Home » Viren, Trojaner & Malware Forum » Wurm 'WORM/Autorun.lqb.6' in der Datei 'C:\WINDOWS\system32\mstmdm.dll' » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Wurm 'WORM/Autorun.lqb.6' in der Datei 'C:\WINDOWS\system32\mstmdm.dll'

14.09.2009, 20:28

anynick

Member

Beiträge: 13

#1 Hallo Miteinander,
ich bekomme folgende Meldung vom Antivir Guard.
In der Datei 'C:\WINDOWS\system32\mstmdm.dll'
wurde ein Virus oder unerwünschtes Programm 'WORM/Autorun.lqb.6' [worm] gefunden.
Das Problem trat zum ersten Mal beim Starten von DC++ auf und danach Periodisch in kurzen Abständen
nach kurzer Zeit wurde die gleiche Meldung auch von anderen Dateien in 'Lokale Einstellungen' und so gemeldet.
Vielen dank schonmal für eure Hilfe...
und Respekt, dass ihr mit dem Log Kauderwelsch was anfangen könnt
Grüße
Johannes

Wie in der Anleitung gewünscht die entsprechenden Log Files:
GMER Logfile:

Zitat

GMER 1.0.15.15086 - http://www.gmer.net
Rootkit scan 2009-09-14 20:30:00
Windows 5.1.2600 Service Pack 3
Running: 2snnkiie.exe; Driver: C:\DOKUME~1\Johannes\LOKALE~1\Temp\asliahmy.sys

---- System - GMER 1.0.15 ----

SSDT F7D0234E ZwCreateKey
SSDT F7D02344 ZwCreateThread
SSDT F7D02353 ZwDeleteKey
SSDT F7D0235D ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF7410C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7410FF6]
SSDT F7D02362 ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF7410A18]
SSDT F7D02330 ZwOpenProcess
SSDT F7D02335 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF74110C0]
SSDT sptd.sys ZwQueryValueKey [0xF7410F58]
SSDT F7D0236C ZwReplaceKey
SSDT F7D02367 ZwRestoreKey
SSDT F7D02358 ZwSetValueKey
SSDT F7D0233F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\Drivers\SPTD3469.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F26CD4D0 16 Bytes [99, F6, 5F, D7, C8, 97, 32, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F26CD4E1 31 Bytes [C0, 6C, F2, 4F, 4D, 32, 19, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

---- User code sections - GMER 1.0.15 ----

.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 0202B623 D:\Tools\Winamp\Plugins\gen_jumpex.dll
.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 0202B5AB D:\Tools\Winamp\Plugins\gen_jumpex.dll
.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 0202B6A7 D:\Tools\Winamp\Plugins\gen_jumpex.dll
.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 0202B5D3 D:\Tools\Winamp\Plugins\gen_jumpex.dll
.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 0202B64E D:\Tools\Winamp\Plugins\gen_jumpex.dll
.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 0202B5F8 D:\Tools\Winamp\Plugins\gen_jumpex.dll
.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 0202B679 D:\Tools\Winamp\Plugins\gen_jumpex.dll
.text D:\Tools\Winamp\winamp.exe[1312] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 0202B583 D:\Tools\Winamp\Plugins\gen_jumpex.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F740CA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F740CB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F740CAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F740D6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F740D5A2] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01B873CC] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT D:\Tools\thunderbird\thunderbird.exe[1288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01B87376] D:\Tools\thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86799940
Device \FileSystem\Udfs \UdfsCdRom 85198EB0
Device \FileSystem\Udfs \UdfsDisk 85198EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{35F6CA72-4DC7-47FE-B226-C868A536F29A} 85B757F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8679A2D8
Device \Driver\dmio \Device\DmControl\DmConfig 8679A2D8
Device \Driver\dmio \Device\DmControl\DmPnP 8679A2D8
Device \Driver\dmio \Device\DmControl\DmInfo 8679A2D8
Device \Driver\00000041 \Device\00000052 sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{3AFFBB08-B05D-48B6-BB5A-38306B2196A7} 85B757F8
Device \Driver\nvatabus \Device\00000070 86799EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 8679A590
Device \Driver\nvatabus \Device\00000071 86799EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 8679A590
Device \Driver\Cdrom \Device\CdRom0 8657D0E8
Device \FileSystem\Rdbss \Device\FsWrap 85B517F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8679A590
Device \Driver\Cdrom \Device\CdRom1 8657D0E8
Device \Driver\nvatabus \Device\00000073 86799EB0
Device \Driver\Ftdisk \Device\HarddiskVolume4 8679A590
Device \Driver\Cdrom \Device\CdRom2 8657D0E8
Device \Driver\nvatabus \Device\00000074 86799EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export 85B757F8
Device \Driver\sbp2port \Device\Sbp2Port0 86799688
Device \Driver\NetBT \Device\NetbiosSmb 85B757F8
Device \Driver\Disk \Device\Harddisk0\DR0 86799BF8
Device \Driver\Disk \Device\Harddisk1\DR1 86799BF8
Device \Driver\Disk \Device\Harddisk2\DR5 86799BF8
Device \Driver\sbp2port \Device\Sbp2\Maxtor&OneTouch&0&0010b902_11533350_Instance00 86799688
Device \Driver\nvatabus \Device\NvAta0 86799EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85B457F8
Device \Driver\nvatabus \Device\NvAta1 86799EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85B457F8
Device \Driver\nvatabus \Device\NvAta2 86799EB0
Device \FileSystem\Npfs \Device\NamedPipe 8646EB18
Device \Driver\Ftdisk \Device\FtControl 8679A590
Device \FileSystem\Msfs \Device\Mailslot 8629EC78
Device \Driver\dtscsi \Device\Scsi\dtscsi1 865BDC20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 865BDC20
Device \FileSystem\Cdfs \Cdfs 851A2C40

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1729401030
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1805124181
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1026633488
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Tools\demon tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xDC 0x02 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0xBF 0xA7 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0xCD 0x98 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x2C 0x60 0x3E 0xCD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF7 0x2D 0x55 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Tools\demon tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x30 0xDC 0x02 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0C 0xBF 0xA7 0xAF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0xCD 0x98 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x2C 0x60 0x3E 0xCD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF7 0x2D 0x55 0x8D ...

---- EOF - GMER 1.0.15 ----

HJT:

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:35, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Tools\Avira\AntiVir Desktop\sched.exe
D:\Tools\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
D:\Tools\Java\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
D:\Tools\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
D:\Tools\demon tools\daemon.exe
D:\Tools\Avira\AntiVir Desktop\avgnt.exe
D:\Tools\CS3\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Tools\Java\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
D:\Tools\creative\mediasource\RemoteControl\RcMan.exe
D:\Tools\Skype\Phone\Skype.exe
D:\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Tools\PureSync\PureSyncTray.exe
D:\Tools\Logitech\SetPoint\SetPoint.exe
D:\Tools\thunderbird\thunderbird.exe
D:\Tools\Winamp\winamp.exe
C:\Programme\Digsby\lib\digsby-app.exe
D:\Tools\creative\mediasource\RemoteControl\OSDMenu.EXE
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
D:\Tools\Skype\Plugin Manager\skypePM.exe
D:\Tools\Firefox\firefox.exe
C:\Dokumente und Einstellungen\Johannes\Desktop\2snnkiie.exe
D:\Tools\KMPlayer\KMPlayer.exe
D:\Tools\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hadiko.de:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Tools\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Tools\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Tools\demon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "D:\Tools\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Tools\CS3\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Tools\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Tools\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [RemoteCenter] D:\Tools\creative\mediasource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Skype] "D:\Tools\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Tools\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [PureSync] D:\Tools\PureSync\PureSyncTray.exe
O4 - Startup: digsby.lnk = C:\Programme\Digsby\digsby.exe
O4 - Startup: Mozilla Thunderbird.lnk = D:\Tools\thunderbird\thunderbird.exe
O4 - Startup: Winamp.lnk = D:\Tools\Winamp\winamp.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Tools\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\Tools\Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Tools\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232805066265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239120510218
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFFBB08-B05D-48B6-BB5A-38306B2196A7}: NameServer = 172.20.32.1,172.20.32.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: UpdateCheck - {D7979772-C95B-4CED-A5B6-27137E68150E} - C:\WINDOWS\system32\mstmdm.dll (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Tools\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Tools\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Tools\Java\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9236 bytes

Unistall List von HJT:

Zitat

Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Creative Suite 3 Master Collection
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Avanquest update
Avira AntiVir Personal - Free Antivirus
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner (remove only)
CDDRV_Installer
Cisco Systems VPN Client 5.0.03.0560
Cole2k Media - Codec Pack (Advanced)
Creative MediaSource
Creative System Information
CrossLoop 2.44
DC++ 0.750
DieSims™3
Digsby
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
ElsterFormular 2008/2009
eMule
Google Desktop
HandyBits EasyCrypto Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
iTunes
Java(TM) 6 Update 15
KhalInstallWrapper
Logitech Registration
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
MozBackup 1.4.9
Mozilla Firefox (3.0.14)
Mozilla Thunderbird (2.0.0.19)
MP3Cover
Mp3tag v2.42
MSXML 6.0 Parser (KB925673)
MusicBrainz Picard 0.11
MyPhoneExplorer
Nero 7 Premium
NVIDIA Drivers
Oblivion
ODF Add-In für Microsoft Office
PDF Password Remover v3.0
PDF Passwort Knacker 1
PDF Settings
Picasa 3
PPTminimizer
PureSync
QuickTime
Realtek AC'97 Audio
Rockstar Games Social Club
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB973346)
Skype™ 4.0
Sony Ericsson Bluetooth Remote Control 4.01
Sony Ericsson PC Suite 4.010.00
Sound Blaster Live! 24-Bit External
Spybot - Search & Destroy
TeamSpeak 2 RC2
The KMPlayer (remove only)
Tibia
Trillian
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb971933)
Update für Windows Internet Explorer 8 (KB971180)
Update für Windows XP (KB898461)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Winamp
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (DEU)
WinRAR archiver
XML Paper Specification Shared Components Language Pack 1.0
XP Codec Pack
xp-AntiSpy 3.97

Anhang: mbam-log-2009-09-14 (19-30-34).txt

14.09.2009, 21:22

Swisstreasure

Moderator

Beiträge: 5694

#2 http://www.threatexpert.com/report.aspx?md5=e177463e7f839e21efd1da44aa83c44d

http://www.systemlookup.com/O21/481-SYSDIR_mstmdm_dll.html

Steht Dein Provider in Holland:
http://samspade.org/whois/172.20.32.1

TeaTimer deaktivieren:
Starte Spybot S&D --> klicke auf "Modus" --> hake an "Erweiterte Modus" --> mit "Ja" bestätigen --> klicke auf "Werkzeuge" -->
klicke auf "Resident" --> das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen) --> beende Spybot S&D.
(der TeaTimer be- bzw. verhindert alle weiteren Reinigungmaßnahmen!)

1.
Datei-Überprüfung

Lasse folgende Datei bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis:

Code

D:\Tools\PureSync\PureSyncTray.exe

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

2.
Einträge mit HijackThis fixen

Bitte alle Anwendungen inkl. Browser schließen und folgende Einträge mit HJT fixen(falls noch vorhanden):
Starte HijackThis (bei Vista mit Rechtsklick als Adminstrator) => Do a system scan only => mache vor folgenden Zeilen einen Haken klicke und dann "Fix checked":

Code

O21 - SSODL: UpdateCheck - {D7979772-C95B-4CED-A5B6-27137E68150E} - C:\WINDOWS\system32\mstmdm.dll (file missing)

Den Rechner neu starten.

