| |
| |||||||
Log-Analyse und Auswertung: online555casion.com problemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.08.2009, 11:49
| #1 |
 |  online555casion.com problem hallo, seit ein paar tagen kommt immer wieder bei mir die site online555casino.com. Seit dem Zeitpunkt kann ich einige Programme wie Spybot, Kantaris nicht mehr öffnen. Ich hab mal HiJack drüber laufen lassen wäre super wenn mir jemand mit dem Problem helfen könnte. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:37, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\bcmwltry.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WLTRAY.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe C:\Programme\Silvercrest MTS2218 driver\KMConfig.exe C:\Programme\iTunes\iTunesHelper.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Silvercrest MTS2218 driver\KMProcess.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe C:\Programme\PokerStars\PokerStars.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Andy\Desktop\HJTInstall.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Andy\LOKALE~1\Temp\Rar$EX00.937\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: XML Class - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {A9C00446-CA14-4EF3-AACB-723AE6634D61} - (no file) O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\RealMedia\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KMCONFIG] C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ISUSPM] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Monopod] C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1085031214-1563985344-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User |
|
26.08.2009, 12:33
| #2 |
  | online555casion.com problem Hi,
__________________das HJ-Log ist nicht vollständig, allerdings haben wir hier schon was nettes kleines: O4 - HKCU\..\Run: [Monopod] C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe
Also: Anleitung Avenger (by swandog46) 1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:  2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist. Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here") Code:
ATTFilter Files to delete:
C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe
Folders to delete:
C:\DOKUME~1\Andy\LOKALE~1\Temp
4.) Um den Avenger zu starten klicke auf -> Execute Dann bestätigen mit "Yes" das der Rechner neu startet! 5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board. Hijackthis, fixen: öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Beim fixen müssen alle Programme geschlossen sein! Code:
ATTFilter O4 - HKCU\..\Run: [Monopod] C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe
Malwarebytes Antimalware (MAM). Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html Fullscan und alles bereinigen lassen! Log posten. RSIT Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile. * Lade Random's System Information Tool (RSIT) herunter http://filepony.de/download-rsit/ * speichere es auf Deinem Desktop. * Starte mit Doppelklick die RSIT.exe. * Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren. * Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren. * In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept". * Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen. * Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage. * Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet. * Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread. Gmer: http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Chris
__________________ |
|
26.08.2009, 15:28
| #3 |
| | ergebnis Virus total hier ist das ergebnis von virustotal
__________________a-squared 4.5.0.24 2009.08.26 - AhnLab-V3 5.0.0.2 2009.08.25 Win-Trojan/Downloader.143360.AA AntiVir 7.9.1.3 2009.08.26 TR/Fakealert.143360 Antiy-AVL 2.0.3.7 2009.08.24 - Authentium 5.1.2.4 2009.08.26 W32/FakeAlert.BY.gen!Eldorado Avast 4.8.1335.0 2009.08.26 Win32:Trojan-gen {Other} AVG 8.5.0.406 2009.08.25 Downloader.Small.GHM BitDefender 7.2 2009.08.26 - CAT-QuickHeal 10.00 2009.08.25 - ClamAV 0.94.1 2009.08.26 - Comodo 2102 2009.08.26 - DrWeb 5.0.0.12182 2009.08.26 Trojan.DownLoad.44784 eSafe 7.0.17.0 2009.08.26 Suspicious File eTrust-Vet 31.6.6702 2009.08.26 - F-Prot 4.5.1.85 2009.08.25 W32/FakeAlert.BY.gen!Eldorado F-Secure 8.0.14470.0 2009.08.26 Trojan-Downloader:W32/Renos.gen!C Fortinet 3.120.0.0 2009.08.26 PossibleThreat GData 19 2009.08.26 Win32:Trojan-gen {Other} Ikarus T3.1.1.68.0 2009.08.26 - Jiangmin 11.0.800 2009.08.26 Rootkit.Agent.czw K7AntiVirus 7.10.827 2009.08.25 - Kaspersky 7.0.0.125 2009.08.26 Packed.Win32.Katusha.e McAfee 5720 2009.08.25 - McAfee+Artemis 5720 2009.08.25 Artemis!772136A6EFB8 McAfee-GW-Edition 6.8.5 2009.08.26 Heuristic.LooksLike.Trojan.Fakealert.H Microsoft 1.4903 2009.08.26 TrojanDownloader:Win32/Renos.JI NOD32 4369 2009.08.26 Win32/TrojanDownloader.FakeAlert.AHC Norman 2009.08.26 W32/Renos.VTS nProtect 2009.1.8.0 2009.08.26 - Panda 10.0.2.2 2009.08.26 Trj/CI.A PCTools 4.4.2.0 2009.08.26 - Prevx 3.0 2009.08.26 Medium Risk Malware Rising 21.44.11.00 2009.08.25 Packer.Win32.LoveLHM.a [Suspicious] Sophos 4.44.0 2009.08.26 Mal/EncPk-JD Sunbelt 3.2.1858.2 2009.08.25 - Symantec 1.4.4.12 2009.08.26 - TheHacker 6.3.4.3.388 2009.08.25 - TrendMicro 8.950.0.1094 2009.08.26 - VBA32 3.12.10.10 2009.08.26 - ViRobot 2009.8.26.1903 2009.08.26 - VirusBuster 4.6.5.0 2009.08.26 - weitere Informationen File size: 143360 bytes MD5...: 772136a6efb8c8e9e4d70aa429a9b014 SHA1..: bbb59e235ac950ec1052ad13a049c7b12b52b7f7 SHA256: 7099d3b79f5d18a49691496d24b5b58d755eb288dea37105b8118f0152a828c1 ssdeep: 3072:Vb8muGxzFwWI9vtbo3TzcfrCx83T/Tf+sLb4/:hhhFwJba4fP/T3b4 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x110a timedatestamp.....: 0x48103b42 (Thu Apr 24 07:48:18 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2903 0x2a00 5.17 9c1f0d22c15f2605d665141408cb41d4 .rdata 0x4000 0x1a75d 0x1a800 7.31 d5a279a1d0d8705c7242c4d656503425 .edata 0x1f000 0x16d93 0x2a00 0.18 46b2d1ecdd8e92733ff48168af5aa850 .bss 0x36000 0x339 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x37000 0x2265 0x2400 0.11 4310f9f686df90fad49e4efdb1fc1525 ( 5 imports ) > KERNEL32.DLL: GetCurrentProcess, GetFileAttributesA, GetOEMCP, FreeLibrary, GetFileSize, ExitProcess, GetCurrentThread, GetModuleFileNameA, lstrcpyA, GetModuleHandleA, GetFileType, HeapFree, lstrcmpA, GetCurrentProcessId, HeapAlloc, WideCharToMultiByte, lstrcpynA, lstrcmpiA > KERNEL32.DLL: GetConsoleOutputCP, GetOEMCP, GetConsoleOutputCP, lstrcatA, GetConsoleOutputCP, GetCurrentProcess, GetConsoleOutputCP, GlobalAlloc, GetConsoleOutputCP, lstrcpyA, GetConsoleOutputCP, WideCharToMultiByte, GetConsoleOutputCP, GlobalFree, GetConsoleOutputCP, GetFileType, GetConsoleOutputCP, GetFileAttributesA > KERNEL32.DLL: GetConsoleOutputCP, GetFileSize, GlobalAlloc, GetFileType, lstrcatA, lstrcmpA, HeapFree, lstrcpyA, GetOEMCP, GetLocalTime, ExitProcess, HeapAlloc, GetModuleHandleA, FreeLibrary, lstrcpynA, DeleteFileA, GlobalFree, GetStringTypeA, GetCurrentThreadId > USER32.DLL: DrawTextW, CalcMenuBar, DialogBoxParamA, AlignRects, GetDlgItem, CopyRect, CopyIcon, CloseWindow, InsertMenuA, DrawTextA, GetWindowTextLengthA, LoadMenuA, AppendMenuW, IsWindow, DrawIconEx, DrawIcon > USER32.DLL: LoadCursorA, DialogBoxParamA, GetCursor, GetWindowTextA, DialogBoxParamW, GetWindowTextLengthA, EndDialog, AppendMenuA, DrawTextA, IsWindow, IsMenu, CopyRect, GetDlgItem, CopyImage, DrawIcon, GetMenu, CopyIcon, GetDC ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (58.4%) Clipper DOS Executable (13.8%) Generic Win/DOS Executable (13.7%) DOS Executable Generic (13.7%) VXD Driver (0.2%) <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=224D199500B7644130770271A2A6A50026519D32' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=224D199500B7644130770271A2A6A50026519D32</a> |
|
26.08.2009, 15:36
| #4 |
| | online555casion.com problem Hi, Avengerscript und HJ durchführen wie beschrieben... Danach MAM und RSIT... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
26.08.2009, 15:36
| #5 |
| | avenger ergebnis hier das ergebnis von avenger Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe" deleted successfully. Folder "C:\DOKUME~1\Andy\LOKALE~1\Temp" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
26.08.2009, 15:51
| #6 |
| | online555casion.com problem kann MAM nicht installieren was nun?? |
|
26.08.2009, 15:55
| #7 |
| | online555casion.com problem Hi, versuche es bereits im Downloadidalog umzubenennen... Wenn das nichts bringt, fahren wir gleich schweres Geschütz auf... (Die nette Malware verhindert den Start....) Combofix (Benenne auch hier gleich im Downloadialog die exe auf test.com um) Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen. Danach auf jeden Fall noch RSIT... Falls auch Combofix nicht laufen sollten, versuche ein Log mit GMER zu erstellen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
26.08.2009, 15:56
| #8 |
| | RSIT Log hier der erste RSIT Log 1. Teil Logfile of random's system information tool 1.06 (written by random/random) Run by Andy at 2009-08-26 16:53:09 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 7 GB (28%) free of 25 GB Total RAM: 894 MB (52% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:53:12, on 26.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\bcmwltry.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\WLTRAY.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe C:\Programme\Silvercrest MTS2218 driver\KMConfig.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Silvercrest MTS2218 driver\KMProcess.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\o2flash.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\taskmgr.exe C:\Dokumente und Einstellungen\Andy\Desktop\RSIT.exe C:\DOKUME~1\Andy\LOKALE~1\Temp\Rar$EX00.922\Andy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: XML Class - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {A9C00446-CA14-4EF3-AACB-723AE6634D61} - (no file) O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\RealMedia\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KMCONFIG] C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ISUSPM] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Monopod] C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-1085031214-1563985344-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'andi') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O21 - SSODL: qegbdmwf - {A71B6962-2DE6-4E0B-BAC0-12A43992FB8F} - C:\WINDOWS\qegbdmwf.dll (file missing) O21 - SSODL: pntqkflv - {B1986BEE-0D6A-481F-AD6F-C9E5754EF6A6} - C:\WINDOWS\pntqkflv.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 10239 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-23 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}] XML Class - C:\WINDOWS\system32\msxml71.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-13 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960] {A9C00446-CA14-4EF3-AACB-723AE6634D61} {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-13 806912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY [] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "TkBellExe"=C:\Programme\RealMedia\Update_OB\realsched.exe -osboot [] "KMCONFIG"=C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe [2008-05-30 212992] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-11-04 413696] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] "Monopod"=C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 "gusvc"=2 "gupdate1c9a2f3bd2b3d50"=2 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] qegbdmwf - {A71B6962-2DE6-4E0B-BAC0-12A43992FB8F} - C:\WINDOWS\qegbdmwf.dll [] pntqkflv - {B1986BEE-0D6A-481F-AD6F-C9E5754EF6A6} - C:\WINDOWS\pntqkflv.dll [] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Programme\Yahoo!\Messenger\YServer.exe"="C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Programme\SecondLife\SLVoice.exe"="C:\Programme\SecondLife\SLVoice.exe:*:Enabled:SLVoice" "D:\Auswertprogramme\java\jre\bin\javaw.exe"="D:\Auswertprogramme\java\jre\bin\javaw.exe:*:Enabled:javaw" "D:\Auswertprogramme\java\j2re1.4.2_04\bin\java.exe"="D:\Auswertprogramme\java\j2re1.4.2_04\bin\java.exe:*:Enabled:java" "D:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe"="C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator" "C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood" "C:\Programme\Zattoo\Zattoo2.exe"="C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: " "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe"="C:\Programme\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe:*:Enabled:PokerStrategy Elephant" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Electronic Arts\EADM\Core.exe"="C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "C:\Programme\Java\jre1.5.0_06\launch4j-tmp\JD-WinLauncher.exe"="C:\Programme\Java\jre1.5.0_06\launch4j-tmp\JD-WinLauncher.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-08-26 16:53:09 ----D---- C:\rsit 2009-08-26 16:46:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-08-26 16:46:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-26 16:33:14 ----D---- C:\Avenger 2009-08-26 16:33:14 ----A---- C:\avenger.txt 2009-08-26 16:32:03 ----A---- C:\zip.exe 2009-08-26 16:32:03 ----A---- C:\cleanup.exe 2009-08-26 16:32:03 ----A---- C:\cleanup.bat 2009-08-26 12:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-24 20:59:51 ----D---- C:\WINDOWS\pss 2009-08-24 20:53:05 ----A---- C:\WINDOWS\_MSRSTRT.EXE 2009-08-24 08:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-22 11:35:00 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-22 11:34:51 ----D---- C:\Programme\MSBuild 2009-08-22 11:34:48 ----D---- C:\WINDOWS\system32\en-US 2009-08-22 11:34:30 ----D---- C:\Programme\Reference Assemblies 2009-08-22 11:33:46 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-22 11:33:46 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-22 11:33:45 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-22 00:25:36 ----D---- C:\Programme\Spybot - Search & Destroy 2009-08-22 00:25:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-08-13 10:02:04 ----D---- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\BSplayer Pro 2009-08-13 10:02:03 ----D---- C:\Programme\Webteh 2009-08-13 09:58:18 ----D---- C:\Programme\SMPlayer 2009-08-13 09:53:19 ----D---- C:\Programme\Kantaris 2009-08-13 08:23:09 ----D---- C:\Programme\OpenSource DTSAC3DD+ Source Filter 2009-08-13 08:23:07 ----D---- C:\Programme\MONOGRAM AMR SplitterDecoder 2009-08-13 08:23:02 ----D---- C:\Programme\CD Audio Reader Filter 2009-08-13 08:22:59 ----D---- C:\Programme\DScaler5 2009-08-13 08:22:43 ----D---- C:\Programme\OpenSource Flash Video Splitter 2009-08-13 08:22:25 ----D---- C:\Programme\RealMedia 2009-08-13 08:21:39 ----D---- C:\Programme\SHOUTcast Source 2009-08-13 08:21:33 ----D---- C:\Programme\Haali 2009-08-13 08:21:22 ----D---- C:\Programme\DSP-worx 2009-08-13 08:20:31 ----D---- C:\Programme\DirectVobSub 2009-08-13 08:19:54 ----D---- C:\Programme\Zoom Player 2009-08-13 07:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 07:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 07:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 07:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-13 07:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 07:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 07:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 07:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-13 07:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-13 07:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-12 08:20:54 ----HD---- C:\Downloads 2009-08-12 00:38:45 ----D---- C:\Programme\Mach5 Software 2009-08-03 15:47:35 ----D---- C:\Programme\HDI-Gerling 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\px.dll 2009-08-03 14:38:45 ----D---- C:\Programme\Winamp |
|
26.08.2009, 15:57
| #9 |
| | RSIT Log Teil 2 ======List of files/folders modified in the last 1 months====== 2009-08-26 16:46:50 ----D---- C:\WINDOWS\system32\drivers 2009-08-26 16:46:48 ----RD---- C:\Programme 2009-08-26 16:41:14 ----D---- C:\WINDOWS\Temp 2009-08-26 16:40:52 ----D---- C:\Programme\Mozilla Firefox 2009-08-26 16:40:32 ----SD---- C:\WINDOWS\Tasks 2009-08-26 16:40:32 ----D---- C:\WINDOWS\system32 2009-08-26 16:40:30 ----D---- C:\WINDOWS 2009-08-26 16:39:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-26 13:22:52 ----D---- C:\Programme\PokerStars 2009-08-26 12:52:04 ----A---- C:\WINDOWS\NeroDigital.ini 2009-08-26 12:37:17 ----HD---- C:\WINDOWS\inf 2009-08-26 12:37:16 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-25 23:28:11 ----D---- C:\WINDOWS\Prefetch 2009-08-24 21:00:59 ----SH---- C:\boot.ini 2009-08-24 21:00:59 ----A---- C:\WINDOWS\win.ini 2009-08-24 21:00:59 ----A---- C:\WINDOWS\system.ini 2009-08-24 20:57:25 ----D---- C:\Programme\jose 2009-08-24 08:13:38 ----A---- C:\WINDOWS\imsins.BAK 2009-08-24 08:13:25 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-24 08:13:01 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-23 11:03:49 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-22 11:37:24 ----SHD---- C:\WINDOWS\Installer 2009-08-22 11:36:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-22 11:35:02 ----RSD---- C:\WINDOWS\assembly 2009-08-22 11:34:45 ----RSD---- C:\WINDOWS\Fonts 2009-08-22 11:34:00 ----D---- C:\WINDOWS\system32\spool 2009-08-22 11:32:21 ----D---- C:\WINDOWS\WinSxS 2009-08-17 22:44:19 ----D---- C:\Programme\Full Tilt Poker 2009-08-17 19:19:51 ----D---- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\UseNeXT 2009-08-13 10:48:44 ----D---- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\vlc 2009-08-13 10:14:03 ----D---- C:\Programme\UseNeXT 2009-08-13 07:54:16 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-13 07:53:56 ----D---- C:\Programme\Outlook Express 2009-08-11 07:50:23 ----D---- C:\WINDOWS\Minidump 2009-08-05 10:59:36 ----N---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-31 03:01:21 ----D---- C:\WINDOWS\system32\de-de 2009-07-31 03:01:20 ----D---- C:\Programme\Internet Explorer 2009-07-31 03:01:03 ----D---- C:\WINDOWS\ie7updates 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-28 17801] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160] R3 BCM43XX;Treiber Broadcom 802.11 Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912] R3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2009-04-25 6144] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384] S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 46944] S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-03-17 44256] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112] S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880] S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe [2004-02-23 65536] R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe [2008-05-30 208896] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864] R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe [2004-02-23 1515599] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 gupdate1c9a2f3bd2b3d50;Google Update Service (gupdate1c9a2f3bd2b3d50); C:\Programme\Google\Update\GoogleUpdate.exe [2009-03-12 133104] S4 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-11-20 536872] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
26.08.2009, 15:59
| #10 |
| | RSIT Info info.txt logfile of random's system information tool 1.06 2009-08-26 16:53:14 ======Uninstall list====== -->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe AIR-->C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.5 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70500000002} Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanavast! Antivirus-->C:\Programme\Alwil Software\Avast4\aswRunDll.exe "C:\Programme\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Broadcom 802.11 Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose Call of Duty(R) 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} Canada Life Programm-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B6373B50-8FD6-11D5-BBBF-000629C979B0}\Setup.exe" -l0x7 -removeonly Canon iP3300 Benutzerregistrierung-->C:\Programme\Canon\IJEREG\iP3300\UNINST.EXE CD Audio Reader Filter (remove only)-->"C:\Programme\CD Audio Reader Filter\uninstall.exe" Compexx Recruiting-->MsiExec.exe /I{8DD7F8E0-1639-4514-877E-3B1EE5AA9BE2} ContiSoft-->C:\WINDOWS\CSUninst.exe DB_Firebird 1.5.0.4306-->C:\Programme\Firebird\Firebird_1_5\UNWISE.EXE C:\Programme\Firebird\Firebird_1_5\instfb15.log DC-Bass Source 1.1.1-->"C:\Programme\DSP-worx\DC-Bass Source\Uninstall.exe" Die Gilde Gold-Edition-->D:\PROGRA~1\JoWooD\DIEGIL~1\UNWISE.EXE D:\PROGRA~1\JoWooD\DIEGIL~1\INSTALL.LOG Die*Sims™*3-->"C:\Programme\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0007 -removeonly Digital Camera Driver-->C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG DirectVobSub (remove only)-->"C:\Programme\DirectVobSub\uninstall.exe" DScaler 5 Mpeg Decoders-->"C:\Programme\DScaler5\unins000.exe" easy in D:\Auswertprogramme-->D:\Auswertprogramme\uninst.exe Easy-WebPrint-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu ELBE SL-->"C:\Programme\ELBE SL\Uninstall.exe" "C:\Programme\ELBE SL\install.log" -u Full Tilt Poker.Net-->"C:\Programme\InstallShield Installation Information\{E07B7A31-E160-466D-A003-3BB7B8989D52}\setup.exe" -runfromtemp -l0x0007 -removeonly Full Tilt Poker-->"C:\Programme\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly FUSSBALL MANAGER 07-->D:\Programme\EA Sports\FUSSBALL MANAGER 07\EAUninstall.exe GENERALI ANGEBOTsoftware 8.20-->"C:\GENERALI\ANGEBOTsoftware\Uninstall.exe" "C:\GENERALI\ANGEBOTsoftware\FoSoft.log" GENERALI SALESmanual 8.20-->"C:\GENERALI\SALESmanual\Uninstall.exe" "C:\GENERALI\SALESmanual\SM.log" GIMP 2.6.6-->"C:\Programme\GIMP-2.0\setup\unins000.exe" Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\DOKUME~1\Andy\LOKALE~1\Temp\Rar$EX00.937\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" ICM Trainer-->MsiExec.exe /I{47EA4DDF-FD99-46B3-846C-9F3F315268AD} iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} KV-Berater-->C:\WINDOWS\ISUN0407.EXE -fC:\Programme\DKV\Uninst.isu -cC:\Programme\DKV\Uninst.dll Maitre-->"C:\Programme\Swiss Life Partner\Maitre\Uninstall.exe" "C:\Programme\Swiss Life Partner\Maitre\install.log" -u Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052B-02A4-4627-81F2-1818DA5D550D} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Microsoft XML Parser-->MsiExec.exe /I{C8320AEC-2E97-4C78-81EC-43CF6D248B01} MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Programme\MONOGRAM AMR SplitterDecoder\uninstall.exe" Mozilla Firefox (3.5.2)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" O2Micro Flash Memory Card Windows Driver V2.04-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EB1B0104-6A57-446F-B855-FDF49151BE0C} /l1033 OKI C3300_3400 Status Monitor-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1A91342B-042E-46B3-AD06-897FF1BAC8F4}\setup.exe" -l0x7 /Erase -removeonly OKI Color Swatch-Dienstprogramm-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A344F95E-E51A-450C-8F84-C940BF61903E}\setup.exe" -l0x7 -removeonly -removeonly OpenSource DTS/AC3/DD+ Source Filter (remove only)-->"C:\Programme\OpenSource DTSAC3DD+ Source Filter\uninstall.exe" OpenSource Flash Video Splitter (remove only)-->"C:\Programme\OpenSource Flash Video Splitter\uninstall.exe" PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1390.exe" _?=C:\Programme\PDFCreator Toolbar PDFCreator-->C:\Programme\PDFCreator\unins000.exe PokerStars-->"C:\Programme\PokerStars\PokerStarsUninstall.exe" /u:PokerStars PokerStrategy Elephant-->MsiExec.exe /I{A27CAF84-656A-4D4D-9D95-D5B1368074C7} PokerStrategy Equilator-->MsiExec.exe /I{D4EB3763-9586-405D-B376-DE98C8C9285E} PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224} QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} RealMedia (remove only)-->"C:\Programme\RealMedia\uninstall.exe" RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x7 REMOVE Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly SecondLife (remove only)-->"C:\Programme\SecondLife\uninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Silvercrest MTS2218 driver-->C:\Programme\InstallShield Installation Information\{2F2B569E-2024-48B8-867B-DB1BF2338F38}\setup.exe -runfromtemp -l0x0407 SMPlayer 0.6.7-->C:\Programme\SMPlayer\uninst.exe Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe" Swiss Life EVA-->"C:\Programme\SwissLife\UNINSTAL.EXE" "C:\Programme\SwissLife\INSTALL_042009.LOG" "Swiss Life EVA Uninstall" Tourney Manager-->MsiExec.exe /I{33FF2328-8CE0-425E-AEDC-BEF9AED09153} Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" UseNeXT-->"C:\Programme\UseNeXT\unins000.exe" VHV-Tarifprogramm-->C:\WINDOWS\UninsVHV.exe d:\AUSWER~1 C:\WINDOWS\IsUn0407.exe -y -fd:\auswertprogramme\VPL_APPS\Uninst.isu -cd:\auswertprogramme\VPL_APPS\_UNODBC.DLL Victor Chandler-->"C:\Poker\Victor Chandler\_SetupCasino.exe_1d7.exe" /uninstall VideoLAN VLC media player 0.8.6h-->C:\Programme\VideoLAN\VLC\uninstall.exe Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG W.A.S.5.0-->"C:\Programme\HDI-Gerling\WAS\unins000.exe" Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->C:\Programme\WinRAR\uninstall.exe Wireless LAN Client Installation Program-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{12AC9C3C-0FE7-4307-B9C0-B19B2E7DD3CC}\setup.exe" -l0x9 -removeonly WWK Avanti Angebot-->MsiExec.exe /X{53CA6EAA-F780-4142-8F09-22DDB4195078} WWK AVANTI Beratung-->MsiExec.exe /X{5DAC3059-2135-400C-A44B-A9EFC24C10CD} Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Zattoo 3.3.4 Beta-->C:\Programme\Zattoo\uninst.exe =====HijackThis Backups===== O4 - HKCU\..\Run: [Monopod] C:\DOKUME~1\Andy\LOKALE~1\Temp\1B.tmp.exe [2009-08-26] ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 090826-0] ======System event log====== Computer Name: ANDY-DEE4C3C888 Event Code: 1002 Message: Die IP-Adresslease 192.168.2.21 für die Netzwerkkarte mit der Netzwerkadresse 0014A59A09E2 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Record Number: 20347 Source Name: Dhcp Time Written: 20090630154937.000000+120 Event Type: Fehler User: Computer Name: ANDY-DEE4C3C888 Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 20346 Source Name: EventLog Time Written: 20090630154927.000000+120 Event Type: Informationen User: Computer Name: ANDY-DEE4C3C888 Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 20345 Source Name: EventLog Time Written: 20090630154927.000000+120 Event Type: Informationen User: Computer Name: ANDY-DEE4C3C888 Event Code: 6006 Message: Der Ereignisprotokolldienst wurde beendet. Record Number: 20344 Source Name: EventLog Time Written: 20090630134944.000000+120 Event Type: Informationen User: Computer Name: ANDY-DEE4C3C888 Event Code: 7036 Message: Dienst "Ati HotKey Poller" befindet sich jetzt im Status "Beendet". Record Number: 20343 Source Name: Service Control Manager Time Written: 20090630134921.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: ANDY-DEE4C3C888 Event Code: 0 Message: Record Number: 4725 Source Name: gusvc Time Written: 20090418145600.000000+120 Event Type: Informationen User: Computer Name: ANDY-DEE4C3C888 Event Code: 0 Message: Record Number: 4724 Source Name: gusvc Time Written: 20090418145500.000000+120 Event Type: Informationen User: Computer Name: ANDY-DEE4C3C888 Event Code: 0 Message: Record Number: 4723 Source Name: gusvc Time Written: 20090418121311.000000+120 Event Type: Informationen User: Computer Name: ANDY-DEE4C3C888 Event Code: 0 Message: Record Number: 4722 Source Name: gusvc Time Written: 20090418121200.000000+120 Event Type: Informationen User: Computer Name: ANDY-DEE4C3C888 Event Code: 0 Message: Record Number: 4721 Source Name: gusvc Time Written: 20090418112000.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Auswertprogramme\Allianz\AZ_SACH\DLL;C:\Programme\AmisAVW\;C:\Programme\AmisAV W\BSA\VPMSBAU\Buttons;C:\Programme\AmisAVW\BSA\VPMSBAU\DLL.32;C:\WINDOWS\system32\;C:\Programme\AmisAVW\AZ_SACH\DLL;C:\Programme\Gemeinsame Dateien\Amis;C:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4802 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "AZ_DAT"=C: "AZ_NDAT"=C: "AZ_NPGM"=C: "AZ_PGM"=C: "AZ_SYS"=C: "DynDATA"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AmisAVW\ "DynPGM"=C:\Programme\AmisAVW\ "AZ_JAVAHOME_13"=C:\Programme\JavaSoft\JRE\1.3 "AZ_TVERZ"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AmisAVW\AZ_DATEN\TMP "CS_HOME"=C:\Programme\AmisAVW\AZL\XML\CONFIG "DBI_PATH"=C:\Programme\AmisAVW\bsa\vpmsbau\data\TaMa "KOPPATH"=C:\Programme\AmisAVW\bsa\vpmsbau\data\TaMa "CLASSPATH"=.;C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip -----------------EOF----------------- |
|
26.08.2009, 16:02
| #11 |
| | online555casion.com problem Hi, da haben wir noch ein einiges im RSIT-Log: qegbdmwf - {A71B6962-2DE6-4E0B-BAC0-12A43992FB8F} - C:\WINDOWS\qegbdmwf.dll [] pntqkflv - {B1986BEE-0D6A-481F-AD6F-C9E5754EF6A6} - C:\WINDOWS\pntqkflv.dll [] C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job ... Bitte bei virustotal beide Dateien prüfen lassen, der job muss gelöscht werden (machen wir mit Avenger wie die Dateien, oder wir überlassen es ComboFix [siehe vorangegangenes Posting von mir] wenn er laufen sollte)... chris Ps.: Going, Runde eins, der Kampf ist eröffnet...
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
26.08.2009, 16:33
| #12 |
| | combfix log ComboFix 09-08-25.05 - Andy 26.08.2009 17:20.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.894.510 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Andy\Desktop\test.com.exe AV: avast! antivirus 4.8.1229 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\cleanup.exe c:\programme\Antivirus 2008 PRO c:\programme\Antivirus 2008 PRO\vscan.tsi c:\programme\Antivirus 2008 PRO\zlib.dll c:\windows\system32\drivers\UACwuhvayyorv.sys c:\windows\system32\nerocheck.exe c:\windows\system32\UACeeirvptkso.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACkonaddlkar.dat c:\windows\system32\UACntauuujmbk.dll c:\windows\system32\UACusjpcsxqpp.dll c:\windows\system32\UACyeyalxpukd.dll c:\windows\system32\UACyoouasgomn.db . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys ((((((((((((((((((((((( Dateien erstellt von 2009-07-26 bis 2009-08-26 )))))))))))))))))))))))))))))) . 2009-08-26 14:53 . 2009-08-26 14:53 -------- d-----w- C:\rsit 2009-08-26 14:46 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-26 14:46 . 2009-08-26 15:03 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2009-08-26 14:46 . 2009-08-26 14:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-26 14:46 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-26 14:32 . 2009-08-26 14:32 574 ----a-w- C:\cleanup.bat 2009-08-26 14:32 . 2009-08-26 14:32 135168 ----a-w- C:\zip.exe 2009-08-24 18:53 . 2009-08-24 18:53 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-08-22 14:45 . 2009-08-22 14:45 -------- d-----w- c:\dokumente und einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\PCHealth 2009-08-22 09:36 . 2009-08-22 09:36 2272 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2009-08-22 09:35 . 2009-08-22 09:35 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-22 09:34 . 2009-08-22 09:34 -------- d-----w- c:\programme\MSBuild 2009-08-22 09:34 . 2009-08-22 09:34 -------- d-----w- c:\programme\Reference Assemblies 2009-08-22 09:33 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-22 09:33 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-22 09:33 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-22 09:33 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-22 09:33 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-22 09:33 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-22 09:33 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-21 22:25 . 2009-08-23 19:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-08-21 22:25 . 2009-08-21 22:25 -------- d-----w- c:\programme\Spybot - Search & Destroy 2009-08-19 20:52 . 2009-08-19 20:52 -------- d-----w- c:\dokumente und einstellungen\Andy\.wwk 2009-08-13 08:34 . 2009-08-13 08:34 -------- d-----w- c:\dokumente und einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Christofer_Persson 2009-08-13 08:02 . 2009-08-13 08:02 -------- d-----w- c:\dokumente und einstellungen\Andy\Anwendungsdaten\BSplayer Pro 2009-08-13 08:02 . 2009-08-17 16:53 -------- d-----w- c:\programme\Webteh 2009-08-13 07:59 . 2009-08-13 07:59 -------- d-----w- c:\dokumente und einstellungen\Andy\fontconfig 2009-08-13 07:58 . 2009-08-13 07:59 -------- d-----w- c:\dokumente und einstellungen\Andy\.smplayer 2009-08-13 07:58 . 2009-08-13 07:58 -------- d-----w- c:\programme\SMPlayer 2009-08-13 07:53 . 2009-08-24 18:52 -------- d-----w- c:\programme\Kantaris 2009-08-13 06:23 . 2009-08-13 06:23 -------- d-----w- c:\programme\OpenSource DTSAC3DD+ Source Filter 2009-08-13 06:23 . 2009-08-13 06:23 -------- d-----w- c:\programme\MONOGRAM AMR SplitterDecoder 2009-08-13 06:23 . 2009-08-13 06:23 -------- d-----w- c:\programme\CD Audio Reader Filter 2009-08-13 06:22 . 2009-08-13 06:23 -------- d-----w- c:\programme\DScaler5 2009-08-13 06:22 . 2009-08-13 06:22 -------- d-----w- c:\programme\OpenSource Flash Video Splitter 2009-08-13 06:22 . 2009-08-13 06:22 -------- d-----w- c:\programme\RealMedia 2009-08-13 06:21 . 2009-08-19 21:12 -------- d-----w- c:\programme\SHOUTcast Source 2009-08-13 06:21 . 2009-08-13 06:21 -------- d-----w- c:\programme\Haali 2009-08-13 06:21 . 2009-08-13 06:21 -------- d-----w- c:\programme\DSP-worx 2009-08-13 06:20 . 2009-08-13 06:20 -------- d-----w- c:\programme\DirectVobSub 2009-08-13 06:19 . 2009-08-13 07:48 -------- d-----w- c:\programme\Zoom Player 2009-08-12 06:20 . 2009-08-12 06:20 -------- d--h--w- C:\Downloads 2009-08-11 22:38 . 2009-08-11 22:38 -------- d-----w- c:\programme\Mach5 Software 2009-08-03 13:47 . 2009-08-03 13:47 -------- d-----w- c:\programme\HDI-Gerling . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 11:22 . 2008-06-29 08:49 -------- d-----w- c:\programme\PokerStars 2009-08-24 18:58 . 2009-08-03 12:38 -------- d-----w- c:\programme\Winamp 2009-08-24 18:57 . 2009-07-15 19:23 -------- d-----w- c:\programme\jose 2009-08-22 09:36 . 2004-08-04 12:00 85542 ----a-w- c:\windows\system32\perfc007.dat 2009-08-22 09:36 . 2004-08-04 12:00 462566 ----a-w- c:\windows\system32\perfh007.dat 2009-08-17 20:44 . 2008-08-28 15:48 -------- d-----w- c:\programme\Full Tilt Poker 2009-08-17 17:19 . 2008-07-07 09:27 -------- d-----w- c:\dokumente und einstellungen\Andy\Anwendungsdaten\UseNeXT 2009-08-13 08:48 . 2008-06-30 08:25 -------- d-----w- c:\dokumente und einstellungen\Andy\Anwendungsdaten\vlc 2009-08-13 08:14 . 2008-07-07 09:27 -------- d-----w- c:\programme\UseNeXT 2009-08-05 08:59 . 2004-08-04 12:00 206336 ------w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 12:00 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-10 22:05 . 2008-06-30 19:49 65312 -c--a-w- c:\dokumente und einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-07-10 12:39 . 2009-07-10 12:39 -------- d-----w- c:\programme\VirtualDJ 2009-07-08 09:53 . 2009-07-08 09:42 -------- d-----w- c:\dokumente und einstellungen\Andy\Anwendungsdaten\gtk-2.0 2009-07-08 09:39 . 2009-07-08 09:39 -------- d-----w- c:\programme\GIMP-2.0 2009-07-01 10:35 . 2008-10-08 11:38 -------- d-----w- c:\dokumente und einstellungen\Andy\Anwendungsdaten\SecondLife 2009-06-29 15:55 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:55 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll 2009-06-29 15:55 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2004-10-28 01:23 737792 ------w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys 2009-06-17 09:47 . 2009-06-17 09:47 22016 ------w- c:\windows\system32\prospeed_bmp2jpg.dll 2009-06-16 21:22 . 2009-06-16 21:22 10134 ----a-r- c:\dokumente und einstellungen\Andy\Anwendungsdaten\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-16 14:36 . 2004-08-04 12:00 81920 ------w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:43 . 2005-05-11 02:30 78848 ------w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2004-08-04 12:00 85504 ------w- c:\windows\system32\avifil32.dll 2009-06-10 07:19 . 2008-06-28 09:25 2066432 ------w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ------w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2005-08-30 03:55 1296896 ------w- c:\windows\system32\quartz.