Unbekanntes Problem, nach behebung von "XP antispyware 2009"

Gismoh · 23.10.2008, 13:50

hier die avenger log file:

Code:

ATTFilter

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\TDSSktkl.dll" deleted successfully.
File "C:\WINDOWS\system32\TDSSlajf.dll" deleted successfully.
File "C:\WINDOWS\system32\TDSSurxb.dll" deleted successfully.
File "C:\WINDOWS\system32\TDSSxehj.dll" deleted successfully.
File "C:\WINDOWS\system32\TDSSweat.dat" deleted successfully.
File "C:\WINDOWS\system32\uhaj._dl" deleted successfully.
File "C:\WINDOWS\kiporizuj.com" deleted successfully.
File "C:\WINDOWS\umes.dl" deleted successfully.
File "C:\WINDOWS\system32\lyximiga.dl" deleted successfully.
File "C:\WINDOWS\yjawawatu.ban" deleted successfully.
File "C:\Dokumente und Einstellungen\*\Anwendungsdaten\isikaje.vbs" deleted successfully.
File "C:\WINDOWS\dezazy.inf" deleted successfully.
File "C:\DOKUME~1\ALLUSE~1\ANWEND~1\ipuzesev.bin" deleted successfully.
File "C:\Dokumente und Einstellungen\*\Anwendungsdaten\equgam.scr" deleted successfully.
File "C:\Dokumente und Einstellungen\*\Anwendungsdaten\atejogih.bat" deleted successfully.
File "C:\WINDOWS\rylyle.pif" deleted successfully.
File "C:\WINDOWS\ygodavec.bin" deleted successfully.
File "C:\WINDOWS\system32\UnPoker.exe" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

okay hier die Log.txt von dem "RSIT"

Code:

ATTFilter

Logfile of random's system information tool 1.04 (written by random/random)
Run by * at 2008-10-23 14:33:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 42 GB (28%) free of 153 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:37, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Fighters\configservice.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Fighters\licenseservice.exe
C:\Programme\Fighters\updateservice.exe
C:\Programme\Fighters\ScannerService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\*\Desktop\RSIT.exe
C:\Programme\trend micro\irina kremer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Poker\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://www.pixaco.de/static/download/pixacodndupload.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PTK License-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\configservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6326 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"=C:\Programme\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe [2007-04-04 165784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

C:\Dokumente und Einstellungen\*\Startmenü\Programme\Autostart
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSpcuu.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSpcuu.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

Gismoh · 23.10.2008, 13:52

Code:

ATTFilter

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:Programm zur Dateiübertragung"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Programme\uTorrent\utorrent.exe"="C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Java\jre1.5.0_11\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_11\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 3 months======

2008-10-23 14:33:25 ----D---- C:\rsit
2008-10-23 14:33:25 ----D---- C:\Programme\trend micro
2008-10-23 14:29:29 ----D---- C:\Avenger
2008-10-23 14:29:29 ----A---- C:\avenger.txt
2008-10-22 11:57:46 ----SHD---- C:\RECYCLER
2008-10-22 11:55:38 ----D---- C:\WINDOWS\temp
2008-10-22 11:55:32 ----A---- C:\ComboFix.txt
2008-10-22 11:35:19 ----A---- C:\WINDOWS\zip.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\VFIND.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\SWSC.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\SWREG.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\sed.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\grep.exe
2008-10-22 11:35:19 ----A---- C:\WINDOWS\fdsv.exe
2008-10-22 11:35:07 ----D---- C:\WINDOWS\ERDNT
2008-10-22 11:35:07 ----D---- C:\Qoobox
2008-10-21 10:35:58 ----D---- C:\Programme\Avira GmbH
2008-10-20 21:41:21 ----D---- C:\Programme\Fighters
2008-10-20 21:41:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
2008-10-20 21:40:37 ----A---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\install.txt
2008-10-16 12:39:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 12:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 12:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 12:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 12:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 04:43:08 ----D---- C:\cb71059c8e29f89c011119c6
2008-10-11 14:17:12 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-10-11 14:01:49 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-10-11 14:01:49 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-10-11 14:01:48 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-10-11 14:01:48 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-10-11 14:01:47 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-10-11 14:01:47 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-10-11 14:01:47 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-10-11 14:01:46 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-10-11 14:01:45 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-10-11 14:01:45 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-10-11 14:01:44 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-10-11 14:01:44 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-10-11 14:01:43 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-10-11 14:01:43 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-11 14:01:42 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-10-11 14:01:41 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-10-11 14:01:40 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-10-11 14:01:40 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-10-11 14:01:39 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-10-11 14:01:39 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-10-11 14:01:37 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-11 14:01:36 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-10-11 14:01:36 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-10-11 14:01:35 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-10-11 14:01:35 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-11 14:01:32 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-11 14:01:24 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-10-11 14:01:18 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-10-11 14:01:18 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-11 14:01:13 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-10-11 14:00:31 ----D---- C:\WINDOWS\Logs
2008-10-11 13:59:21 ----D---- C:\WINDOWS\system32\AGEIA
2008-10-11 13:59:19 ----D---- C:\Programme\AGEIA Technologies
2008-09-29 16:43:38 ----D---- C:\Programme\Poker Heaven
2008-09-24 02:34:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueMoneyGames
2008-09-24 01:07:27 ----D---- C:\Programme\TrueMoneyGames
2008-09-16 23:48:09 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Opera
2008-09-16 23:47:46 ----D---- C:\Programme\Opera
2008-09-13 03:14:25 ----D---- C:\Programme\DS
2008-09-13 02:56:00 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2008-09-13 02:52:00 ----D---- C:\WINDOWS\system32\XPSViewer
2008-09-13 02:51:52 ----D---- C:\WINDOWS\system32\en-us
2008-09-13 02:51:51 ----D---- C:\Programme\Reference Assemblies
2008-09-13 02:50:54 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-09-10 15:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 15:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-14 07:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 07:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 07:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 07:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 07:33:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 07:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 07:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-06 09:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-05 10:26:57 ----D---- C:\WINDOWS\Prefetch
2008-08-05 10:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-05 10:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-05 10:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-05 10:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-05 10:23:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-05 10:19:38 ----D---- C:\WINDOWS\l2schemas
2008-08-05 10:19:37 ----D---- C:\WINDOWS\system32\de
2008-08-05 10:19:37 ----D---- C:\WINDOWS\system32\bits
2008-08-05 10:05:35 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-04 23:43:59 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-04 23:43:54 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-04 23:43:49 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-04 23:43:48 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-04 23:43:35 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-04 23:43:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-04 23:43:18 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-04 23:43:11 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-04 23:43:08 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-04 23:43:07 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-04 23:43:06 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-04 23:43:06 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-04 23:43:06 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-04 23:43:02 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-04 23:42:57 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-04 23:42:43 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-04 23:42:43 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-04 23:42:42 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-04 23:42:40 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-04 23:42:40 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-04 23:42:37 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-04 23:42:37 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-04 23:42:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-04 23:42:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-04 23:42:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-04 23:42:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-04 23:42:04 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-04 23:42:04 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-04 23:42:03 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-04 23:42:03 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-04 23:42:03 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-04 23:42:03 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-04 23:41:48 ----A---- C:\WINDOWS\003143_.tmp
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-04 23:41:46 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-04 23:41:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-04 23:41:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-04 23:41:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-04 23:41:44 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-04 23:41:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-04 23:41:44 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-04 23:41:44 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-04 23:41:43 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-04 23:41:43 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-04 23:41:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-04 23:41:37 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-04 23:41:34 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-04 23:41:33 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-04 23:41:26 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-02 17:50:17 ----D---- C:\Programme\B2BPOKER
2008-08-01 15:43:20 ----D---- C:\Programme\Poker

======List of files/folders modified in the last 3 months======

2008-10-23 14:33:25 ----RD---- C:\Programme
2008-10-23 14:33:24 ----D---- C:\Programme\PeerGuardian2
2008-10-23 14:31:11 ----D---- C:\Programme\Mozilla Firefox
2008-10-23 14:29:30 ----D---- C:\WINDOWS\system32
2008-10-23 14:29:30 ----D---- C:\WINDOWS
2008-10-23 14:29:29 ----D---- C:\WINDOWS\system32\drivers
2008-10-23 14:28:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-23 13:46:03 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\uTorrent
2008-10-23 03:38:06 ----D---- C:\Programme\Betsson Poker
2008-10-22 20:31:43 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\teamspeak2
2008-10-22 20:18:58 ----D---- C:\Programme\PokerRoom.com
2008-10-22 13:30:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-22 13:27:58 ----D---- C:\Programme\AntiVir PersonalEdition Classic
2008-10-22 13:27:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-10-22 11:48:36 ----A---- C:\WINDOWS\system.ini
2008-10-22 11:46:48 ----D---- C:\WINDOWS\system32\config
2008-10-22 11:44:07 ----D---- C:\Programme\Gemeinsame Dateien
2008-10-22 11:44:06 ----D---- C:\WINDOWS\AppPatch
2008-10-22 11:32:42 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Skype
2008-10-22 01:39:15 ----HD---- C:\Programme\InstallShield Installation Information
2008-10-21 23:50:26 ----D---- C:\spiele
2008-10-21 23:47:47 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Lavasoft
2008-10-21 23:46:46 ----D---- C:\Programme\Spybot - Search & Destroy
2008-10-21 23:46:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-10-21 10:36:50 ----SHD---- C:\WINDOWS\Installer
2008-10-20 21:42:38 ----D---- C:\Config.Msi
2008-10-20 21:42:08 ----HD---- C:\WINDOWS\inf
2008-10-20 14:44:56 ----D---- C:\WINDOWS\Debug
2008-10-18 20:50:17 ----D---- C:\WINDOWS\system32\DirectX
2008-10-18 19:17:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 12:39:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-10-16 12:39:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 12:38:44 ----D---- C:\Programme\Internet Explorer
2008-10-16 12:38:31 ----D---- C:\WINDOWS\ie7updates
2008-10-11 14:01:07 ----RSD---- C:\WINDOWS\assembly
2008-10-11 14:00:58 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-11 13:59:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-11 13:58:38 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-10-07 21:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 18:58:14 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-03 00:01:44 ----D---- C:\Programme\PartyGaming
2008-10-02 00:22:31 ----D---- C:\Programme\TuneUp Utilities 2007
2008-09-25 17:57:44 ----D---- C:\Poker
2008-09-23 21:07:30 ----D---- C:\Temp
2008-09-23 00:38:53 ----D---- C:\Programme\ICQ6
2008-09-13 09:01:12 ----D---- C:\WINDOWS\Registration
2008-09-13 09:00:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-13 03:14:25 ----SD---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Microsoft
2008-09-13 03:13:00 ----D---- C:\WINDOWS\system32\URTTemp
2008-09-13 02:55:44 ----D---- C:\WINDOWS\system32\de-de
2008-09-13 02:54:54 ----D---- C:\WINDOWS\system32\mui
2008-09-13 02:53:50 ----D---- C:\WINDOWS\WinSxS
2008-09-13 02:52:09 ----D---- C:\Programme\MSBuild
2008-09-13 02:52:07 ----RSD---- C:\WINDOWS\Fonts
2008-09-13 02:51:08 ----D---- C:\WINDOWS\system32\spool
2008-09-07 16:58:46 ----A---- C:\WINDOWS\Iedit.INI
2008-08-27 10:57:22 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-27 05:02:00 ----D---- C:\WINDOWS\Help
2008-08-26 09:57:22 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 09:57:22 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 09:57:22 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 09:57:21 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 09:57:21 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 09:57:21 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 09:57:21 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 09:57:21 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 09:57:21 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 09:57:19 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 09:57:19 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 09:57:18 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 09:57:18 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 09:57:18 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 09:57:15 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 09:57:15 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 09:57:15 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 09:57:15 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 09:57:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 09:57:15 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 09:57:15 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 09:57:15 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 09:57:14 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 10:38:00 ----N---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 10:37:31 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 07:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-08-17 18:11:43 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-14 15:19:48 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 15:19:48 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 07:36:32 ----D---- C:\Programme\Messenger
2008-08-05 14:27:40 ----D---- C:\Programme\MSN Messenger
2008-08-05 10:26:34 ----D---- C:\WINDOWS\system32\Setup
2008-08-05 10:26:33 ----D---- C:\WINDOWS\system32\wbem
2008-08-05 10:25:41 ----D---- C:\WINDOWS\security
2008-08-05 10:24:07 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-05 10:19:59 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-05 10:19:57 ----D---- C:\WINDOWS\network diagnostic
2008-08-05 10:19:57 ----D---- C:\WINDOWS\ime
2008-08-05 10:19:39 ----D---- C:\WINDOWS\system32\usmt
2008-08-05 10:19:37 ----D---- C:\WINDOWS\PeerNet
2008-08-05 10:19:37 ----D---- C:\Programme\Movie Maker
2008-08-05 10:15:44 ----D---- C:\WINDOWS\system32\Restore
2008-08-05 10:15:44 ----D---- C:\WINDOWS\system32\npp
2008-08-05 10:15:41 ----D---- C:\WINDOWS\msagent
2008-08-05 10:15:39 ----D---- C:\WINDOWS\srchasst
2008-08-05 10:15:37 ----D---- C:\Programme\NetMeeting
2008-08-05 10:15:34 ----D---- C:\WINDOWS\system32\Com
2008-08-05 10:15:30 ----D---- C:\Programme\Windows NT
2008-08-05 10:15:30 ----D---- C:\Programme\Windows Media Player
2008-08-05 10:15:30 ----D---- C:\Programme\Outlook Express
2008-08-05 10:15:26 ----D---- C:\Programme\Gemeinsame Dateien\System
2008-08-05 10:14:59 ----D---- C:\WINDOWS\system32\oobe
2008-08-05 10:14:53 ----D---- C:\WINDOWS\system
2008-08-05 10:09:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-05 10:05:33 ----D---- C:\WINDOWS\EHome
2008-07-25 02:45:45 ----A---- C:\WINDOWS\win.ini
2008-07-25 02:42:52 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-22 75072]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-10-22 21248]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pgfilter;pgfilter; \??\C:\Programme\PeerGuardian2\pgfilter.sys []
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-03 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Vfscan;Vfscan; C:\WINDOWS\system32\DRIVERS\vffilter.sys [2008-09-26 15496]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2003-08-10 256568]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 a40xqvlp;a40xqvlp; C:\WINDOWS\system32\drivers\a40xqvlp.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mbr;mbr; \??\C:\DOKUME~1\IRINAK~1\LOKALE~1\Temp\mbr.sys []
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

Gismoh · 23.10.2008, 13:54

Code:

ATTFilter

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-07-18 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-08-16 149761]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PTK License-FIGHTERS-18668899;PTK License-FIGHTERS-18668899; C:\Programme\Fighters\licenseservice.exe [2008-09-26 283272]
R2 PTK Live Update-FIGHTERS-18668899;PTK Live Update-FIGHTERS-18668899; C:\Programme\Fighters\updateservice.exe [2008-09-26 307848]
R2 PTK Scanner-FIGHTERS-18668899;PTK Scanner-FIGHTERS-18668899; C:\Programme\Fighters\ScannerService.exe [2008-09-26 311944]
R2 PTK SharedAccess-FIGHTERS-18668899;PTK SharedAccess-FIGHTERS-18668899; C:\Programme\Fighters\configservice.exe [2008-09-26 139912]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

und hier die Info.txt

Code:

ATTFilter

info.txt logfile of random's system information tool 1.04 2008-10-23 14:33:43

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Programme\uTorrent\uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ashampoo Movie Shrink & Burn 2-->"C:\Programme\Ashampoo\Ashampoo Movie Shrink & Burn 2\Uninstall\MSB2_Uninstall.EXE"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Avira RootKit Detection-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}\setup.exe" -l0x9 
Betsson (remove only)-->"C:\Programme\Poker\Betsson\uninstall.exe"
Betsson Poker (remove only)-->"C:\Programme\Betsson Poker\uninst.exe"
Bodog Poker Version 2.16.1.52-->"C:\Poker\Bodog Poker\unins000.exe"
Chilipoker-->"C:\Poker\Chillipoker\Chilipoker\_SetupPoker.exe" /uninstall
Die Siedler - Aufbruch der Kulturen-->"C:\spiele\Siedler\Die Siedler - Aufbruch der Kulturen\uninstall.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSKoord-->MsiExec.exe /I{17CBF7CC-7442-48D7-9A82-30C1DC2E8A29}
DSRechner-->MsiExec.exe /I{45B4FF51-D048-46A1-AE2C-3786F2221F47}
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6-->C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
IE7Pro-->"C:\Programme\IE7Pro\unins000.exe"
IsoBuster 2.4-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
MANSION Poker (remove only)-->"C:\Programme\MansionPoker\uninstall.exe"
McDonald's Fairies-->C:\Programme\McDonaldsFairies\uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.17)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo-->MsiExec.exe /I{D3492D9E-7FBB-1DF6-F759-2A37FA231031}
NoIQ Poker-->"C:\Poker\NoIQ Poker\_SetupPoker (1).exe" /uninstall
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PhysX v8.04.25-->MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
Opera 9.52-->MsiExec.exe /X{E1A88DE8-BD36-4DEA-8DD8-E35EF475ADC7}
PartyPoker-->"C:\Programme\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programme\PartyGaming\PartyPoker\install.log"
PC Connectivity Solution-->MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
PeerGuardian 2.0-->"C:\Programme\PeerGuardian2\unins000.exe"
Poker Heaven-->C:\PROGRA~1\POKERH~1\UNWISE.EXE C:\PROGRA~1\POKERH~1\INSTALL.LOG
PokerRoom.com (remove only)-->"C:\Programme\PokerRoom.com\uninstall.exe"
QuickTime-->MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Skype 3.0-->"C:\Programme\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SunPoker.com-->C:\WINDOWS\system32\UnPoker.exe CaribbeanSunPoker
TeamSpeak Overlay BETA 2 (#63)-->"C:\Programme\TSO\uninstall.exe"
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
Tony G Poker-->"C:\Poker\Tony G Poker\_SetupCasino.exe" /uninstall
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Ulead Drop Spot 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3BCC5640-5360-11D4-A44A-0000E86D2305}\setup.exe" -l0x7 
Ulead PhotoImpact XL-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DDDE141-9696-4E33-AB82-EF398169D7E5}\setup.exe" -l0x7 
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6a-->C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Gismoh · 23.10.2008, 13:57

Code:

ATTFilter

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition
AV: Avira AntiVir PersonalEdition Classic

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\PC Connectivity Solution;C:\Programme\QuickTime\QTSystem;C:\Programme\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

Dann hier noch die HijackThis Log

Code:

ATTFilter

Logfile of HijackThis v1.99.1
Scan saved at 14:44:50, on 23.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Fighters\configservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Fighters\licenseservice.exe
C:\Programme\Fighters\updateservice.exe
C:\Programme\Fighters\ScannerService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Poker\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://www.pixaco.de/static/download/pixacodndupload.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PTK License-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-18668899 - SPAMfighter - C:\Programme\Fighters\configservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Is jetzt alles clean ?

läuft bisher alles stabil und bisher sind keine weiteren Probleme aufgetreten und die google suche klappt auch wieder ohne Probleme. Ebenfalls kann ich nun auch die mbr.exe runter laden, was ich ja vorher net konnte und der andere link funzt auch wieder :aplaus:

Chris4You · 23.10.2008, 15:17

Hi,

das Log sieht sauber aus, mir ist das hier unbekannt:
C:\Programme\Fighters\*.*
Wenn Du das kennst ist es OK (taucht mehrfach im Log auf)...

Folgenden Reg-Key kann ich nicht einordnen:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSpcuu.sys]
Dazu gehört das hier:
c:\windows\system32\drivers\tdsspcuu.sys

Leider gibt es darüber keine Info, das File ist hidden (daher File mit Pfad direkt bei Virustotal reinkopieren) bitte noch mal prüfen lassen. Wegen dem Namen würde ich das File dem hier zuordnen:
http://www.prevx.com/filenames/1088998989430477431-X1/TDSSSERV2ESYS.html
Durch den Eintrag lädt er sich auch im Safemode, das könnte zu
den Sympthomen passen...
Andererseits wenn es wirklich zum Netzwerk gehört, haben wir nach Löschung ein Problem.... Aber dann sollte auch was zu finden sein im INET...

Folgendes Verzeichnis püfen und ggf. löschen:
C:\cb71059c8e29f89c011119c6

Combofix deinstallieren:
Start->Ausführen, dann combofix /u reinschreiben und OK drücken...

Aufräumen:
Backups von Avenger&Co (falls vorhanden) löschen:
Falls der Rechner einwandfrei läuft, können die Backups der
Bereinigungstools gelöscht werden (soweit vorhanden):

C:\Qoobox - loeschen und Papierkorb leeren
C:\avenger\backup.zip - loeschen und Papierkorb leeren
C:\VundoFix Backups - loeschen und Papierkorb leeren
C:\RVAXO-results.log -->Papierkorb leeren

chris

Gismoh · 23.10.2008, 16:09

- Das Fighter ist Spyware Fighter

das is schon okay

- hab den link gesucht, aber die Datei gibbet net mehr... ist nicht mehr vorhanden

Code:

ATTFilter

0 bytes size received / Se ha recibido un archivo vacio

- okay soweit alles gelöscht und deinstalliert

okay ich starte nochmal den pc neu und las antivirus nochmal durch laufen, ma schauen ob er diesesmal was findet, ebenfalls habe ich die ganzen dateien aus dem Quarantäne Bereich von Antivirus gelöscht, das funzte nun, vorher nicht.
Ma schauen ob er nochwas findet... melde mich gleich wieder

Gismoh · 23.10.2008, 18:14

Okay soweit ist alles in Ordnung, Antivirus hat nichts mehr gefunden

Dann mal ein RIESEN

:aplaus:

Unbekanntes Problem, nach behebung von "XP antispyware 2009"

Plagegeister aller Art und deren Bekämpfung: Unbekanntes Problem, nach behebung von "XP antispyware 2009"