Malwarebytes-Anti-Malware hat was gefunden bitte um Hilfe

Ayse · 17.10.2009, 20:44

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/10/17 21:30
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000064
Image Path: \Driver\00000064
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: ajxp3471.SYS
Image Path: C:\WINDOWS\System32\Drivers\ajxp3471.SYS
Address: 0xF74BA000	Size: 303104	File Visible: No	Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEEBD5000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BF7000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEECBE000	Size: 49152	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Dokumente und Einstellungen\Mumi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\ayse011@hotmail.de\SharingMetadata\kadir-conny@freenet.de\DFSR\Staging\CS{8B807E49-E3E0-BF2C-8214-077E16A0DD50}\02\1064-{~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 041	Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf8d4322e

#: 053	Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf8d43224

#: 063	Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf8d43233

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf8d4323d

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf85c384e

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf85c3bee

#: 098	Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf8d43242

#: 119	Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf85be090

#: 122	Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf8d43210

#: 128	Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf8d43215

#: 160	Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf85c3cc6

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf85c3b46

#: 193	Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf8d4324c

#: 204	Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf8d43247

#: 247	Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf8d43238

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "C:\Programme\SUPERAntiSpyware\SASKUTIL.sys" at address 0xeee080b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x833d41d8	Size: 405

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System	Address: 0x8304b400	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x8314c1d8	Size: 463

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_CREATE]
Process: System	Address: 0x83141318	Size: 463

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_CLOSE]
Process: System	Address: 0x83141318	Size: 463

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x83141318	Size: 463

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x83141318	Size: 463

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_POWER]
Process: System	Address: 0x83141318	Size: 463

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x83141318	Size: 463

Object: Hidden Code [Driver: ajxp3471ȅ浍浓닰Ȃం䵃䥖豈Ʀ낑, IRP_MJ_PNP]
Process: System	Address: 0x83141318	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System	Address: 0x82b31558	Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x831fe980	Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x831fe980	Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x831fe980	Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x831fe980	Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x831fe980	Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x831fe980	Size: 463

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x831fe980	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8334f1d8	Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x82dd11d8	Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x82dd11d8	Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x82dd11d8	Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x82dd11d8	Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x82dd11d8	Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x82dd11d8	Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x831a8610	Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x831a8610	Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x831a8610	Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x831a8610	Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x831a8610	Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x831a8610	Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x831a8610	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x82c021d8	Size: 463

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CREATE]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLOSE]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_READ]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_CLEANUP]
Process: System	Address: 0x8305a300	Size: 405

Object: Hidden Code [Driver: Cdfsȅఈ浗灩, IRP_MJ_PNP]
Process: System	Address: 0x8305a300	Size: 405

==EOF==

Larusso · 17.10.2009, 20:57

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

@echo off
cd \
rd /s /q RSIT
del "%userprofile%\Eigene Dateien\Downloads\RSIT(4).exe"
del "%userprofile%\Desktop\rsit.bat

Speichere diese unter rsit.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die service.bat
Vista- User: Mit Rechtsklick "als Administrator starten" ausführen.

schritt 2

Lade Random's System Information Tool (RSIT) herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt

Ayse · 17.10.2009, 21:05

Code:

ATTFilter

  info.txt logfile of random's system information tool 1.06 2009-10-17 22:02:50

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALUpdate-->C:\Programme\ESTsoft\ALUpdate\unins000.exe
ALZip-->C:\Programme\ESTsoft\ALZip\unins000.exe
Apache USB PC Camera-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
DivX MPEG-4 Codec 3.2.200 Beta-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
GOM Player-->"C:\Programme\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3-->C:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Programme\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{B26E3B0D-C2FA-4370-B068-7C476766F029}
Mozilla Firefox (3.5.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 8 Trial-->MsiExec.exe /X{D6D5CB84-0E6E-4E69-B300-C690B6911031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Programme\Gemeinsame Dateien\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC-DTV Receiver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{679DE728-0B9D-43B3-8459-D7B81F130E7A}\setup.exe" -l0x7  -removeonly
PDF Manual NW-A800 Series-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{99B9FAF2-33FD-4DC7-9087-5BC2EE4CBB9E}\setup.exe" -l0x7 UNINSTALL -removeonly
Real Alternative 1.7.5-->"C:\Programme\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Secunia PSI-->"C:\Programme\Secunia\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SSC Service Utility v4.20-->"C:\Programme\SSC Service Utility\unins000.exe"

Ayse · 17.10.2009, 21:06

Code:

ATTFilter

  SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
Update für Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Downloader-->C:\Programme\InstallShield Installation Information\{F1D891A7-2BAF-4033-9A20-DBB78F86BF0C}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
Viewpoint Media Player (Remove Only)-->C:\Programme\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.8a-->C:\Programme\VideoLAN\VLC\uninstall.exe
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Family Safety-->MsiExec.exe /X{994223F3-A99B-4DDD-9E1D-0190A17C6860}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: MUMI-32E3D2E0C4
Event Code: 8033
Message: Der Suchdienst hat eine Wahl auf dem Netzwerk "\Device\NetBT_Tcpip_{697B8806-539E-4E53-9022-DFA6950FEB0D}" erzwungen, da der Hauptsuchdienst beendet wurde.