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128] "SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X] "SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "KMCONFIG"="c:\programme\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-11-04 413696] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172544] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-17 16143872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "gusvc"=2 (0x2) "gupdate1c9a2f3bd2b3d50"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Programme\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Programme\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programme\\SecondLife\\SLVoice.exe"= "d:\\Programme\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Programme\\PokerStrategy\\PokerStrategy Equilator\\Equilator.exe"= "c:\\Programme\\Zattoo\\zattood.exe"= "c:\\Programme\\Zattoo\\Zattoo2.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\PokerStrategy\\PokerStrategy Elephant\\PokerStrategy Elephant.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\Java\\jre1.5.0_06\\launch4j-tmp\\JD-WinLauncher.exe"= R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27.02.2006 15:00 34880] R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20.02.2006 16:01 29056] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.06.2008 12:11 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.06.2008 12:11 20560] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\progra~1\Firebird\FIREBI~1\bin\fbguard.exe -s --> c:\progra~1\Firebird\FIREBI~1\bin\fbguard.exe -s [?] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programme\Silvercrest MTS2218 driver\KMWDSrv.exe [30.05.2008 02:17 208896] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "c:\programme\PostgreSQL\8.3\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\progra~1\Firebird\FIREBI~1\bin\fbserver.exe -s --> c:\progra~1\Firebird\FIREBI~1\bin\fbserver.exe -s [?] S4 gupdate1c9a2f3bd2b3d50;Google Update Service (gupdate1c9a2f3bd2b3d50);c:\programme\Google\Update\GoogleUpdate.exe [12.03.2009 11:20 133104] . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe HKLM-Run-TkBellExe - c:\programme\RealMedia\Update_OB\realsched.exe SSODL-qegbdmwf-{A71B6962-2DE6-4E0B-BAC0-12A43992FB8F} - c:\windows\qegbdmwf.dll SSODL-pntqkflv-{B1986BEE-0D6A-481F-AD6F-C9E5754EF6A6} - c:\windows\pntqkflv.dll . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559 uInternet Settings,ProxyOverride = *.local IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\dokumente und einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\8gdpsl7x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - www.t-online.de FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\dokumente und einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\8gdpsl7x.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll FF - plugin: c:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 17:28 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1085031214-1563985344-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:e0,f1,80,fe,9d,ba,ea,62,78,a3,ee,e1,d0,ac,36,53,7f,77,ae,6c,d6,42,9a, e3,69,7e,d8,27,29,7e,1f,8b,d5,3b,d4,e4,de,0d,0d,a9,74,39,1a,a4,64,48,24,7e,\ "??"=hex:ba,09,c6,be,bd,bf,ad,39,ff,1c,6a,bb,86,9e,dc,c0 [HKEY_LOCAL_MACHINE\software\Micro Focus] @Denied: (C D) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(880) c:\windows\System32\BCMLogon.dll . Zeit der Fertigstellung: 2009-08-26 17:30 ComboFix-quarantined-files.txt 2009-08-26 15:30 Vor Suchlauf: 7.229.456.384 Bytes frei Nach Suchlauf: 7.728.599.040 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 280 --- E O F --- 2009-08-26 10:37 |
|
26.08.2009, 16:36
| #13 |
| | RSIT Log teil 1 hier nochmal der RSIT Log und nun??? Logfile of random's system information tool 1.06 (written by random/random) Run by Andy at 2009-08-26 17:33:45 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 7 GB (29%) free of 25 GB Total RAM: 894 MB (48% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:33:52, on 26.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\bcmwltry.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\o2flash.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Andy\Desktop\RSIT.exe C:\Programme\trend micro\Andy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KMCONFIG] C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ISUSPM] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-1085031214-1563985344-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'andi') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 8709 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-23 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}] EWPBrowseObject Class - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-13 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-10-13 806912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY [] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "KMCONFIG"=C:\Programme\Silvercrest MTS2218 driver\StartAutorun.exe [2008-05-30 212992] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-11-04 413696] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 "gusvc"=2 "gupdate1c9a2f3bd2b3d50"=2 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Programme\Yahoo!\Messenger\YServer.exe"="C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Programme\SecondLife\SLVoice.exe"="C:\Programme\SecondLife\SLVoice.exe:*:Enabled:SLVoice" "D:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe"="D:\Programme\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe"="C:\Programme\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator" "C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood" "C:\Programme\Zattoo\Zattoo2.exe"="C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: " "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe"="C:\Programme\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe:*:Enabled:PokerStrategy Elephant" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Java\jre1.5.0_06\launch4j-tmp\JD-WinLauncher.exe"="C:\Programme\Java\jre1.5.0_06\launch4j-tmp\JD-WinLauncher.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" |
|
26.08.2009, 16:37
| #14 |
| | RSIT Log Teil 2 ======List of files/folders created in the last 1 months====== 2009-08-26 17:33:45 ----D---- C:\Programme\trend micro 2009-08-26 17:30:42 ----A---- C:\ComboFix.txt 2009-08-26 17:12:44 ----A---- C:\Boot.bak 2009-08-26 17:12:35 ----RASHD---- C:\cmdcons 2009-08-26 17:10:03 ----A---- C:\WINDOWS\zip.exe 2009-08-26 17:10:03 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-26 17:10:03 ----A---- C:\WINDOWS\SWSC.exe 2009-08-26 17:10:03 ----A---- C:\WINDOWS\SWREG.exe 2009-08-26 17:10:03 ----A---- C:\WINDOWS\sed.exe 2009-08-26 17:10:03 ----A---- C:\WINDOWS\PEV.exe 2009-08-26 17:10:03 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-26 17:10:03 ----A---- C:\WINDOWS\grep.exe 2009-08-26 17:09:49 ----D---- C:\WINDOWS\ERDNT 2009-08-26 17:09:48 ----SD---- C:\test.com 2009-08-26 17:08:48 ----D---- C:\Qoobox 2009-08-26 16:53:09 ----D---- C:\rsit 2009-08-26 16:46:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-08-26 16:46:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-08-26 16:33:14 ----D---- C:\Avenger 2009-08-26 16:33:14 ----A---- C:\avenger.txt 2009-08-26 16:32:03 ----A---- C:\zip.exe 2009-08-26 16:32:03 ----A---- C:\cleanup.bat 2009-08-26 12:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-24 20:59:51 ----D---- C:\WINDOWS\pss 2009-08-24 20:53:05 ----A---- C:\WINDOWS\_MSRSTRT.EXE 2009-08-24 08:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-22 11:35:00 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-22 11:34:51 ----D---- C:\Programme\MSBuild 2009-08-22 11:34:48 ----D---- C:\WINDOWS\system32\en-US 2009-08-22 11:34:30 ----D---- C:\Programme\Reference Assemblies 2009-08-22 11:33:46 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-22 11:33:46 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-22 11:33:45 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-22 00:25:36 ----D---- C:\Programme\Spybot - Search & Destroy 2009-08-22 00:25:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-08-13 10:02:04 ----D---- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\BSplayer Pro 2009-08-13 10:02:03 ----D---- C:\Programme\Webteh 2009-08-13 09:58:18 ----D---- C:\Programme\SMPlayer 2009-08-13 09:53:19 ----D---- C:\Programme\Kantaris 2009-08-13 08:23:09 ----D---- C:\Programme\OpenSource DTSAC3DD+ Source Filter 2009-08-13 08:23:07 ----D---- C:\Programme\MONOGRAM AMR SplitterDecoder 2009-08-13 08:23:02 ----D---- C:\Programme\CD Audio Reader Filter 2009-08-13 08:22:59 ----D---- C:\Programme\DScaler5 2009-08-13 08:22:43 ----D---- C:\Programme\OpenSource Flash Video Splitter 2009-08-13 08:22:25 ----D---- C:\Programme\RealMedia 2009-08-13 08:21:39 ----D---- C:\Programme\SHOUTcast Source 2009-08-13 08:21:33 ----D---- C:\Programme\Haali 2009-08-13 08:21:22 ----D---- C:\Programme\DSP-worx 2009-08-13 08:20:31 ----D---- C:\Programme\DirectVobSub 2009-08-13 08:19:54 ----D---- C:\Programme\Zoom Player 2009-08-13 07:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 07:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 07:54:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 07:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-13 07:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 07:54:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 07:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 07:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-13 07:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-13 07:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-08-12 08:20:54 ----HD---- C:\Downloads 2009-08-12 00:38:45 ----D---- C:\Programme\Mach5 Software 2009-08-03 15:47:35 ----D---- C:\Programme\HDI-Gerling 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-08-03 14:38:50 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-08-03 14:38:49 ----N---- C:\WINDOWS\system32\px.dll 2009-08-03 14:38:45 ----D---- C:\Programme\Winamp ======List of files/folders modified in the last 1 months====== 2009-08-26 17:33:45 ----RD---- C:\Programme 2009-08-26 17:31:16 ----D---- C:\WINDOWS\Prefetch 2009-08-26 17:31:05 ----D---- C:\Programme\Mozilla Firefox 2009-08-26 17:31:01 ----D---- C:\WINDOWS\Temp 2009-08-26 17:30:46 ----D---- C:\WINDOWS\system32 2009-08-26 17:29:32 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-26 17:28:18 ----D---- C:\WINDOWS 2009-08-26 17:28:18 ----A---- C:\WINDOWS\system.ini 2009-08-26 17:25:32 ----D---- C:\WINDOWS\system32\drivers 2009-08-26 17:25:32 ----D---- C:\WINDOWS\AppPatch 2009-08-26 17:25:31 ----D---- C:\Programme\Gemeinsame Dateien 2009-08-26 17:20:55 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-26 17:20:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-26 17:20:22 ----SD---- C:\WINDOWS\Tasks 2009-08-26 17:19:57 ----D---- C:\WINDOWS\system32\config 2009-08-26 17:12:45 ----RASH---- C:\boot.ini 2009-08-26 13:22:52 ----D---- C:\Programme\PokerStars 2009-08-26 12:52:04 ----A---- C:\WINDOWS\NeroDigital.ini 2009-08-26 12:37:17 ----HD---- C:\WINDOWS\inf 2009-08-24 21:00:59 ----A---- C:\WINDOWS\win.ini 2009-08-24 20:57:25 ----D---- C:\Programme\jose 2009-08-24 08:13:38 ----A---- C:\WINDOWS\imsins.BAK 2009-08-24 08:13:25 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-23 11:03:49 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-22 11:37:24 ----SHD---- C:\WINDOWS\Installer 2009-08-22 11:36:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-22 11:35:02 ----RSD---- C:\WINDOWS\assembly 2009-08-22 11:34:45 ----RSD---- C:\WINDOWS\Fonts 2009-08-22 11:34:00 ----D---- C:\WINDOWS\system32\spool 2009-08-22 11:32:21 ----D---- C:\WINDOWS\WinSxS 2009-08-17 22:44:19 ----D---- C:\Programme\Full Tilt Poker 2009-08-17 19:19:51 ----D---- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\UseNeXT 2009-08-13 10:48:44 ----D---- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\vlc 2009-08-13 10:14:03 ----D---- C:\Programme\UseNeXT 2009-08-13 07:54:16 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-13 07:53:56 ----D---- C:\Programme\Outlook Express 2009-08-11 07:50:23 ----D---- C:\WINDOWS\Minidump 2009-08-05 10:59:36 ----N---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-31 03:01:21 ----D---- C:\WINDOWS\system32\de-de 2009-07-31 03:01:20 ----D---- C:\Programme\Internet Explorer 2009-07-31 03:01:03 ----D---- C:\WINDOWS\ie7updates 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-28 17801] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160] R3 BCM43XX;Treiber Broadcom 802.11 Netzwerkadapter; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024] R3 catchme;catchme; \??\C:\DOKUME~1\Andy\LOKALE~1\Temp\catchme.sys [] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912] R3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2009-04-25 6144] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384] S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 46944] S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-03-17 44256] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112] S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880] S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\PROGRA~1\Firebird\FIREBI~1\bin\fbguard.exe [2004-02-23 65536] R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Programme\Silvercrest MTS2218 driver\KMWDSrv.exe [2008-05-30 208896] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2005-01-27 36864] R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\PROGRA~1\Firebird\FIREBI~1\bin\fbserver.exe [2004-02-23 1515599] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 gupdate1c9a2f3bd2b3d50;Google Update Service (gupdate1c9a2f3bd2b3d50); C:\Programme\Google\Update\GoogleUpdate.exe [2009-03-12 133104] S4 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-11-20 536872] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
26.08.2009, 16:49
| #15 |
| | online555casion.com problem Hi, Rookit, bitte sofort das hier löschen: C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job Jetzt noch mal MAM starten und laufen lassen, vorher updaten... Das müsste noch einiges finden... chris (Bin nur noch kurz online...)
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu online555casion.com problem |
| .com, adobe, avast, avast!, bho, bonjour, canon, dateien, desktop, download, einstellungen, explorer, firefox, hijack, hijackthis, immer wieder, internet, internet explorer, kommt immer wieder, microsoft, mozilla, pdfcreator, problem, programme, realplayer, software, super, system, temp, windows, windows xp |
Linear-Darstellung