3.
RSIT

wende bitte RSIT an + poste die zwei Logs
http://virus-protect.org/artikel/tools/random.html

Gruss Swiss

14.09.2009, 21:40

anynick

Member

Themenstarter

Beiträge: 13

#3 Hallo Swiss
vielen dank schonmal für die schnelle Hilfe

zu 1.)

Zitat

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.09.14 -
AhnLab-V3 5.0.0.2 2009.09.14 -
AntiVir 7.9.1.14 2009.09.14 -
Antiy-AVL 2.0.3.7 2009.09.14 -
Authentium 5.1.2.4 2009.09.14 -
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.14 -
CAT-QuickHeal 10.00 2009.09.14 -
ClamAV 0.94.1 2009.09.14 -
Comodo 2318 2009.09.14 -
DrWeb 5.0.0.12182 2009.09.14 -
eSafe 7.0.17.0 2009.09.14 -
eTrust-Vet 31.6.6736 2009.09.14 -
F-Prot 4.5.1.85 2009.09.14 -
F-Secure 8.0.14470.0 2009.09.13 -
Fortinet 3.120.0.0 2009.09.14 -
GData 19 2009.09.14 -
Ikarus T3.1.1.72.0 2009.09.14 -
Jiangmin 11.0.800 2009.09.14 -
K7AntiVirus 7.10.844 2009.09.14 -
Kaspersky 7.0.0.125 2009.09.14 -
McAfee 5741 2009.09.14 -
McAfee+Artemis 5741 2009.09.14 -
McAfee-GW-Edition 6.8.5 2009.09.14 -
Microsoft 1.5005 2009.09.14 -
NOD32 4425 2009.09.14 -
Norman 6.01.09 2009.09.14 -
nProtect 2009.1.8.0 2009.09.14 -
Panda 10.0.2.2 2009.09.14 -
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.14 -
Rising 21.47.04.00 2009.09.14 -
Sophos 4.45.0 2009.09.14 -
Sunbelt 3.2.1858.2 2009.09.14 -
Symantec 1.4.4.12 2009.09.14 -
TheHacker 6.3.4.4.403 2009.09.14 -
TrendMicro 8.950.0.1094 2009.09.14 -
VBA32 3.12.10.10 2009.09.13 -
ViRobot 2009.9.14.1934 2009.09.14 -
VirusBuster 4.6.5.0 2009.09.14 -
weitere Informationen
File size: 718496 bytes
MD5...: df1e4546df7e8976e9c497f25bc707f9
SHA1..: dce305eb8f2de489ecd779c8f7e55e2a8635f59e
SHA256: 432b5bf90e1b53878d086656730cd749d728747fee994b6aa8a2d78137d34587
ssdeep: 6144:OMshbcfnTe3hIWxGWiIB3L5t5aCou5YG0GdGGGocwQG1GGcGZGrGGsGpGGG
uGGGL:OMsooaWRPohBm7
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x127c
timedatestamp.....: 0x4a60c4c9 (Fri Jul 17 18:36:57 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ed3c 0x2f000 5.32 d532cc3e62aeb111234c60990e9d6ef2
.data 0x30000 0x4544 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x35000 0x7d086 0x7e000 3.88 bcaa1f50d12eac1c5c0ca2d85dc8c375

( 1 imports )
> MSVBVM60.DLL: -, MethCallEngine, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, EVENT_SINK_AddRef, -, -, DllFunctionCall, EVENT_SINK_Release, -, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
pdfid.: -

zu 2.)

log:

Zitat

Logfile of random's system information tool 1.06 (written by random/random)
Run by Johannes at 2009-09-14 21:40:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (24%) free of 20 GB
Total RAM: 1023 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:28, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Tools\Avira\AntiVir Desktop\sched.exe
D:\Tools\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
D:\Tools\Java\bin\jqs.exe
D:\Tools\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RunDll32.exe
D:\Tools\demon tools\daemon.exe
D:\Tools\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\svchost.exe
D:\Tools\CS3\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Tools\Java\bin\jusched.exe
D:\Tools\creative\mediasource\RemoteControl\RcMan.exe
D:\Tools\Skype\Phone\Skype.exe
D:\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Tools\PureSync\PureSyncTray.exe
D:\Tools\Logitech\SetPoint\SetPoint.exe
D:\Tools\thunderbird\thunderbird.exe
D:\Tools\creative\mediasource\RemoteControl\OSDMenu.EXE
C:\Programme\Digsby\lib\digsby-app.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Tools\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Dokumente und Einstellungen\Johannes\Desktop\RSIT.exe
D:\Tools\Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Tools\Skype\Plugin Manager\skypePM.exe
D:\Tools\Trend Micro\HijackThis\Johannes.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbox.digsby.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbox.digsby.com/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hadiko.de:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Tools\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Tools\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Tools\demon tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avgnt] "D:\Tools\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Tools\CS3\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Tools\Java\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Tools\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [RemoteCenter] D:\Tools\creative\mediasource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [Skype] "D:\Tools\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Tools\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [PureSync] D:\Tools\PureSync\PureSyncTray.exe
O4 - Startup: digsby.lnk = C:\Programme\Digsby\digsby.exe
O4 - Startup: Mozilla Thunderbird.lnk = D:\Tools\thunderbird\thunderbird.exe
O4 - Startup: Winamp.lnk = D:\Tools\Winamp\winamp.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Tools\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\Tools\Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Tools\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232805066265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239120510218
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AFFBB08-B05D-48B6-BB5A-38306B2196A7}: NameServer = 172.20.32.1,172.20.32.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Tools\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Tools\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Tools\Java\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9123 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Tools\Java\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Tools\Java\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SbUsb AudCtrl"=RunDll32 sbusbdll.dll,RCMonitor []
"DAEMON Tools"=D:\Tools\demon tools\daemon.exe [2005-12-10 133016]
"avgnt"=D:\Tools\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"Acrobat Assistant 8.0"=D:\Tools\CS3\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-05-26 413696]
"SunJavaUpdateSched"=D:\Tools\Java\bin\jusched.exe [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"=D:\Tools\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"=D:\Tools\creative\mediasource\RemoteControl\RcMan.exe [2004-06-25 147456]
"Skype"=D:\Tools\Skype\Phone\Skype.exe [2009-01-29 23975720]
"SpybotSD TeaTimer"=D:\Tools\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Update Service"=C:\PROGRA~1\GEMEIN~1\TEKNUM~1\update.exe [2009-06-15 19456]
"PureSync"=D:\Tools\PureSync\PureSyncTray.exe [2009-07-17 718496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
D:\Tools\creative\Surround Mixer\CTSysVol.exe [2003-09-17 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashMute]
C:\Programme\FlashMute\FlashMute.exe [2006-03-11 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-07 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Tools\itunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
D:\Tools\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
D:\Spiele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
D:\Tools\myphone\SE Suite\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-06-18 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
C:\WINDOWS\vVX1000.exe [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Tools\Winamp\winampa.exe [2009-04-10 37888]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - D:\Tools\Logitech\SetPoint\SetPoint.exe
VPN Client.lnk - C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico

C:\Dokumente und Einstellungen\Johannes\Startmenü\Programme\Autostart
digsby.lnk - C:\Programme\Digsby\digsby.exe
Mozilla Thunderbird.lnk - D:\Tools\thunderbird\thunderbird.exe
Winamp.lnk - D:\Tools\Winamp\winamp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-29 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Tools\Trillian\trillian.exe"="D:\Tools\Trillian\trillian.exe:*:Enabled:Trillian"
"D:\Tools\DC++\DCPlusPlus.exe"="D:\Tools\DC++\DCPlusPlus.exe:*:EnabledC++"
"D:\Tools\eMule\emule.exe"="D:\Tools\eMule\emule.exe:*:Enabled:eMule"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:EnablednkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:EnablednkBstrB"
"D:\Spiele\Cod4\iw3mp.exe"="D:\Spiele\Cod4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\Tools\Firefox\firefox.exe"="D:\Tools\Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Spiele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Spiele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Tools\MusicBrainz Picard\picard.exe"="D:\Tools\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger"
"C:\Programme\Digsby\lib\digsby-app.exe"="C:\Programme\Digsby\lib\digsby-app.exe:*:Enabledigsby IM"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Tools\itunes\iTunes.exe"="D:\Tools\itunes\iTunes.exe:*:Enabled:iTunes"
"D:\Tools\Microsoft LifeCam\LifeCam.exe"="D:\Tools\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"D:\Tools\Microsoft LifeCam\LifeExp.exe"="D:\Tools\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"D:\Tools\Skype\Phone\Skype.exe"="D:\Tools\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{319f4571-ea14-11dd-a0d5-806d6172696f}]
shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a5ac308-ec59-11dd-aba2-00110965f4ff}]
shell\AutoRun\command - J:\
shell\open\command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86f82c98-0715-11de-abf0-00059a3c7800}]
shell\AutoRun\command - L:\
shell\open\command - rundll32.exe .\desktop.dll,InstallM

======List of files/folders created in the last 1 months======

2009-09-14 21:40:14 ----D---- C:\rsit
2009-09-14 20:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-14 20:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-14 20:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-14 20:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-14 20:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-14 20:50:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-14 20:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-14 20:50:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-14 20:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-14 20:50:39 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-09-14 20:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-14 20:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-14 20:50:22 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-14 20:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-14 19:39:05 ----D---- D:\Tools\Trend Micro
2009-09-14 19:11:43 ----D---- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Malwarebytes
2009-09-14 19:11:37 ----D---- D:\Tools\Malwarebytes' Anti-Malware
2009-09-14 19:11:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-22 23:18:05 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-08-22 23:18:04 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-08-21 22:16:05 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-08-21 22:16:01 ----A---- C:\WINDOWS\VX1000.ini
2009-08-21 22:16:01 ----A---- C:\WINDOWS\VX1000.dll
2009-08-21 22:16:01 ----A---- C:\WINDOWS\vVX1000.exe
2009-08-21 22:16:01 ----A---- C:\WINDOWS\vVX1000.dll
2009-08-21 22:16:01 ----A---- C:\WINDOWS\system32\LCCoin14.dll
2009-08-21 22:16:01 ----A---- C:\WINDOWS\system32\cVX1000.dll
2009-08-21 22:14:26 ----D---- D:\Tools\Microsoft LifeCam

======List of files/folders modified in the last 1 months======

2009-09-14 21:40:08 ----D---- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Skype
2009-09-14 21:39:16 ----D---- D:\Tools\Firefox
2009-09-14 21:38:46 ----D---- D:\Tools\thunderbird
2009-09-14 21:38:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-14 21:38:19 ----D---- C:\WINDOWS\Temp
2009-09-14 21:10:50 ----SH---- C:\boot.ini
2009-09-14 21:10:50 ----A---- C:\WINDOWS\win.ini
2009-09-14 21:10:50 ----A---- C:\WINDOWS\system.ini
2009-09-14 21:09:59 ----D---- C:\WINDOWS
2009-09-14 21:09:25 ----D---- C:\WINDOWS\system32
2009-09-14 20:54:37 ----HD---- C:\WINDOWS\inf
2009-09-14 20:54:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-14 20:54:33 ----A---- C:\WINDOWS\imsins.BAK
2009-09-14 20:54:28 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-14 20:52:05 ----SHD---- C:\WINDOWS\Installer
2009-09-14 20:52:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-09-14 20:50:22 ----D---- C:\WINDOWS\system32\drivers
2009-09-14 19:32:44 ----D---- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\DC++
2009-09-13 16:17:25 ----D---- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\skypePM
2009-08-28 14:38:22 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-28 00:04:24 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-08-27 23:49:34 ----D---- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\U3
2009-08-27 19:43:12 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-21 22:23:15 ----D---- C:\WINDOWS\security
2009-08-21 22:17:37 ----SD---- C:\WINDOWS\Tasks
2009-08-21 22:16:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-21 22:16:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-08-21 22:16:11 ----D---- C:\WINDOWS\twain_32
2009-08-21 22:14:08 ----D---- D:\Tools\windows media player
2009-08-21 22:13:38 ----D---- C:\WINDOWS\system32\DirectX
2009-08-21 22:13:36 ----RSD---- C:\WINDOWS\assembly
2009-08-15 07:59:29 ----D---- C:\Dokumente und Einstellungen\Johannes\Anwendungsdaten\Digsby

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 avgio;avgio; \??\D:\Tools\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-29 3341824]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2004-04-26 130384]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2009-01-25 223128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2004-04-26 178736]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 sbusb;Sound Blaster USB Audio Driver; C:\WINDOWS\system32\DRIVERS\sbusb.sys [2004-07-27 1643648]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-09-26 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-09-26 79120]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NTACCESS;NTACCESS; \??\F:\NTACCESS.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 sermouse;Serieller Maustreiber; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-18 18176]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\F:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Tools\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Tools\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-29 585728]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2008-06-19 1528608]
R2 JavaQuickStarterService;Java Quick Starter; D:\Tools\Java\bin\jqs.exe [2009-07-25 153376]
R2 MSCamSvc;MSCamSvc; D:\Tools\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-02-03 66872]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-25 654848]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-07 30192]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info:

Zitat

info.txt logfile of random's system information tool 1.06 2009-09-14 21:40:30

======Uninstall list======

-->D:\Tools\creative\Program\Ctzapxx.EXE SBUSB.INI /U /S
-->D:\Tools\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1A6AAC11-0860-11D7-908C-00A0C98173F1}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{411E0CC3-587A-468C-B461-95FAFD05E4DE}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Avanquest update-->C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Avira AntiVir Personal - Free Antivirus-->D:\Tools\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Programme\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Programme\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Programme\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Programme\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Programme\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Programme\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"D:\Tools\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Cisco Systems VPN Client 5.0.03.0560-->MsiExec.exe /X{A7091E1D-36A4-47F1-A739-173CC341414F}
Cole2k Media - Codec Pack (Advanced)-->C:\WINDOWS\system32\C2MP\Uninst.exe
Creative MediaSource-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x7 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
CrossLoop 2.44-->"C:\Programme\CrossLoop\unins000.exe"
DC++ 0.750-->"D:\Tools\DC++\uninstall.exe"
DieSims™3-->"D:\Tools\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0007 -removeonly
Digsby-->C:\Programme\Digsby\uninstall.exe
DivX Codec-->D:\Tools\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Tools\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Tools\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->D:\Tools\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->D:\Tools\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly
eMule-->"D:\Tools\eMule\Uninstall.exe"
Google Desktop-->C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HandyBits EasyCrypto Deluxe-->"C:\Programme\Gemeinsame Dateien\Teknum Systems\tsUninst.exe" "D:\Tools\HandyBits\EasyCrypto\HandyBits EasyCrypto Deluxe.del"
HijackThis 2.0.2-->"D:\Tools\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"D:\Tools\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MozBackup 1.4.9-->D:\Tools\thunderbird\MozBackup\Uninstall.exe
Mozilla Firefox (3.0.14)-->D:\Tools\Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->D:\Tools\thunderbird\uninstall\helper.exe
MP3Cover-->"D:\Tools\MP3Cover\uninstall.exe"
Mp3tag v2.42-->D:\Tools\Mp3tag\Mp3tagUninstall.EXE
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MusicBrainz Picard 0.11-->D:\Tools\MusicBrainz Picard\uninst.exe
MyPhoneExplorer-->D:\Tools\myphone\MyPhoneExplorer\uninstall.exe
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Oblivion-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x7 -removeonly
ODF Add-In für Microsoft Office-->MsiExec.exe /I{99B58235-E533-44CD-A099-F1A4BC50A6F0}
PDF Password Remover v3.0-->"D:\Tools\PDF Password Remover v3.0\unins000.exe"
PDF Passwort Knacker 1-->C:\WINDOWS\cadkasdeinst01.exe "D:\Tools\PDF Passwort Knacker 1\"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 3-->"D:\Tools\Picasa3\Uninstall.exe"
PPTminimizer-->"D:\Tools\PPTminimizer\unins000.exe"
PureSync-->MsiExec.exe /I{393B0618-4ECC-41C7-A6C7-31113615AC81}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rockstar Games Social Club-->"C:\Programme\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson Bluetooth Remote Control 4.01-->D:\Tools\Sony Ericsson\Bluetooth Remote Control\Uninstall.exe
Sony Ericsson PC Suite 4.010.00-->C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0007 -removeonly
Sound Blaster Live! 24-Bit External-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5C0054EB-24A5-46A8-80E3-62AAA930DEFA}\SETUP.EXE" -l0x9
Spybot - Search & Destroy-->"D:\Tools\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->D:\Tools\TS2\unins000.exe
The KMPlayer (remove only)-->"D:\Tools\KMPlayer\uninstall.exe"
Tibia-->"D:\spielchen\Tibia\unins000.exe"
Trillian-->D:\Tools\Trillian\trillian.exe /uninstall
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
Update für Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Winamp-->"D:\Tools\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"D:\Tools\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XP Codec Pack-->D:\Tools\XP Codec Pack\Uninstall.exe
xp-AntiSpy 3.97-->D:\Tools\xp-AntiSpy\Uninstall.exe

=====HijackThis Backups=====

O21 - SSODL: UpdateCheck - {D7979772-C95B-4CED-A5B6-27137E68150E} - C:\WINDOWS\system32\mstmdm.dll (file missing) [2009-09-14]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: F108
Event Code: 7036
Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt".

Record Number: 15243
Source Name: Service Control Manager
Time Written: 20090803083955.000000+120
Event Type: Informationen
User:

Computer Name: F108
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.

Record Number: 15242
Source Name: Service Control Manager
Time Written: 20090803083955.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: F108
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 15241
Source Name: Service Control Manager
Time Written: 20090803083955.000000+120
Event Type: Informationen
User:

Computer Name: F108
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.

Record Number: 15240
Source Name: Service Control Manager
Time Written: 20090803083955.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: F108
Event Code: 7036
Message: Dienst "Terminaldienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 15239
Source Name: Service Control Manager
Time Written: 20090803083955.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: F108
Event Code: 1
Message:
Record Number: 1890
Source Name: Bonjour Service
Time Written: 20090505155446.000000+120
Event Type: Informationen
User:

Computer Name: F108
Event Code: 105
Message: The service was started.

Record Number: 1889
Source Name: Creative Service for CDROM Access
Time Written: 20090505155443.000000+120
Event Type: Informationen
User:

Computer Name: F108
Event Code: 105
Message: The service was started.

Record Number: 1888
Source Name: ATI Smart
Time Written: 20090505155439.000000+120
Event Type: Informationen
User:

Computer Name: F108
Event Code: 868
Message: Der Zugriff auf "D:\Tools\Avira\AntiVir Desktop\avnotify.exe" wurde vom Administrator durch die Richtlinienregel "{eca2df2f-aa1f-46e7-b4fb-3ddff5df46c0}" eingeschränkt.

Record Number: 1887
Source Name: Software Restriction Policies
Time Written: 20090505123814.000000+120
Event Type: Warnung
User:

Computer Name: F108
Event Code: 1002
Message: Die Shell wurde unerwartet beendet und Explorer.exe wurde neu gestartet.

Record Number: 1886
Source Name: Winlogon
Time Written: 20090505120731.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=D:\Spiele\GTA IV\Rockstar Games Social Club
"RGSC"=D:\Spiele\GTA IV\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;D:\Tools\Java\lib\ext\QTJava.zip
"QTJAVA"=D:\Tools\Java\lib\ext\QTJava.zip

-----------------EOF-----------------

14.09.2009, 21:52

Swisstreasure

Moderator

Beiträge: 5694

#4 Das bitte noch:

Zitat

Steht Dein Provider in Holland:
http://samspade.org/whois/172.20.32.1

TeaTimer deaktivieren:
Starte Spybot S&D --> klicke auf "Modus" --> hake an "Erweiterte Modus" --> mit "Ja" bestätigen --> klicke auf "Werkzeuge" -->
klicke auf "Resident" --> das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen) --> beende Spybot S&D.
(der TeaTimer be- bzw. verhindert alle weiteren Reinigungmaßnahmen!)

Gruss Swiss

14.09.2009, 22:04

anynick

Member

Themenstarter

Beiträge: 13

#5 Und ich bezweifle, dass mein Provider in Holland steht, ich bin übers Uni-Netz in Karlsruhe mit dem Inet verbunden.

hier trotzdem noch der Log:

Zitat

(Asked whois.ripe.net:43 about 172.20.32.1)

inetnum: 172.16.0.0 - 172.31.255.255
netname: IANA-BBLK-RESERVED1
descr: Class B address space for private internets
descr: See http://www.ripe.net/db/rfc1918.html for details
country: EU Country is really world wide
org: ORG-IANA1-RIPE
admin-c: RFC1918-RIPE
tech-c: RFC1918-RIPE
status: ALLOCATED UNSPECIFIED
remarks: Country is really worldwide
remarks: This network should never be routed outside an enterprise
remarks: See RFC1918 for further information
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
source: RIPE Filtered
organisation: ORG-IANA1-RIPE
org-name: Internet Assigned Numbers Authority
org-type: IANA
address: see http://www.iana.org
remarks: The IANA allocates IP addresses and AS number blocks to RIRs
remarks: see http://www.iana.org/ipaddress/ip-addresses.htm
remarks: and http://www.iana.org/assignments/as-numbers
e-mail: bitbucket@ripe.net

admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE Filtered
role: RFC1918 Role
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
e-mail: rfc1918@ripe.net

remarks: trouble: See http://www.ripe.net/db/rfc1918.html
admin-c: RFC1918-RIPE
tech-c: RFC1918-RIPE
nic-hdl: RFC1918-RIPE
mnt-by: RFC1918-MNT
source: RIPE Filtered

14.09.2009, 22:08

Swisstreasure

Moderator

Beiträge: 5694

#6 >>
Lade Dir Fixwareout -> next --> Install --> Run fixit --> Finish / der PC wird neustarten
poste: C:\fixwareout\report.txt

>>
Zudem mach noch ein Onlinescan mit Bitdefender und poste das Log:
http://virus-protect.org/artikel/tools/bitdefender.html

Gruss Swiss

14.09.2009, 22:23

anynick

Member

Themenstarter

Beiträge: 13

#7 Fixwareout log:

Zitat

Username "Johannes" - 14.09.2009 22:12:55 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Der DNS-Auflösungscache wurde geleert.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SbUsb AudCtrl"="RunDll32 sbusbdll.dll,RCMonitor"
"DAEMON Tools"="\"D:\\Tools\\demon tools\\daemon.exe\" -lang 1033"
"avgnt"="\"D:\\Tools\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Acrobat Assistant 8.0"="\"D:\\Tools\\CS3\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\QTTask.exe\" -atboottime"
"SunJavaUpdateSched"="\"D:\\Tools\\Java\\bin\\jusched.exe\""
"Malwarebytes Anti-Malware (reboot)"="\"D:\\Tools\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="D:\\Tools\\creative\\mediasource\\RemoteControl\\RcMan.exe"
"Skype"="\"D:\\Tools\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Update Service"="C:\\PROGRA~1\\GEMEIN~1\\TEKNUM~1\\update.exe /startup"
"PureSync"="D:\\Tools\\PureSync\\PureSyncTray.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

und bit defender will irgendwie nicht so ganz, ich weiß auch nicht was ich damit alles scannen soll.

14.09.2009, 22:47

Swisstreasure

Moderator

Beiträge: 5694

#8 Was heisst nicht so ganz? Dann versuche es mit FSecure:

F-secure/Onlinescan
http://www.f-secure.com/de_DE/security/security-lab/tools-and-services/online-scanner/

1. Lies die Anleitung und Hacken setzen bei: Ich habe die Lizenzbestimmungen..
2. Klicke Installieren
3. Du wirst aufgefordert , ein ActiveX-Control zu installieren
4. Installiere diese ActiveX-Komponente
5. Klicke "Full System Scan"
6. klicke "Show report" - kopiere den Scanreport hier ins Forum

Hast du die Windows Eigene Firewall aktiviert?

Gruss Swiss

14.09.2009, 22:57

anynick

Member

Themenstarter

Beiträge: 13

#9 nicht so ganz heißt, dass er sagt der Scan kann nicht gestartet werden.
die windows firewall hab ich nicht an. man kennt ja die Gerüchte
http://obligement.free.fr/images/windows_firewall.jpg

ich werde den Scan morgen durchführen, ich hoffe dass du dann noch verfügbar bist. Heute abend schreckt mich die Ansage, dass der Scann mehrere Stunden dauern kann ein wenig ab muss ich sagen.

Vielen dank nochmal,
bis morgen
Beste Grüße
Johannes

14.09.2009, 23:03

Swisstreasure

Moderator

Beiträge: 5694

#10 Aber keine Firewall ist auch nicht gut. Du hast ja nur die Free Version von Avira?

Lass den Scanner am besten über Nacht laufen

Bis morgen. Gute Nacht.

Gruss Swiss

14.09.2009, 23:57

Swisstreasure

Moderator

Beiträge: 5694

#11 Immunisiere noch mit Spybot S&D, da die Host zurückgesetzt wurde durch Fixwareout

Gruss Swiss

15.09.2009, 09:08

anynick

Member

Themenstarter

Beiträge: 13

#12 Weil ich gerade dabei war hab ich den Scann von Spybot auch noch durchlaufen lassen, er hat einen Trojaner gefunden:
Win32.Agent.sxi: [SBI $F9773D3C] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\StrtdCfg
ich hab ihn mal noch nicht entfernt.
F-Secure läuft noch, ich werd wahrscheinlich aber erst heute abend dazu kommen das ergebnis zu posten.
Nach wie vor vielen dank und könntest du mir vielleicht sagen ob du einfach nur im trüben Wasser stocherst, oder ob die ganzen Scanns einem bestimmten Muster folgen?
Grüße
Johannes

15.09.2009, 09:17

anynick

Member

Themenstarter

Beiträge: 13

#13 Oh, dass ging doch schneller als erwartet.
Er sagt mir allerdings, dass er den Scann bericht nicht anzeigen kann.
Der einzige Fund war aber das Tracking Cookie Atwola
mehr konnte ich leider auch nach mehrmaligem versuchen nicht rausfinden

15.09.2009, 18:09

Swisstreasure

Moderator

Beiträge: 5694

#14 >>
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html

Gruss Swiss

15.09.2009, 20:16

anynick

Member

Themenstarter

Beiträge: 13

#15

Zitat

ComboFix 09-09-14.02 - Johannes 15.09.2009 18:53.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.305 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Johannes\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\system32\Data
H:\Autorun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2009-08-15 bis 2009-09-15 ))))))))))))))))))))))))))))))
.

2009-09-14 20:55 . 2009-09-14 20:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\F-Secure
2009-09-14 20:20 . 2009-09-14 20:29 -------- d-----w- c:\windows\BDOSCAN8
2009-09-14 20:12 . 2009-09-14 20:16 -------- d-----w- C:\fixwareout
2009-09-14 19:40 . 2009-09-14 19:40 -------- d-----w- C:\rsit
2009-09-14 18:50 . 2008-04-14 05:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-14 17:39 . 2009-09-14 17:39 -------- d-----w- d:\tools\Trend Micro
2009-09-14 17:11 . 2009-09-14 17:11 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Malwarebytes
2009-09-14 17:11 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 17:11 . 2009-09-14 17:11 -------- d-----w- d:\tools\Malwarebytes' Anti-Malware
2009-09-14 17:11 . 2009-09-14 17:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-14 17:11 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-22 21:18 . 2001-08-18 02:54 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-22 21:18 . 2008-04-14 05:52 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-22 21:18 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-22 21:18 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-21 20:14 . 2009-08-21 20:15 -------- d-----w- d:\tools\Microsoft LifeCam

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 17:00 . 2009-01-24 14:08 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Skype
2009-09-15 16:49 . 2009-06-11 22:12 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-09-15 14:06 . 2009-01-24 13:53 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\skypePM
2009-09-15 06:38 . 2009-02-03 21:47 -------- d-----w- d:\tools\thunderbird
2009-09-15 06:35 . 2009-01-24 13:21 -------- d-----w- d:\tools\Firefox
2009-09-14 18:52 . 2009-01-25 11:24 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-09-14 17:32 . 2009-06-15 09:17 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\DC++
2009-08-27 22:04 . 2009-02-03 22:13 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-08-27 21:49 . 2009-07-30 16:05 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\U3
2009-08-15 05:59 . 2009-03-02 10:33 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Digsby
2009-08-14 17:11 . 2009-08-14 17:11 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\DivX
2009-08-10 18:35 . 2009-08-10 18:35 -------- d-----w- d:\tools\DivX
2009-08-10 18:35 . 2009-08-10 18:35 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared
2009-08-10 18:34 . 2009-08-10 18:34 -------- d-----w- d:\tools\divx player
2009-08-06 06:43 . 2009-03-17 21:38 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 08:59 . 2008-04-14 05:52 206336 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 22:36 . 2009-03-13 16:06 -------- d-----w- d:\tools\Java
2009-07-31 22:47 . 2009-01-25 01:11 -------- d-----w- d:\tools\KMPlayer
2009-07-30 16:35 . 2009-07-30 16:29 -------- d-----w- d:\tools\PureSync
2009-07-30 16:29 . 2009-07-30 16:29 -------- d-----w- c:\programme\Gemeinsame Dateien\Jumping Bytes
2009-07-30 16:29 . 2009-07-30 16:29 -------- d-----w- c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Jumping Bytes
2009-07-25 03:23 . 2009-03-13 16:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-14 05:52 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2008-04-14 05:52 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:55 . 2008-04-14 05:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2008-04-14 05:52 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-04-14 05:52 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-04-14 05:52 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-04-14 05:52 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2008-04-14 05:52 737792 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2008-04-14 05:52 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-04-13 22:01 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

------- Sigcheck -------

[-] 2009-01-24 . FDDBC7126480FEDFE673388852EF67FE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="d:\tools\creative\mediasource\RemoteControl\RcMan.exe" [2004-06-25 147456]
"Skype"="d:\tools\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"Update Service"="c:\progra~1\GEMEIN~1\TEKNUM~1\update.exe" [2009-06-15 19456]
"PureSync"="d:\tools\PureSync\PureSyncTray.exe" [2009-07-17 718496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="d:\tools\demon tools\daemon.exe" [2005-12-10 133016]
"avgnt"="d:\tools\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Acrobat Assistant 8.0"="d:\tools\CS3\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="d:\tools\Java\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="d:\tools\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2005-05-26 128000]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

c:\dokumente und einstellungen\Johannes\Startmen\Programme\Autostart\
digsby.lnk - c:\programme\Digsby\digsby.exe [2008-10-11 137728]
Mozilla Thunderbird.lnk - d:\tools\thunderbird\thunderbird.exe [2009-2-3 8504936]
Winamp.lnk - d:\tools\Winamp\winamp.exe [2009-4-10 1435488]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - d:\tools\Logitech\SetPoint\SetPoint.exe [2009-4-4 692224]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-2-17 6144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\tools\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Tools\\Trillian\\trillian.exe"=
"d:\\Tools\\DC++\\DCPlusPlus.exe"=
"d:\\Tools\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Spiele\\Cod4\\iw3mp.exe"=
"d:\\Tools\\Firefox\\firefox.exe"=
"d:\\Tools\\MusicBrainz Picard\\picard.exe"=
"c:\\Programme\\Digsby\\lib\\digsby-app.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Tools\\itunes\\iTunes.exe"=
"d:\\Tools\\Microsoft LifeCam\\LifeCam.exe"=
"d:\\Tools\\Microsoft LifeCam\\LifeExp.exe"=
"d:\\Tools\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\tools\Avira\AntiVir Desktop\sched.exe [17.03.2009 23:38 108289]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [26.01.2009 00:03 1643648]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [07.02.2009 17:56 30192]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [04.02.2009 00:17 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [04.02.2009 00:17 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [04.02.2009 00:17 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [04.02.2009 00:17 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [04.02.2009 00:17 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [04.02.2009 00:17 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [04.02.2009 00:17 115752]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-21 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- d:\tools\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

2009-08-21 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-08-21 21:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.hadiko.de:3128
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - d:\tools\Office\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - d:\tools\CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {3AFFBB08-B05D-48B6-BB5A-38306B2196A7} = 172.20.32.1,172.20.32.11
FF - ProfilePath - c:\dokumente und einstellungen\Johannes\Anwendungsdaten\Mozilla\Firefox\Profiles\ow96k73d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://searchbox.digsby.com/search?sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - proxy.rz.uni-karlsruhe.de
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - proxy.rz.uni-karlsruhe.de
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - proxy.rz.uni-karlsruhe.de
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - proxy.rz.uni-karlsruhe.de
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - proxy.rz.uni-karlsruhe.de
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - component: d:\tools\Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: c:\programme\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: c:\programme\Windows Media Player\npdrmv2.dll
FF - plugin: c:\programme\Windows Media Player\npdsplay.dll
FF - plugin: c:\programme\Windows Media Player\npwmsdrm.dll
FF - plugin: d:\tools\CS3\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF - plugin: d:\tools\Java\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\tools\Java\bin\new_plugin\npjp2.dll
FF - plugin: d:\tools\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-HijackThis - d:\tools\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 18:59
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-602162358-2052111302-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,ec,db,74,0d,d5,e6,42,b7,1d,8c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,1e,a4,ce,f8,dd,f3,4b,b1,70,17,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,ec,db,74,0d,d5,e6,42,b7,1d,8c,\

[HKEY_USERS\S-1-5-21-602162358-2052111302-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:d0,6b,95,a1,1e,48,28,af,18,f6,ee,02,0d,73,f2,50,e7,3d,3e,28,f7,
4b,6c,fc,a2,22,a9,10,0e,fa,16,75,3a,16,36,5e,c4,f3,82,6c,4e,88,43,b4,37,b4,\
"rkeysecu"=hex:83,50,6a,48,1f,75,4f,dd,cc,65,dc,62,fe,d2,c9,3b
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1472)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(772)
d:\tools\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
d:\tools\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
d:\tools\Java\bin\jqs.exe
d:\tools\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
d:\tools\creative\mediasource\RemoteControl\OSDMenu.exe
c:\programme\Digsby\lib\digsby-app.exe
c:\programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe
d:\tools\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-09-15 19:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-09-15 17:03

Vor Suchlauf: 4.994.482.176 Bytes frei
Nach Suchlauf: 5.059.842.048 Bytes frei

257 --- E O F --- 2009-01-25 22:38

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2