Record Number: 975110
Source Name: BROWSER
Time Written: 20091014005245.000000+120
Event Type: Informationen
User: 

Computer Name: MUMI-32E3D2E0C4
Event Code: 4226
Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.

Record Number: 975109
Source Name: Tcpip
Time Written: 20091014004245.000000+120
Event Type: Warnung
User: 

Computer Name: MUMI-32E3D2E0C4
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet".

Record Number: 975108
Source Name: Service Control Manager
Time Written: 20091014004130.000000+120
Event Type: Informationen
User: 

Computer Name: MUMI-32E3D2E0C4
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgeführt".

Record Number: 975107
Source Name: Service Control Manager
Time Written: 20091014004030.000000+120
Event Type: Informationen
User: 

Computer Name: MUMI-32E3D2E0C4
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Google Software Updater" gesendet.

Record Number: 975106
Source Name: Service Control Manager
Time Written: 20091014004030.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: MUMI-32E3D2E0C4
Event Code: 11728
Message: Produkt: Microsoft .NET Framework 2.0 Service Pack 2 -- Die Konfiguration wurde erfolgreich abgeschlossen.

Record Number: 43176
Source Name: MsiInstaller
Time Written: 20090512192223.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: MUMI-32E3D2E0C4
Event Code: 1022
Message: Produkt: Microsoft .NET Framework 2.0 Service Pack 2 - Update "KB958481" wurde installiert.

Record Number: 43175
Source Name: MsiInstaller
Time Written: 20090512192223.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: MUMI-32E3D2E0C4
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst .NETFramework (.NETFramework) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 43174
Source Name: LoadPerf
Time Written: 20090512192222.000000+120
Event Type: Informationen
User: 

Computer Name: MUMI-32E3D2E0C4
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst .NET CLR Data (.NET CLR Data) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 43173
Source Name: LoadPerf
Time Written: 20090512192221.000000+120
Event Type: Informationen
User: 

Computer Name: MUMI-32E3D2E0C4
Event Code: 1002
Message: Die Leistungsindikatoren für den Dienst .NET CLR Networking (.NET CLR Networking) befinden sich bereits in der
Registrierung. Neuinstallation nicht erforderlich.

Record Number: 43172
Source Name: LoadPerf
Time Written: 20090512192221.000000+120
Event Type: Informationen
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\Nero\Lib;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\ESTsoft\ALZip
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Ayse · 17.10.2009, 21:07

Code:

ATTFilter

  Logfile of random's system information tool 1.06 (written by random/random)
Run by Mumi at 2009-10-17 22:02:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 161 GB (84%) free of 191 GB
Total RAM: 511 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:46, on 17.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Secunia\PSI\psi.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Mumi\Eigene Dateien\Downloads\RSIT(4).exe
C:\Programme\trend micro\Mumi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.nick.de/cache.php?path=/game.html&aid=841"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johannesbrecht.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10434 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-14 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-05-18 208896]
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-05-17 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-12-15 40960]
"NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-08-10 149280]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-09 39408]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Programme\Athan\Athan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728]

C:\Dokumente und Einstellungen\Mumi\Startmenü\Programme\Autostart
AutorunsDisabled
Secunia PSI.lnk - C:\Programme\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-08-02 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe:*:Disabled:Installationsprogramm für Kaspersky Internet Security 2009"
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Ayse · 17.10.2009, 21:08

Code:

ATTFilter

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76fc5040-7c18-11de-ac55-001d0fd78628}]
shell\AutoRun\command - J:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{819e6636-db1f-11dd-aabf-0013d4e6b562}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{989e3374-ccfc-11dd-aa9f-0013d4e6b562}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-10-17 22:02:28 ----D---- C:\rsit
2009-10-17 21:51:36 ----A---- C:\RootRepeal report 10-17-09 (21-51-36).txt
2009-10-17 21:35:59 ----A---- C:\RootRepeal report 10-17-09 (21-35-59).txt
2009-10-17 21:29:20 ----A---- C:\RootRepeal report 10-17-09 (21-29-20).txt
2009-10-16 15:03:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-10-16 15:03:43 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-10-16 15:03:43 ----D---- C:\Programme\CCleaner
2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Yahoo!
2009-10-16 10:31:51 ----D---- C:\Programme\SUPERAntiSpyware
2009-10-16 10:31:51 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\SUPERAntiSpyware.com
2009-10-15 19:08:03 ----D---- C:\WINDOWS\ie8updates
2009-10-15 19:03:20 ----HDC---- C:\WINDOWS\ie8
2009-10-14 21:50:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2009-10-14 20:09:46 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Malwarebytes
2009-10-14 16:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 16:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 16:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 16:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 16:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 16:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 16:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 16:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 16:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-11 19:57:08 ----D---- C:\Programme\Mozilla Firefox
2009-10-11 17:35:40 ----D---- C:\Programme\Microsoft Office Outlook Connector
2009-10-11 17:26:10 ----A---- C:\Programme\wlsetup-web.exe
2009-10-11 11:28:46 ----D---- C:\Programme\Lavalys
2009-10-11 11:28:08 ----A---- C:\Programme\everesthome220.exe
2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\Mp3cnfg.exe
2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\DivXc32.dll
2009-10-09 23:45:39 ----A---- C:\Programme\OOo_2.4.3_Win32Intel_install_de.exe
2009-10-09 23:40:50 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Google
2009-10-09 23:40:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2009-10-09 23:22:47 ----D---- C:\Programme\trend micro
2009-10-09 21:31:30 ----D---- C:\Programme\Avira
2009-10-09 21:31:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-09-26 22:51:42 ----A---- C:\WINDOWS\system32\unrar.dll

======List of files/folders modified in the last 1 months======

2009-10-17 21:46:23 ----D---- C:\WINDOWS\system32\drivers
2009-10-17 20:05:24 ----SHD---- C:\WINDOWS\Installer
2009-10-17 20:05:11 ----HD---- C:\Config.Msi
2009-10-17 20:05:09 ----RD---- C:\Programme
2009-10-17 19:52:31 ----D---- C:\WINDOWS\temp
2009-10-17 19:52:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-17 19:52:02 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt
2009-10-17 15:55:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-17 15:51:41 ----D---- C:\WINDOWS\system32
2009-10-17 13:01:48 ----D---- C:\WINDOWS\Prefetch
2009-10-17 09:38:01 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-16 16:30:29 ----D---- C:\WINDOWS
2009-10-16 15:14:11 ----HD---- C:\WINDOWS\inf
2009-10-16 15:14:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-16 15:13:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-16 15:03:49 ----D---- C:\Spiele
2009-10-16 15:03:40 ----D---- C:\Programme\Internet Explorer
2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\AD ON Multimedia
2009-10-16 15:03:20 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\dvdcss
2009-10-16 15:02:20 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-10-16 10:25:34 ----D---- C:\WINDOWS\system32\config
2009-10-16 10:25:06 ----D---- C:\WINDOWS\system32\wbem
2009-10-16 10:25:06 ----D---- C:\WINDOWS\Registration
2009-10-16 09:58:03 ----D---- C:\WINDOWS\Minidump
2009-10-16 08:15:27 ----D---- C:\WINDOWS\Debug
2009-10-15 19:11:29 ----D---- C:\WINDOWS\system32\de-de
2009-10-15 19:11:28 ----D---- C:\WINDOWS\Media
2009-10-15 19:11:28 ----D---- C:\WINDOWS\Help
2009-10-15 03:40:52 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-14 20:30:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 20:30:42 ----RSD---- C:\WINDOWS\assembly
2009-10-14 16:20:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 16:19:35 ----D---- C:\WINDOWS\WinSxS
2009-10-14 16:15:06 ----D---- C:\WINDOWS\ie7updates
2009-10-14 16:14:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-10-12 23:00:41 ----D---- C:\Dokumente und Einstellungen
2009-10-12 22:55:36 ----D---- C:\VIDEO_OUTPUT
2009-10-11 17:41:15 ----D---- C:\Programme\DivX
2009-10-11 17:35:40 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-10-11 17:34:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-11 17:33:52 ----D---- C:\Programme\Windows Live
2009-10-11 17:32:42 ----D---- C:\WINDOWS\system32\DirectX
2009-10-11 17:30:57 ----D---- C:\Programme\Microsoft
2009-10-11 17:20:33 ----D---- C:\WINDOWS\network diagnostic
2009-10-10 10:44:39 ----SD---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Microsoft
2009-10-10 01:30:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
2009-10-10 01:30:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-10 01:27:18 ----D---- C:\WINDOWS\system32\Macromed
2009-10-10 01:17:43 ----RSD---- C:\WINDOWS\Fonts
2009-10-09 23:40:28 ----D---- C:\Programme\Google
2009-10-09 10:15:54 ----D---- C:\Mumi
2009-10-06 12:47:07 ----HD---- C:\Programme\InstallShield Installation Information
2009-10-06 12:47:07 ----D---- C:\Programme\Gemeinsame Dateien\Sony Shared
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-26 23:06:19 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-09-26 23:01:21 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\DivX
2009-09-26 22:50:43 ----D---- C:\WINDOWS\system32\quicktime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-02 1681920]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S3 ajxp3471;ajxp3471; C:\WINDOWS\system32\drivers\ajxp3471.sys []
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
S3 bdacap;PC-DTV Receiver; C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 217728]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-03 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-08-03 21672]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 GLHIDKBFILTER;GLHIDKBFILTER; C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 11264]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-07-11 84096]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC301b;Apache USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-12-01 93632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-02 401408]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-08-10 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety-Dienst; C:\Programme\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-09 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Larusso · 17.10.2009, 22:35

