [06.04.2008 16:23 1019904]
R2 NcpSec;NcpSec;p:\programme\Internet\Advanced VPN Client\NCPSEC.EXE [06.04.2008 16:23 45056]
R2 rwsrsu;RwsRsu;p:\programme\Internet\Advanced VPN Client\RWSRSU.exe [06.04.2008 16:23 266240]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [03.08.2009 22:19 604488]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [19.02.2005 19:47 446020]
R3 ncplentp;LANCOM Secure Client Adapter Driver;c:\windows\system32\drivers\NCPLENTP.SYS [06.04.2008 16:23 73408]
R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [05.08.2009 16:06 7408]
S2 gupdate1c9891622ea6ae6;Google Update Service (gupdate1c9891622ea6ae6);c:\programme\Google\Update\GoogleUpdate.exe [07.02.2009 13:20 133104]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [05.09.2008 03:01 4352]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [09.02.2006 01:06 6828]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [05.09.2008 03:01 265088]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08.02.2009 15:21 13224]
S3 phil2vid;Philips VGA-Kamera (USB);c:\windows\system32\drivers\philcam2.sys [22.08.2005 20:07 173696]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [03.10.2007 12:39 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [03.10.2007 12:39 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [03.10.2007 12:39 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [03.10.2007 12:39 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [03.10.2007 12:39 98568]
S3 ttBudget2;TechnoTrend BDA/DVB (BDA);c:\windows\system32\drivers\ttBudget2.sys [07.01.2009 22:20 455296]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2009-08-25 c:\windows\Tasks\1-Klick-Wartung.job
- p:\programme\Sonstige\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 10:07]

2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-07 11:20]

2009-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-07 11:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Easy-WebPrint - Drucken - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - p:\programme\Hardware\Drucker\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: In Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - p:\progra~1\Office\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://p:\programme\Internet\robocom\RoboFormComFillForms.html
IE: RF - Formular speichern - file://p:\programme\Internet\robocom\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://p:\programme\Internet\robocom\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://p:\programme\Internet\robocom\RoboFormComShowToolbar.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - p:\programme\Office\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - p:\programme\Sonstige\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\dokumente und einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\dokumente und einstellungen\Rühle\Anwendungsdaten\Mozilla\Firefox\Profiles\6r2guqhk.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\programme\Google\Google Gears\Firefox\lib\ff2\gears.dll
FF - component: c:\programme\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - component: c:\programme\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 19:10
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,e0,05,72,95,d1,
a8,f8,4a,c8,28,51,af,b0,29,a3,98,1f,8b,8a,9c,b4,ac,09,b3,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,81,e3,ce,d6,d1,
05,66,69,71,3b,04,66,8b,46,0d,96,8b,14,54,51,92,80,ca,46,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,4a,35,b2,88,cb,
8c,05,13,25,da,ec,7e,55,20,c9,26,21,13,3f,c0,b5,89,24,92,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,7f,98,b1,b4,39,
27,65,b1,3e,1e,9e,e0,57,5a,93,61,83,20,84,9b,f3,5d,5a,14,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,cc,b0,83,18,65,
da,1c,2e,cd,44,cd,b9,a6,33,6c,cd,b8,ac,e7,09,0b,67,3c,87,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,aa,c8,11,ce,92,
0e,e4,c0,b0,18,ed,a7,3f,8d,37,a4,9d,1b,76,aa,5f,dc,9e,1b,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,e2,a2,b4,24,8a,
18,e6,fd,31,77,e1,ba,b1,f8,68,02,12,a3,e1,1f,3e,bd,a1,de,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,12,f0,a0,80,84,
7d,00,dc,83,6c,56,8b,a0,85,96,ab,0d,90,af,2d,38,d1,14,36,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,5c,ac,c7,15,b3,
2d,96,a2,51,fa,6e,91,28,9e,14,cc,a7,f4,9f,52,0f,f4,92,1a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3a,0f,74,1f,5d,
72,52,1f,b1,cd,45,5a,a8,c4,f8,b9,8e,f2,d0,52,28,4c,06,b2,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,94,84,68,e4,ed,
63,2a,b2,e3,0e,66,d5,eb,bc,2f,6b,a3,d1,e2,f6,67,55,bf,c9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,0c,f8,0e,3d,4c,
60,03,a7,fa,ea,66,7f,d4,3b,6b,70,0f,92,37,7c,9f,66,81,81,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Hauppauge\NT]
@DACL=(02 0000)
"Version"="3.11.19205"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1500)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1412)
p:\programme\Sonstige\Logitech\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2009-08-25 19:13
ComboFix-quarantined-files.txt 2009-08-25 17:12
ComboFix2.txt 2009-08-22 08:49

Vor Suchlauf: 564.838.400 Bytes frei
Nach Suchlauf: 500.408.320 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4,5
288
Vielen Dank schon mal!
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: