Mein internet explorer müllt mich zu

max85 · 22.09.2009, 13:28

Hallo liebe Leute,

ich hab da nen ganz fieses problem.
Seit ein paar tagen öffnet sich mein internet explorer immer wenn ich mozilla ausführe und will mir irgendwelche websites anzeigen.

Ich habe avast auf dem Rechner und der sagt dann:
Zugriff auf bösartige website verhindert, allerdings nervt das schon enorm.

Bitte dringendsd um Hilfe.
Hier auch noch mal der Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:25, on 18.09.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\drvstore32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

--
End of file - 7489 bytes

killt bitte das Problem danke euch herzlich

john.doe · 22.09.2009, 19:39

Hallo und

Was machst du mit Citrix?

Hinweis für Vista-Benutzer: Alle Programme mit Mausklick rechts => Ausführen als Administrator starten.

1.) Starte HJT => Do a system scan only => Markiere:

Code:

ATTFilter

O20 - AppInit_DLLs: C:\Windows\System32\drvstore32.dll

=> Fix checked => Neustart

2.) Lade die Datei

Zitat:

C:\Windows\System32\drvstore32.dll

bitte bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html (nur Schritt 2). Markiere den Text in der Box, kopiere ihn und füge ihn im Uploadchannel ein.

3.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

max85 · 22.09.2009, 20:35

Vielen Dank schonmal,
Ich hab zwar leider keine ahnung was citrix ist

aber hoffentlich hab ich den upload wenigstens hingekriegt.

Hoffe man kann da was finden.

Danke im Vorraus

john.doe · 22.09.2009, 20:42

Ja, Avira kennt den noch nicht.

Schicke ich denen (und alle Anderen) sofort zu.

Code:

ATTFilter

Datei drvstore32.dll empfangen 2009.09.22 19:39:11 (UTC)
Status:    Beendet 
Ergebnis: 9/41 (21.96%) 
 Filter 
Drucken der Ergebnisse  Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.5.0.24	2009.09.22	Trojan-Downloader.Win32.Tracur!IK
AhnLab-V3	5.0.0.2	2009.09.22	-
AntiVir	7.9.1.23	2009.09.22	-
Antiy-AVL	2.0.3.7	2009.09.22	-
Authentium	5.1.2.4	2009.09.22	-
Avast	4.8.1351.0	2009.09.21	-
AVG	8.5.0.412	2009.09.22	-
BitDefender	7.2	2009.09.22	-
CAT-QuickHeal	10.00	2009.09.22	-
ClamAV	0.94.1	2009.09.22	-
Comodo	2404	2009.09.22	-
DrWeb	5.0.0.12182	2009.09.22	Trojan.Bender
eSafe	7.0.17.0	2009.09.22	Suspicious File
eTrust-Vet	31.6.6753	2009.09.22	-
F-Prot	4.5.1.85	2009.09.22	-
F-Secure	8.0.14470.0	2009.09.22	-
Fortinet	3.120.0.0	2009.09.22	PossibleThreat
GData	19	2009.09.22	-
Ikarus	T3.1.1.72.0	2009.09.22	Trojan-Downloader.Win32.Tracur
Jiangmin	11.0.800	2009.09.22	-
K7AntiVirus	7.10.851	2009.09.22	-
Kaspersky	7.0.0.125	2009.09.22	-
McAfee	5749	2009.09.22	-
McAfee+Artemis	5749	2009.09.22	Suspect-29!A34B4E846F4B
McAfee-GW-Edition	6.8.5	2009.09.22	-
Microsoft	1.5005	2009.09.22	TrojanDownloader:Win32/Tracur.B
NOD32	4448	2009.09.22	-
Norman	6.01.09	2009.09.22	-
nProtect	2009.1.8.0	2009.09.22	-
Panda	10.0.2.2	2009.09.22	Generic Trojan
PCTools	4.4.2.0	2009.09.22	-
Prevx	3.0	2009.09.22	High Risk Cloaked Malware
Rising	21.48.14.00	2009.09.22	-
Sophos	4.45.0	2009.09.22	-
Sunbelt	3.2.1858.2	2009.09.22	-
Symantec	1.4.4.12	2009.09.22	-
TheHacker	6.5.0.2.015	2009.09.22	-
TrendMicro	8.950.0.1094	2009.09.22	-
VBA32	3.12.10.10	2009.09.21	-
ViRobot	2009.9.22.1948	2009.09.22	-
VirusBuster	4.6.5.0	2009.09.22	-
weitere Informationen
File size: 122880 bytes
MD5...: a34b4e846f4bacc860e1360df87ded35
SHA1..: 3baedff83e41354d8e144cb60f9085c89b92ab11
SHA256: ecbaca8e9423ec35f6382f372bbf64251fdfce25eae12274de4ca9f47829f4dc
ssdeep: 3072:SC87mQUWRME4fg2PMtjHEhwmBQeaqG+L3//5+TDEPs17:G7mQUG2PIEhOb+
L35+cO7
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1c100
timedatestamp.....: 0x489ad9c0 (Thu Aug 07 11:17:20 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x1b14f 0x1b200 7.97 3e6e22b523c5c052f96ed27a7f8f053c
DATA 0x1d000 0x2f48 0x600 3.90 d8305e1e3d0ee5b5423c1cd1f241849c
BSS 0x20000 0xed2 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x21000 0x9a7 0xa00 4.68 593ecfff20924d94c11cee3b5e963920
.reloc 0x22000 0x19f9 0x1a00 6.65 8eccb291060594602e41380aca23a71a

( 9 imports ) 
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc
> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetOEMCP, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCPInfo, GetACP, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit

( 0 exports ) 
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B210DCA900960F79E0DF014302E51F00D614CAE0' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B210DCA900960F79E0DF014302E51F00D614CAE0</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

max85 · 22.09.2009, 20:59

Ok und wem wird das gesendet ????

Danke für hilfe.

und was genau isses nen wurm nen virus oder trojaner, panik schieb

john.doe · 22.09.2009, 21:05

Ich warte noch auf die Analyse von TE. Du kannst schon mit Punkt 3 weitermachen, also CCleaner, Malwarebytes und RSIT. Alle Logs vollständig posten (ausser das von CCleaner).

ciao, andreas

Edit: http://www.threatexpert.com/report.a...e1360df87ded35

max85 · 22.09.2009, 21:44

hier mal das erste
Logfile of random's system information tool 1.06 (written by random/random)
Run by Max Gaar at 2009-09-22 22:18:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 159 GB (55%) free of 290 GB
Total RAM: 3066 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:35, on 22.09.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\Max Gaar\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Max Gaar.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\drvstore32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
--
End of file - 7057 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-26 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-26 34816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-01 1422632]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2008-09-26 1664280]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-30 61440]
"Dell DataSafe Online"=C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [2008-11-11 442536]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-01-30 206064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-20 483428]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\drvstore32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2009-05-26 10536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

max85 · 22.09.2009, 21:54

hier nummer 2

"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0776639e-4961-11de-aba1-806e6f6e6963}]
shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb9906b-8bb3-11de-a671-002219f00141}]
shell\AutoRun\command - autorun.exe

======List of files/folders created in the last 1 months======

2009-09-22 22:18:33 ----D---- C:\rsit
2009-09-22 22:09:44 ----D---- C:\Users\Max Gaar\AppData\Roaming\Malwarebytes
2009-09-22 22:09:37 ----D---- C:\ProgramData\Malwarebytes
2009-09-22 22:09:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-22 21:50:18 ----AD---- C:\ProgramData\TEMP
2009-09-21 22:07:39 ----RHD---- C:\Users\Max Gaar\AppData\Roaming\SecuROM
2009-09-21 22:07:11 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-09-21 22:07:11 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-09-21 22:07:11 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-09-21 22:06:57 ----D---- C:\ProgramData\Media Center Programs
2009-09-21 21:36:22 ----D---- C:\Program Files\Flagship Studios
2009-09-18 16:45:21 ----D---- C:\Program Files\Free Registry Cleaner for Vista
2009-09-18 16:39:39 ----D---- C:\Users\Max Gaar\AppData\Roaming\Uniblue
2009-09-18 14:39:56 ----D---- C:\Program Files\Trend Micro
2009-09-15 22:07:50 ----A---- C:\Windows\system32\aswBoot.exe
2009-09-15 22:07:49 ----D---- C:\Program Files\Alwil Software
2009-09-15 19:14:40 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-09-15 19:11:39 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-09-15 19:11:39 ----A---- C:\Windows\system32\d3dx10.dll
2009-09-15 19:11:38 ----A---- C:\Windows\system32\xinput1_3.dll
2009-09-15 19:11:38 ----A---- C:\Windows\system32\xinput1_2.dll
2009-09-15 19:11:38 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-09-15 19:11:38 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-09-15 19:11:38 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-09-15 19:11:38 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-09-15 19:11:37 ----A---- C:\Windows\system32\xinput1_1.dll
2009-09-15 19:11:37 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-09-15 19:11:37 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-09-15 19:11:31 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-09-15 19:11:29 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-09-15 19:11:29 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-09-15 19:11:29 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-09-15 19:11:29 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-09-15 19:11:28 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-09-15 19:11:28 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-09-15 19:11:27 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-09-15 18:55:53 ----D---- C:\Program Files\THQ
2009-09-15 16:18:00 ----A---- C:\Windows\BRWMARK.INI
2009-09-15 16:18:00 ----A---- C:\Windows\BRPP2KA.INI
2009-09-14 19:57:18 ----A---- C:\Windows\system32\twuv6.vbs
2009-09-14 19:57:18 ----A---- C:\Windows\system32\drvstore32.dll
2009-09-14 19:40:06 ----D---- C:\Users\Max Gaar\AppData\Roaming\FrostWire
2009-09-14 19:39:50 ----D---- C:\Program Files\FrostWire
2009-09-14 15:32:08 ----D---- C:\Program Files\Common Files\DESIGNER
2009-09-14 15:31:54 ----D---- C:\Program Files\Microsoft.NET
2009-09-14 15:24:20 ----RHD---- C:\MSOCache
2009-09-12 18:08:46 ----D---- C:\ProgramData\WinZip
2009-09-12 18:08:43 ----D---- C:\Program Files\WinZip
2009-09-12 18:02:31 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-09-12 17:55:47 ----D---- C:\Users\Max Gaar\AppData\Roaming\DAEMON Tools Lite
2009-09-12 13:05:27 ----D---- C:\Users\Max Gaar\AppData\Roaming\LimeWire
2009-09-12 13:05:05 ----D---- C:\Program Files\LimeWire
2009-09-10 16:03:09 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 16:03:08 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 16:03:08 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 16:03:07 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 16:03:07 ----A---- C:\Windows\system32\finger.exe
2009-09-10 16:03:06 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 16:03:06 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 16:03:05 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 16:03:04 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 16:02:29 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 16:02:29 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 16:02:29 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 16:02:28 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 16:02:28 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-10 16:02:24 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 16:02:23 ----A---- C:\Windows\system32\mf.dll
2009-09-10 16:02:20 ----A---- C:\Windows\system32\jscript.dll
2009-09-02 18:16:33 ----D---- C:\Users\Max Gaar\AppData\Roaming\XnView
2009-09-02 18:16:25 ----D---- C:\Program Files\XnView
2009-08-26 14:21:43 ----A---- C:\Windows\system32\tzres.dll
2009-08-24 23:41:29 ----D---- C:\Users\Max Gaar\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2009-08-24 23:40:56 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-08-24 20:30:54 ----D---- C:\Program Files\Electronic Arts
2009-08-24 20:21:50 ----A---- C:\Windows\WININIT.INI
2009-08-24 20:18:54 ----D---- C:\Users\Max Gaar\AppData\Roaming\Roxio
2009-08-24 20:18:54 ----D---- C:\ProgramData\Roxio
2009-08-24 19:52:55 ----D---- C:\Program Files\PDFCreator

======List of files/folders modified in the last 1 months======

2009-09-22 22:18:35 ----D---- C:\Windows\Prefetch
2009-09-22 22:18:30 ----D---- C:\Windows\Temp
2009-09-22 22:09:39 ----D---- C:\Windows\system32\drivers
2009-09-22 22:09:37 ----RD---- C:\Program Files
2009-09-22 22:09:37 ----HD---- C:\ProgramData
2009-09-22 21:53:52 ----D---- C:\Users\Max Gaar\AppData\Roaming\Skype
2009-09-22 21:53:36 ----D---- C:\Windows\System32
2009-09-22 21:50:35 ----SHD---- C:\Windows\Installer
2009-09-22 21:40:42 ----D---- C:\Users\Max Gaar\AppData\Roaming\skypePM
2009-09-22 21:18:54 ----D---- C:\Windows\inf
2009-09-22 21:18:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-22 18:23:47 ----D---- C:\Users\Max Gaar\AppData\Roaming\dvdcss
2009-09-22 16:07:53 ----SHD---- C:\System Volume Information
2009-09-21 21:35:52 ----D---- C:\Windows\system32\catroot2
2009-09-19 18:55:26 ----D---- C:\ProgramData\Microsoft Help
2009-09-18 16:50:25 ----D---- C:\Windows\winsxs
2009-09-18 16:29:14 ----SD---- C:\Users\Max Gaar\AppData\Roaming\Microsoft
2009-09-18 16:27:26 ----D---- C:\Program Files\Mozilla Firefox
2009-09-15 22:24:54 ----D---- C:\ProgramData\Microsoft
2009-09-15 22:02:49 ----D---- C:\ProgramData\McAfee
2009-09-15 22:02:49 ----D---- C:\Program Files\Common Files
2009-09-15 22:02:48 ----D---- C:\Windows
2009-09-15 22:00:35 ----D---- C:\Windows\system32\catroot
2009-09-15 19:11:37 ----RSD---- C:\Windows\assembly
2009-09-15 19:11:32 ----D---- C:\Windows\Microsoft.NET
2009-09-15 16:16:36 ----D---- C:\Windows\twain_32
2009-09-14 15:54:33 ----D---- C:\Program Files\Windows Live
2009-09-14 15:52:34 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-14 15:51:49 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-14 15:50:41 ----D---- C:\Program Files\Microsoft Works
2009-09-14 15:32:10 ----D---- C:\Program Files\Microsoft Office
2009-09-14 15:31:58 ----RSD---- C:\Windows\Fonts
2009-09-14 15:26:47 ----D---- C:\Windows\ShellNew
2009-09-12 13:04:41 ----D---- C:\Program Files\easyMule
2009-09-10 19:31:21 ----D---- C:\Windows\rescache
2009-09-10 16:55:44 ----D---- C:\Windows\system32\de-DE
2009-09-10 16:51:46 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-10 16:51:24 ----D---- C:\Windows\ehome
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-24 20:21:35 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-08-24 20:16:10 ----D---- C:\Program Files\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-09-16 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-09-16 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2008-09-16 38400]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-01 4016640]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2008-10-28 135936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-10-08 212992]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-09-10 38224]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-12-22 3662848]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA008Ufd.sys [2009-02-10 133472]
R3 OA008Vid;Creative Camera OA008 Function Driver; C:\Windows\system32\DRIVERS\OA008Vid.sys [2009-02-10 271616]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-03-20 398336]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-01 204464]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [2008-11-05 22904]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-01 4016640]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2008-01-21 251904]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-05-26 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-20 81920]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 712704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-01-30 201968]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [2009-03-20 254042]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-05-26 16680]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

max85 · 22.09.2009, 21:56

hier nummer 3

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x7
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7 /remove
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Catalyst Control Center - Branding-->MsiExec.exe /I{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Video Chat-->C:\Program Files\Dell Video Chat\uninst.exe
Dell Webcam Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x7 /remove
Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}
Die Schlacht um Mittelerde™ II-->C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
Free Registry Cleaner for Vista 1.0-->"C:\Program Files\Free Registry Cleaner for Vista\unins000.exe"
FrostWire 4.18.1-->C:\Program Files\FrostWire\Uninstall.exe
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Hellgate: London-->MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Integrated Webcam Driver (1.02.02.0106) -->C:\Windows\CtDrvIns.exe -uninstall -script OA008.uns -plugin OA008Pin.dll -pluginres OA008Pin.crl -nodisconprompt -langid 0x0407
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0007 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x7 -cluninstall
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
XnView 1.96.2-->"C:\Program Files\XnView\unins000.exe"

=====HijackThis Backups=====

O20 - AppInit_DLLs: C:\Windows\System32\drvstore32.dll [2009-09-22]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Max
Event Code: 7040
Message: Der Starttyp des Diensts "McAfee Personal Firewall Service" wurde von Deaktiviert in Automatisch starten geändert.
Record Number: 13688
Source Name: Service Control Manager
Time Written: 20090603222106.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Max
Event Code: 7036
Message: Dienst "McAfee Services" befindet sich jetzt im Status "Ausgeführt".
Record Number: 13687
Source Name: Service Control Manager
Time Written: 20090603222050.000000-000
Event Type: Informationen
User:

Computer Name: Max
Event Code: 7036
Message: Dienst "McAfee Network Agent" befindet sich jetzt im Status "Ausgeführt".
Record Number: 13686
Source Name: Service Control Manager
Time Written: 20090603222015.000000-000
Event Type: Informationen
User:

Computer Name: Max
Event Code: 7040
Message: Der Starttyp des Diensts "McAfee Network Agent" wurde von Deaktiviert in Automatisch starten geändert.
Record Number: 13685
Source Name: Service Control Manager
Time Written: 20090603222015.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Max
Event Code: 104
Message: Die Protokolldatei "System" wurde gelöscht.
Record Number: 13684
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090603222010.008800-000
Event Type: Informationen
User: Max\Max Gaar

=====Application event log=====

Computer Name: Max
Event Code: 0
Message: Consent #1 Handled
Record Number: 654
Source Name: DellStart
Time Written: 20090603222226.000000-000
Event Type: Informationen
User:

Computer Name: Max
Event Code: 0
Message: Consent #2 Handled
Record Number: 653
Source Name: DellStart
Time Written: 20090603222226.000000-000
Event Type: Informationen
User:

Computer Name: Max
Event Code: 0
Message: Provider ID: DellSupportCenter
Record Number: 652
Source Name: DellStart
Time Written: 20090603222226.000000-000
Event Type: Informationen
User:

Computer Name: Max
Event Code: 0
Message: Administrator verified
Record Number: 651
Source Name: DellStart
Time Written: 20090603222226.000000-000
Event Type: Informationen
User:

Computer Name: Max
Event Code: 5000
Message:
Record Number: 650
Source Name: McLogEvent
Time Written: 20090603222142.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: Max
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:

Antragsteller:
Sicherheits-ID: S-1-5-21-935919702-3166188995-2427285825-1000
Kontoname: Max Gaar
Kontodomäne: Max
Anmelde-ID: 0xe38d8

Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 496
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090604074707.437200-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Max
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 495
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090603224714.756000-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Max
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: DBTOA000$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x234
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 494
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090603224714.756000-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Max
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: DBTOA000$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x234
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 493
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090603224714.756000-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Max
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-935919702-3166188995-2427285825-1000
Kontoname: Max Gaar
Domänenname: Max
Logon-ID: 0xe3893
Record Number: 492
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090603222009.540800-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"HellgateEnv"=C:\Program Files\Flagship Studios\Hellgate London\

-----------------EOF-----------------

john.doe · 22.09.2009, 22:09

Der Eintrag ist wieder da.

1.) Bist du Student oder an einer Universität?

2.) Hast du das Fixen durchgeführt?

3.) Hast du dabei HJT mit Mausklick rechts gestartet?

ciao, andreas

Edit: Du solltest deinen Namen aus den Logs entfernen, ansonsten kannst du über eine Suchmaschine gefunden werden.

max85 · 22.09.2009, 22:21

Bin student,

hab alles gefixed und hab auch mit rechtsklick gestartet.

john.doe · 22.09.2009, 22:26

Zitat:

Bin student,

Das war die einzig denkbare Lösung für Citrix. Du brauchst Citrix um auf den Server in der Uni zugreifen zu können.

Gut, falls Malwarebytes den nicht finden sollte, dann löschen wir den mit Avenger.

ciao, andreas

max85 · 23.09.2009, 16:04

Hy vielen Dank nochmal für alles,

das programm hat alles gefunden und vernichtet.

Endlich wieder frei.
Danke, Danke

john.doe · 23.09.2009, 16:22

Ich würde trotzdem gerne das Log sehen.

ciao, andreas

john.doe · 23.09.2009, 20:09

Das ist wohl zuviel verlangt.

Du bist entlassen.

ciao, andreas

Mein internet explorer müllt mich zu

Log-Analyse und Auswertung: Mein internet explorer müllt mich zu