Trojaner/Virus?? PC stürzt grundlos ab/ Bluescreen Meldung

crisen · 10.08.2009, 22:11

Hallo ich habe jetzt seid einiger zeit ein großes problem mit meinem PC/Bertriebssystem ich weiß nicht ob ein Virus o.ä. dafür verantwortlich ist...

Das Problem: Ich bekomme teilweise nach einigen Minuten einen Bluescreen mit der Meldung Driver_IRQL_NOT_LESS_OR_EQUAL

***Stop : 0x0000000D1 ( 0xE1C5B000, 0X00000002, 0x00000000, 0xBA7880A5)

selbiges passiert wenn ich z.b. Battlfield 2 starte << direkter bluescreen...

da ich dieses problem noch nie vorher hatte und es nach einem von anti vir gefunden trojaner erstmals auftrat den ich zwar entfernt habe, denke ich das mein pc infiziert ist daher hier meine PC Daten und mein Hijack Logfile...ich hoffe ihr könnt mir helfen...

Betriebsystem Windows XP HOME Service Pack 2.0
Prozessor AMD Athlon x 86, 1.7ghz
512 MB Ram

und hier das LogFile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:03, on 10.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\CPUCooL\CooLSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\mcafee.com\agent\mcdetect.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\Windows NT\Zubehör\wordpad.exe
C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.exe

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?42851db6196c4f5b82c97864c7ff848d
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?42851db6196c4f5b82c97864c7ff848d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139213456234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

ich hoffe ihr könnt mir helfen...habe bisher keine wirkungsvollen lösungsansätzte gefunden ein ähnliches problem gab es hier im forum allerdings auch ohne lösung www.trojaner-board.de/70303-grosse-probleme-nach-virus-trojaner-fund.html

danke im voraus =)

crisen · 10.08.2009, 23:20

ccleaner hab ich schon angewendet allerdings lassen ich jegliche anti spyware programme nicht installieren oder ausführen...das unter punkt 2 genannte programm habe ich runtergeladen allerdings passiert nichts wenn ich die installation starte...und spybot lässt sich nicht mehr öffnen...
wenn ihr weitere informationen benötigt meldet euch bitte bin echt am verzweifeln...

Swisstreasure · 10.08.2009, 23:35

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind)

Code:

ATTFilter

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll

O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"

und wähle fix checked.

Starte den Rechner neu.

>>
Lade Dir Malwarebytes auf den Desktop und benenne es in Scan.exe um. Danach scanne gemäss Anleitung
-->Poste das Log.

Gruss Swiss

crisen · 10.08.2009, 23:36

okay ich werds versuchen

crisen · 11.08.2009, 01:05

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2551
Windows 5.1.2600 Service Pack 2

11.08.2009 02:04:48
mbam-log-2009-08-11 (02-04-48).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 296407
Laufzeit: 53 minute(s), 24 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\cwameosxnr.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\rewoxsmanc.tmp (Rogue.AVCare) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACdoyeomtrum.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACmicxtvoorx.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\UACdf53.tmp (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAChsbitvqirb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACjsnoeyacny.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACqpqlxmyebx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACfkmmqwkdbr.sys (Trojan.Agent) -> Quarantined and deleted successfully.

super danke schonmal

crisen · 11.08.2009, 01:17

hm das bluescreen problem besteht leider weiterhin nachdem scan reboot is es wieder passiert

im problembericht von windows steht übrigens:

C:\DOKUME~1\****~1\LOKALE~1\Temp\WERf2b1.dir00\Mini081109-03.dmp
C:\DOKUME~1\****~1\LOKALE~1\Temp\WERf2b1.dir00\sysdata.xml

falls das was helfen sollte...

Swisstreasure · 11.08.2009, 01:26

>>
Scanne mit Superantispyware und poste das Log.

>>
Mach ein Rootkitscan mit GMER und poste das Log

>>
Wende RSIT an und poste die Logs.

Gruss Swiss

crisen · 11.08.2009, 11:52

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 08/11/2009 at 12:50 PM

Application Version : 4.27.1002

Core Rules Database Version : 4048
Trace Rules Database Version: 1988

Scan type : Complete Scan
Total Scan Time : 00:28:24

Memory items scanned : 540
Memory threats detected : 0
Registry items scanned : 5319
Registry threats detected : 8
File items scanned : 9444
File threats detected : 0

Rootkit.Agent/Gen
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#start
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#type
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#group
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys#imagepath
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules#UACd
HKLM\SYSTEM\CurrentControlSet\Services\uacd.sys\modules#UACc

crisen · 11.08.2009, 12:24

das GMER log file:

GMER 1.0.15.15020 [pebsivbh.exe] - http://www.gmer.net
Rootkit scan 2009-08-11 13:22:07
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

Code 82CFAA40 ZwEnumerateKey
Code 82CFAFD8 ZwFlushInstructionCache
Code 82CF5DF6 IofCallDriver
Code 82CF269E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82CF5DFB
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82CF26A3
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EE68 5 Bytes JMP 82CFAA44
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8057797A 5 Bytes JMP 82CFAFDC

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Canon\IJPLM\IJPLMSVC.EXE[112] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006D000A
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A0000A
.text C:\Programme\a-squared Free\a2service.exe[392] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0104000A
.text C:\Programme\CPUCooL\CooLSrv.exe[532] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A000A
.text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 0062000A
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000074 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000079 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)

Device \Driver\USBSTOR \Device\0000007a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik@imagepath \systemroot\system32\drivers\SKYNETmkgetlnm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main@sid 1
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmkgetlnm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\modules@SKYNETcmd.dll \systemroot\system32\SKYNETnkreftxl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\modules@SKYNETlog.dat \systemroot\system32\SKYNETlkmpqjdb.dat
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\modules@SKYNETwsp.dll \systemroot\system32\SKYNETvddqydoa.dll
Reg HKLM\SYSTEM\ControlSet001\Services\SKYNEToyuhypik\modules@SKYNET.dat \systemroot\system32\SKYNETfrmqlvtu.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACfkmmqwkdbr.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACfkmmqwkdbr.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACqpqlxmyebx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACmicxtvoorx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACjsnoeyacny.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACmafyhiylpu.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChsbitvqirb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACdoyeomtrum.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik@imagepath \systemroot\system32\drivers\SKYNETmkgetlnm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmkgetlnm.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\modules@SKYNETcmd.dll \systemroot\system32\SKYNETnkreftxl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\modules@SKYNETlog.dat \systemroot\system32\SKYNETlkmpqjdb.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\modules@SKYNETwsp.dll \systemroot\system32\SKYNETvddqydoa.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNEToyuhypik\modules@SKYNET.dat \systemroot\system32\SKYNETfrmqlvtu.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxftexgqwhx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxftexgqwhx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACobvfulicmq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik@imagepath \systemroot\system32\drivers\SKYNETmkgetlnm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmkgetlnm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\modules@SKYNETcmd.dll \systemroot\system32\SKYNETnkreftxl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\modules@SKYNETlog.dat \systemroot\system32\SKYNETlkmpqjdb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\modules@SKYNETwsp.dll \systemroot\system32\SKYNETvddqydoa.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToyuhypik\modules@SKYNET.dat \systemroot\system32\SKYNETfrmqlvtu.dat

---- Files - GMER 1.0.15 ----

File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\data 0 bytes
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\help 0 bytes
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\Localized.dll 1650688 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\McFwUnst.dll 106496 bytes
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\mpf.inf 1803 bytes
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\MpfAgent.exe 524288 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\mpfcfg.inf 1726 bytes
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\MpfConsole.exe 950272 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\mpfmain.inf 1352 bytes
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\MpfService.exe 548864 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\MpfTray.exe 999424 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\Mpfui.dll 253952 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\MpfUpdChk.dll 106496 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\MpfWizard.exe 528384 bytes executable
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\mvtx.exe 299008 bytes
File C:\Programme\DivX\DivX Web Player\Microsoft.VC80.CRT\Readme.txt 21440 bytes

---- EOF - GMER 1.0.15 ----

crisen · 11.08.2009, 12:34

Logfile of random's system information tool 1.06 (written by random/random)
Run by kai at 2009-08-11 13:26:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 10 GB (13%) free of 80 GB
Total RAM: 511 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:36, on 11.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\CPUCooL\CooLSrv.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\****\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\****\Desktop\****.exe

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Global Startup: Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?42851db6196c4f5b82c97864c7ff848d
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?42851db6196c4f5b82c97864c7ff848d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139213456234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9800 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2008-09-17 130248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Programme\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2003-03-19 4608]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2003-03-28 524800]
"ledpointer"=C:\WINDOWS\CNYHKey.exe [2003-07-22 5577216]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"nForce Tray Options"=sstray.exe /r []
"McRegWiz"=C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe [2005-06-01 368714]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2005-07-15 999424]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=c:\PROGRA~1\mcafee.com\agent\mcupdate.exe [2006-01-11 212992]
"TkBellExe"=realsched.exe -osboot []
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"SSBkgdUpdate"=C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Programme\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lycosInside]
C:\Programme\lycos\Lyc_SysTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-06-13 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk]
C:\PROGRA~1\ORBITD~1\orbitdm.exe [2008-09-17 1707208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Photo Loader resident.lnk]
C:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [2004-12-03 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Programme^Programme^Autostart^CPUCooL.lnk]
C:\PROGRA~1\CPUCooL\cpucool.exe [2009-05-03 1376256]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
OnlineControl.lnk - C:\Programme\OnlineControl\ocontrol.exe
Orbit.lnk - C:\Programme\Orbitdownloader\orbitdm.exe

C:\Dokumente und Einstellungen\kai\Startmenü\Programme\Autostart
Xfire.lnk - C:\Programme\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat"="C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled

ie Schlacht um Mittelerde™ II"
"C:\Programme\Warcraft III\Warcraft III.exe"="C:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Programme\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-deDE-downloader.exe"="C:\Programme\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat"="C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled

ie Schlacht um Mittelerde (tm)"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe"="C:\Programme\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII"
"C:\Programme\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe"="C:\Programme\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe:*

isabled:Battlefront"
"C:\Program Files\MobileForcesDemo\System\MobileForces.exe"="C:\Program Files\MobileForcesDemo\System\MobileForces.exe:*

isabled:MobileForces"
"C:\Programme\Octoshape Streaming Services\Hochheimer\OctoshapeClient.exe"="C:\Programme\Octoshape Streaming Services\Hochheimer\OctoshapeClient.exe:*:Enabled:OctoshapeClient"
"C:\Programme\World of Warcraft\BackgroundDownloader.exe"="C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe"="C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe"="C:\Programme\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:*:Enabled:script-fu"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*

isabled:RealPlayer"
"C:\Programme\Microsoft Games\Rise of Nations\thrones.exe"="C:\Programme\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"C:\Programme\Microsoft Games\Rise of Nations\PATRIOTS2.EXE"="C:\Programme\Microsoft Games\Rise of Nations\PATRIOTS2.EXE:*:Enabled:Rise of Nations"
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Programme\Wolfenstein - Enemy Territory\ET.exe"="C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Programme\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe"="C:\Programme\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\EiB.exe:*:Enabled:Brothers In Arms Earned In Blood"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled

NA"
"C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programme\Warcraft III neu\War3.exe"="C:\Programme\Warcraft III neu\War3.exe:*:Enabled:Warcraft III"
"C:\Dokumente und Einstellungen\Hochheimer\Desktop\pbsetup.exe"="C:\Dokumente und Einstellungen\Hochheimer\Desktop\pbsetup.exe:*:Enabled

bsetup"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c70f7c2-96e5-11da-b4fa-806d6172696f}]
shell\AutoRun\command - F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5285425-4ce4-11dc-b9ae-000c6e85b417}]
shell\AutoRun\command - I:\LaunchU3.exe

crisen · 11.08.2009, 12:35

======List of files/folders created in the last 1 months======

2009-08-11 13:26:27 ----D---- C:\rsit
2009-08-11 12:13:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-08-11 12:13:24 ----D---- C:\Programme\SUPERAntiSpyware
2009-08-11 12:13:24 ----D---- C:\Dokumente und Einstellungen\kai\Anwendungsdaten\SUPERAntiSpyware.com
2009-08-11 00:49:56 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-08-11 00:49:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-10 23:22:14 ----D---- C:\Programme\CCleaner
2009-08-10 22:10:09 ----D---- C:\Programme\Security Task Manager
2009-08-08 22:55:49 ----D---- C:\Programme\iPod
2009-08-08 22:55:17 ----D---- C:\Programme\iTunes
2009-08-01 14:29:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-01 14:25:21 ----D---- C:\Programme\QuickTime
2009-07-24 21:42:20 ----D---- C:\Programme\Amazon
2009-07-24 16:52:24 ----D---- C:\Programme\ICQ6Toolbar
2009-07-24 16:50:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2009-07-24 16:31:10 ----D---- C:\Programme\ICQ6.5
2009-07-23 19:57:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
2009-07-23 14:34:55 ----A---- C:\WINDOWS\ActiveSkin.INI
2009-07-23 14:34:53 ----A---- C:\UNWISE.EXE
2009-07-18 18:13:57 ----A---- C:\WINDOWS\game.ini
2009-07-17 14:53:39 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-07-17 14:53:39 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-07-17 14:53:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-07-17 14:53:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-07-17 14:53:29 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-07-17 14:53:23 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-17 14:53:16 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-07-17 14:53:02 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-07-17 14:53:02 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-07-17 14:52:56 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-07-17 14:52:54 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-07-17 14:52:53 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-07-17 14:52:53 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-17 14:52:52 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-07-17 14:52:52 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-07-17 14:52:51 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-16 22:31:07 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-16 16:53:52 ----D---- C:\Programme\Lavalys

======List of files/folders modified in the last 1 months======

2009-08-11 13:21:32 ----D---- C:\Programme\Mozilla Firefox
2009-08-11 12:21:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-11 12:13:32 ----SHD---- C:\WINDOWS\Installer
2009-08-11 12:13:24 ----RD---- C:\Programme
2009-08-11 12:13:12 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-08-11 12:10:40 ----D---- C:\Dokumente und Einstellungen\kai\Anwendungsdaten\Orbit
2009-08-11 12:06:33 ----D---- C:\WINDOWS\Temp
2009-08-11 12:06:33 ----D---- C:\WINDOWS\system32
2009-08-11 12:05:28 ----D---- C:\WINDOWS
2009-08-11 02:28:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-11 02:06:54 ----D---- C:\WINDOWS\system32\drivers
2009-08-11 01:03:54 ----D---- C:\WINDOWS\Minidump
2009-08-11 00:29:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-08-11 00:27:08 ----RD---- C:\Programme\Programme
2009-08-10 23:57:33 ----D---- C:\Programme\Spybot - Search & Destroy
2009-08-10 23:28:31 ----D---- C:\WINDOWS\Debug
2009-08-10 22:10:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-08-10 21:48:29 ----HD---- C:\WINDOWS\inf
2009-08-10 21:30:55 ----D---- C:\WINDOWS\Prefetch
2009-08-10 21:22:37 ----SHD---- C:\RECYCLER
2009-08-10 21:18:56 ----D---- C:\Dokumente und Einstellungen
2009-08-10 17:39:39 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-08-08 22:55:46 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-08-08 13:11:36 ----D---- C:\Downloads
2009-08-03 16:30:10 ----HD---- C:\Programme\InstallShield Installation Information
2009-08-01 18:29:16 ----RASH---- C:\boot.ini
2009-08-01 18:29:15 ----A---- C:\WINDOWS\win.ini
2009-08-01 18:29:15 ----A---- C:\WINDOWS\system.ini
2009-08-01 14:31:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-31 19:00:10 ----D---- C:\DVDVideoSoft
2009-07-31 18:37:47 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2009-07-31 18:37:17 ----D---- C:\Programme\DVDVideoSoft
2009-07-24 16:32:26 ----D---- C:\Programme\ICQ6
2009-07-18 17:51:55 ----D---- C:\Programme\Activision
2009-07-18 12:50:17 ----D---- C:\Programme\Gemeinsame Dateien
2009-07-17 14:53:44 ----D---- C:\WINDOWS\system32\DirectX
2009-07-17 14:52:47 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 41472]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2005-07-15 80640]
R1 ntiomin;ntiomin; C:\WINDOWS\system32\drivers\ntiomin.sys [2008-04-12 11392]
R1 ntiopnp;ntiopnp; C:\WINDOWS\system32\drivers\ntiopnp.sys [2008-04-12 12800]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R1 SSHDRV65;SSHDRV65; \??\C:\WINDOWS\system32\drivers\SSHDRV65.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-10-19 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-10-19 18048]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 X4HSX32;X4HSX32; \??\C:\Programme\GameTap Web Player\bin\Release\X4HSX32.Sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-09-15 169856]
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber; C:\WINDOWS\system32\DRIVERS\avmcowan.sys [2006-02-06 51456]
R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber; C:\WINDOWS\system32\DRIVERS\avmdsloe.sys [2006-02-06 39552]
R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber; C:\WINDOWS\system32\DRIVERS\avmndsl.sys [2006-02-06 38992]
R3 FDS2BASE;AVM FRITZ!Card DSL v2.0 (WinXP/2000); C:\WINDOWS\system32\DRIVERS\fds2base.sys [2006-02-06 666880]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-03-19 1107072]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-03-19 177024]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\scrccid.sys [2002-10-25 47100]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-03-19 622592]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2006-01-04 166400]
S3 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atineuxx.sys [2006-01-04 58880]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2006-01-04 55808]
S3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\system32\DRIVERS\atinesxx.sys [2006-01-04 75776]
S3 aujasnkj;aujasnkj; \??\C:\DOKUME~1\kai\LOKALE~1\Temp\aujasnkj.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 jgameenp;jgameenp; \??\C:\DOKUME~1\HOCHHE~1\LOKALE~1\Temp\jgameenp.sys []
S3 k510bus;Sony Ericsson K510 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-01-06 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-01-06 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-01-06 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-01-06 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-01-06 83344]
S3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2006-01-04 15360]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PCD65X2;PCD65X2; \??\C:\DOKUME~1\kai\LOKALE~1\Temp\PCD65X2.sys []
S3 PCD65X3;PCD65X3; \??\C:\DOKUME~1\kai\LOKALE~1\Temp\PCD65X3.sys []
S3 SCR131C;SCRx31 Serial Smart Card Reader; C:\WINDOWS\system32\DRIVERS\SCR131C.sys [2002-11-07 181875]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TTDec;ATI WDM Teletext Decoder; C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2006-01-04 13824]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-06 36864]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 wks;wks; \??\C:\DOKUME~1\HOCHHE~1\LOKALE~1\Temp\wks.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Programme\a-squared Free\a2service.exe [2008-12-17 419448]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-09-29 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CPUCooLServer;CPUCooLServer Service; C:\Programme\CPUCooL\CooLSrv.exe [2008-04-12 118784]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 McDetect.exe;McAfee WSC Integration; c:\programme\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe [2005-07-15 548864]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-29 75064]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

crisen · 11.08.2009, 12:36

info.txt logfile of random's system information tool 1.06 2009-08-11 13:26:39

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 4.0-->"C:\Programme\a-squared Free\unins000.exe"
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x7 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BrainSpeeder 1.1.2 -->C:\WINDOWS\uninstall\BrainSpeeder\setup.exe
Browsen mit Registerkarten (Windows Live Toolbar)-->MsiExec.exe /X{DA2C339B-A405-439B-AD24-07765EF9F233}
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Programme\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Programme\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon IJ Network Scan Utility-->C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE
Canon IJ Network Tool-->C:\Programme\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 1.1-->"C:\Programme\Canon\MP Navigator EX 1.1\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 1.1\uninst.ini
Canon MX850 series Benutzerregistrierung-->C:\Programme\Canon\IJEREG\MX850 series\UNINST.EXE
Canon MX850 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series /L0x0007
Canon My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Programme\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Programme\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CPUCooL (remove only)-->"C:\Programme\CPUCooL\CPUCooL-uninst.exe"
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A} /l1033
Electronic Arts Product Registration-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D7D50E0C-27DD-4999-BC05-E026B580F93A} /l1031
EPSON PhotoQuicker3.4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8A793FC6-6DF5-11DD-BB6A-00018021113F}\SETUP.EXE" -l0x7 uninst
EPSON PRINT Image Framer Tool2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7BA1FB62-A363-4D24-8870-45131F0D0137}\SETUP.EXE" -l0x7 anything
ESC84 Referenzhandbuch-->C:\Programme\EPSON\ESC84\REF_G\DOCUNINS.EXE
ESC84 Softwarehandbuch-->C:\Programme\EPSON\ESC84\PQU_G\DOCUNINS.EXE
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Feederkennung (Windows Live Toolbar)-->MsiExec.exe /X{3A75BDE6-418E-4DB9-8601-C9E5225E0059}
ffdshow [rev 1324] [2007-07-01]-->"C:\Programme\ffdshow\unins000.exe"
Free FLV Converter V 5.9-->"C:\Programme\Free FLV Converter\unins000.exe"
Free Studio version 4.1-->"C:\Programme\DVDVideoSoft\Free Studio\unins000.exe"
Free YouTube to iPod Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Frets On Fire-->"C:\Programme\Frets on Fire\Uninstall.exe"
GameTap Web Player-->"C:\Programme\GameTap Web Player\unins000.exe"
Gimp 2.6.2 Debug-->"C:\Programme\GIMP-2.0\setup\unins001.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Gothic-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BBF10B37-4ED3-11D5-A818-00500435FC18}\setup.exe"
Guitar Pro 5.2-->"C:\Programme\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Hochheimer\Desktop\HijackThis.exe" /uninstall
Hitman: Contracts-->C:\PROGRA~1\Eidos\HITMAN~1\uninstall.exe
HP Software Update-->MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Indiana Jones and the Emperors Tomb-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DBF3265-57F1-4D8A-87EA-332B2A669BDE}\Setup.exe" -l0x7
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Personal Firewall Plus-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Rise Of Nations-->"C:\Programme\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mobile Forces Demo-->C:\Program Files\MobileForcesDemo\System\Setup.exe uninstall "MobileForcesDemo"
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Morrowind-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x7
Mozilla Firefox (3.5.2)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NVIDIA Drivers-->C:\WINDOWS\System32\nvuenet.exe UninstallGUI
NVIDIA nForce Drivers-->C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU002.nvu,NVIDIA nForce Drivers
NVIDIA nForce Treiber für Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
NVIDIA nForce Utilities-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
Oblivion User Patch v0.21-->"C:\Programme\Bethesda Softworks\Oblivion\Oblivion\unins000.exe"
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{135D3939-F9CD-4520-A008-9C4B852A2DBC}
OnlineControl 1.2-->"C:\Programme\OnlineControl\unins000.exe"
Orbit Downloader-->"C:\Programme\Orbitdownloader\unins000.exe"
Photo Loader 3.0G-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst
PIF DESIGNER2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6411B38F-7704-484B-A93B-FD900BC8E8EB}\SETUP.EXE" -l0x7 anything
PIXMA Extended Survey Program-->C:\Programme\Canon\IJPLM\SETUP.EXE -R
Popupblocker (Windows Live Toolbar)-->MsiExec.exe /X{151ACDE2-C3AC-43AA-A77E-12A5D8B2A934}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Presto! PageManager 7.15.20-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x7 anythinganything -removeonly
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{7D0AA8B9-8568-4527-B3F4-91846F921E90}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly
RescuePRO 3.2-->C:\WINDOWS\iun507.exe C:\Programme\RescuePRO\irunin.ini
Rise of Nations Thrones and Patriots-->"C:\Programme\Microsoft Games\Rise of Nations\UNINSTLX.EXE" /runtemp /uninstall
Rogue Spear-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Red Storm Entertainment\Rogue Spear\Uninst.isu"
RTPatch Update-->"C:\Programme\Gemeinsame Dateien\PocketSoft\RTPatch\AutoRTP\unins000.exe"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
ScanSoft OmniPage SE 4-->MsiExec.exe /I{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}
ScanToWeb-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
SCRx31 CT-API and PC/SC Driver Installer-->MsiExec.exe /I{77B6DD3A-C7D0-479B-9CB1-BD8D42AAB1A2}
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Task Manager 1.7h-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Serious Sam 2-->C:\Programme\Serious Sam 2\Bin\Uninstall.exe
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{13AD0F5B-FF8C-4625-851D-A83D4BE74716}
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch-->C:\Programme\NCH Swift Sound\Switch\uninst.exe
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Tom Clancy's Splinter Cell Chaos Theory-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{888DD888-82BE-4D85-BCB2-2E042CD3E844}\setup.exe" -l0x7 -removeonly
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
USB Wireless Keyboard Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x7
VideoLAN VLC media player 0.6.2-->"C:\Programme\VideoLAN\VLC\uninstall.exe"
VideoLAN VLC media player 0.8.6e-->C:\Programme\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 2.25-->C:\Programme\Red Kawa\Video Converter\uninstaller.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Favorites für Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Outlook-Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{22B099A6-55E1-4605-8401-05564320101C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar-->"C:\Programme\Windows Live Toolbar\UnInstall.exe" {28E151E2-A495-4C41-A94C-D3682E10F57E}
Windows Live Toolbar-->MsiExec.exe /X{28E151E2-A495-4C41-A94C-D3682E10F57E}
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)-->MsiExec.exe /X{6266BA75-45FA-4B1A-B21F-E04A90C273E5}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XviD MPEG-4 Codec-->"C:\Programme\XviD\UninstXviD.exe"

=====HijackThis Backups=====

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb127\SearchSettings.dll [2009-08-11]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-08-11]
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) [2009-08-11]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
FW: McAfee Personal Firewall Plus

======System event log======

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 63966
Source Name: Service Control Manager
Time Written: 20090729111615.000000+120
Event Type: Informationen
User:

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.

Record Number: 63965
Source Name: Service Control Manager
Time Written: 20090729111615.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 7036
Message: Dienst "Terminaldienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 63964
Source Name: Service Control Manager
Time Written: 20090729111615.000000+120
Event Type: Informationen
User:

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 17
Message:
Record Number: 63963
Source Name: avgntflt
Time Written: 20090729111538.000000+120
Event Type: Informationen
User:

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 45062
Message: CRT invalid display type

Record Number: 63962
Source Name: ati2mtag
Time Written: 20090729111538.000000+120
Event Type: Fehler
User:

=====Application event log=====

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 1000
Message: Fehlgeschlagene Anwendung superantispyware.exe, Version 4.27.0.1002, fehlgeschlagenes Modul superantispyware.exe, Version 4.27.0.1002, Fehleradresse 0x000039e0.

Record Number: 5
Source Name: Application Error
Time Written: 20090811003400.000000+120
Event Type: Fehler
User:

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 0
Message:
Record Number: 4
Source Name: iPod Service
Time Written: 20090811001234.000000+120
Event Type: Informationen
User:

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 1
Message: The service is started.

Record Number: 3
Source Name: IJPLMSVC
Time Written: 20090811001202.000000+120
Event Type: Informationen
User:

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 1
Message:
Record Number: 2
Source Name: Bonjour Service
Time Written: 20090811001202.000000+120
Event Type: Informationen
User:

Computer Name: HOCHHEIM-2ZYWS2
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20090811001158.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

Swisstreasure · 11.08.2009, 13:48

Hallo Crisen

Auf Deine System sind doch noch mehr Rootkits und Backdoors als ich vermutet habe. Die sicherste Lösung ist, das System neu aufzusetzen und abzusichern. Vorallem wenn Du Ebanking machst dann würde ich dir von einer Reinigung abraten.

Falls Du doch Reinigen willst fahre hier fort:

Was ist das:
C:\Dokumente und Einstellungen\****\Desktop\****.exe

>>
Versteckte Dateien sichtbar machen:
1. Klicke unter Start auf Arbeitsplatz.
2. Klicke im Menü Extras auf Ordneroptionen.
3. Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden --> Haken entfernen
4. Geschützte und Systemdateien ausblenden --> Haken entfernen
5. Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen --> Haken setzen.

Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.
http://virus-protect.org/invisible.html

>>
Lasse folgende Datei bei VIRUSTOTAL prüfen und poste das Ergebnis:

Code:

ATTFilter

C:\WINDOWS\system32\SVKP.sys
C:\DOKUME~1\kai\LOKALE~1\Temp\aujasnkj.sys
C:\DOKUME~1\HOCHHE~1\LOKALE~1\Temp\jgameenp.sys
C:\DOKUME~1\kai\LOKALE~1\Temp\PCD65X2.sys
C:\DOKUME~1\kai\LOKALE~1\Temp\PCD65X3.sys
C:\DOKUME~1\HOCHHE~1\LOKALE~1\Temp\wks.sys

Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

>>
TeaTimer deaktivieren:
Starte Spybot S&D --> klicke auf "Modus" --> hake an "Erweiterte Modus" --> mit "Ja" bestätigen --> klicke auf "Werkzeuge" -->
klicke auf "Resident" --> das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen) --> beende Spybot S&D.
(der TeaTimer be- bzw. verhindert alle weiteren Reinigungmaßnahmen!)

>>
Avenger

kopiere in das weisse Feld:

Zitat:

Folders to delete:
C:\Programme\Search Settings

- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

Gruss Swiss

crisen · 11.08.2009, 14:08

ich denke ich werde es mit der reinigung versuchen da ich keinerlei wichtige daten wie bankverbindungen o.ä. auf dem pc habe...danke das einem hier so schnell geholfen wird =)

Tea Timer Resident ist aus..
Scanne grad bei Virus Total die Dateien

C:\Dokumente und Einstellungen\****\Desktop\kai.exe ist eine Hjack This.exe warum sie so benannt ist weiß ich nicht...kai ist das 2. benutzerkonto auf dem pc aber warum die exe so benannt ist weiß ich nicht (sollt ich es löschen?)

crisen · 11.08.2009, 14:15

C:\WINDOWS\system32\SVKP.sys
Ergebniss:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.08.11 -
AhnLab-V3 5.0.0.2 2009.08.11 -
AntiVir 7.9.0.248 2009.08.11 -
Antiy-AVL 2.0.3.7 2009.08.11 -
Authentium 5.1.2.4 2009.08.11 -
Avast 4.8.1335.0 2009.08.10 -
AVG 8.5.0.406 2009.08.11 -
BitDefender 7.2 2009.08.11 -
CAT-QuickHeal 10.00 2009.08.11 -
ClamAV 0.94.1 2009.08.11 -
Comodo 1942 2009.08.11 -
DrWeb 5.0.0.12182 2009.08.11 -
eSafe 7.0.17.0 2009.08.10 -
eTrust-Vet 31.6.6672 2009.08.11 -
F-Prot 4.4.4.56 2009.08.10 -
F-Secure 8.0.14470.0 2009.08.11 -
Fortinet 3.120.0.0 2009.08.11 -
GData 19 2009.08.11 -
Ikarus T3.1.1.64.0 2009.08.11 -
Jiangmin 11.0.800 2009.08.11 -
K7AntiVirus 7.10.815 2009.08.10 -
Kaspersky 7.0.0.125 2009.08.11 -
McAfee 5705 2009.08.10 -
McAfee+Artemis 5705 2009.08.10 -
McAfee-GW-Edition 6.8.5 2009.08.11 -
Microsoft 1.4903 2009.08.11 -
NOD32 4325 2009.08.11 -
Norman 6.01.09 2009.08.10 -
nProtect 2009.1.8.0 2009.08.11 -
Panda 10.0.0.14 2009.08.10 -
PCTools 4.4.2.0 2009.08.11 -
Prevx 3.0 2009.08.11 -
Rising 21.42.14.00 2009.08.11 -
Sophos 4.44.0 2009.08.11 -
Sunbelt 3.2.1858.2 2009.08.11 -
Symantec 1.4.4.12 2009.08.11 -
TheHacker 6.3.4.3.380 2009.08.11 -
TrendMicro 8.950.0.1094 2009.08.11 -
VBA32 3.12.10.9 2009.08.10 -
ViRobot 2009.8.11.1879 2009.08.11 -
VirusBuster 4.6.5.0 2009.08.10 -
weitere Informationen
File size: 2368 bytes
MD5...: f05028b163b92c302a74409d683ac9b0
SHA1..: 74a943b9f3bf63f8de5c3175f96366b24a661067
SHA256: c43a744c18d12b8214e75f67c557974564f24ec318807bbe796b26619fce7154
ssdeep: 48:qbLNySE/Z3hfHSEgu57tZVRv3xiA6kPMsXL/hfVcY:mRqZx+Q7VjiBkPLZfV
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43c
timedatestamp.....: 0x3e6cafde (Mon Mar 10 15:31:42 2003)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2a0 0x110 0x120 5.12 7dad7d6ca221d6725388d90f719d0c20
.data 0x3c0 0x28 0x40 1.74 e741cf2e01e1bea59fcfd4a89d4358ad
INIT 0x400 0x18a 0x1a0 5.03 7b36305b5ff4cad3eeaca307bbb0fd60
.rsrc 0x5a0 0x350 0x360 3.18 46fab0e7c9b34889fdfead1c6e17eae8
.reloc 0x900 0x34 0x40 3.39 a963ac053cb6e23a9fbf797befe868bb

( 1 imports )
> ntoskrnl.exe: IoCreateDevice, IoCreateSymbolicLink, IoDeleteDevice, IoDeleteSymbolicLink, RtlInitUnicodeString, IoCompleteRequest

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

komisch die anderen Dateien lassen sich nicht überprüfen...wenn ich den datei namen einkopiere sagt mir windows das diese datei nicht exsistiert:" Die datei xy konnte nicht gefunden werden. Bitte überprüfen sie dateinamen..."

11.08.2009, 01:26	#7
Swisstreasure /// Malwareteam	Trojaner/Virus?? PC stürzt grundlos ab/ Bluescreen Meldung >> Scanne mit Superantispyware und poste das Log. >> Mach ein Rootkitscan mit GMER und poste das Log >> Wende RSIT an und poste die Logs. Gruss Swiss

Trojaner/Virus?? PC stürzt grundlos ab/ Bluescreen Meldung

Log-Analyse und Auswertung: Trojaner/Virus?? PC stürzt grundlos ab/ Bluescreen Meldung