Code:

ATTFilter

C:\Dokumente und Einstellungen\Mumi\Eigene Dateien\Downloads\RSIT(4).exe

Die RSIT.exe muss auf sich auf dem Desktop befinden. das ist wichtig
bitte ändern.

ESET Online Scanner
- Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
- Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Finish drücken.
- Browser schließen.
- Explorer öffnen.
- C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
- Logfile hier posten.
- Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
- IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
- O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Ayse · 18.10.2009, 00:19

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6208
# api_version=3.0.2
# EOSSerial=afc271208689c24c92742aaa29ddf608
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-17 11:14:55
# local_time=2009-10-18 01:14:55 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 7805 7805 0 0
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=1535 16777215 0 0 0 0 0 0
# compatibility_mode=2047 16777215 0 0 0 0 0 0
# compatibility_mode=3584 16777215 25 0 0 0 0 0
# compatibility_mode=4351 16777215 0 0 0 0 0 0
# compatibility_mode=5890 16777214 0 0 0 0 0 0
# compatibility_mode=8447 16777215 0 0 0 0 0 0
# scanned=66958
# found=0
# cleaned=0
# scan_time=3737

Ayse · 18.10.2009, 09:48

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mumi at 2009-10-18 10:47:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 160 GB (84%) free of 191 GB
Total RAM: 511 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:04, on 18.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Secunia\PSI\psi.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Mumi\Desktop\rsit.exe
C:\Dokumente und Einstellungen\Mumi\Eigene Dateien\Downloads\Mumi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.nick.de/cache.php?path=/game.html&aid=841"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://johannesbrecht.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10587 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-14 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-08-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-05-18 208896]
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-05-17 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-06-01 86016]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2004-12-15 40960]
"NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-08-10 149280]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-09 39408]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
C:\Programme\Athan\Athan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-05-12 73728]

C:\Dokumente und Einstellungen\Mumi\Startmenü\Programme\Autostart
AutorunsDisabled
Secunia PSI.lnk - C:\Programme\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-08-02 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoRecentDocsNetHood"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\german\setup.exe:*:Disabled:Installationsprogramm für Kaspersky Internet Security 2009"
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

Ayse · 18.10.2009, 09:49

Code:

ATTFilter

   [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76fc5040-7c18-11de-ac55-001d0fd78628}]
shell\AutoRun\command - J:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{819e6636-db1f-11dd-aabf-0013d4e6b562}]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{989e3374-ccfc-11dd-aa9f-0013d4e6b562}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-10-18 09:27:43 ----D---- C:\Programme\ESET
2009-10-18 01:47:49 ----D---- C:\rsit
2009-10-17 21:51:36 ----A---- C:\RootRepeal report 10-17-09 (21-51-36).txt
2009-10-17 21:35:59 ----A---- C:\RootRepeal report 10-17-09 (21-35-59).txt
2009-10-17 21:29:20 ----A---- C:\RootRepeal report 10-17-09 (21-29-20).txt
2009-10-16 15:03:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-10-16 15:03:43 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-10-16 15:03:43 ----D---- C:\Programme\CCleaner
2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Yahoo!
2009-10-16 10:31:51 ----D---- C:\Programme\SUPERAntiSpyware
2009-10-16 10:31:51 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\SUPERAntiSpyware.com
2009-10-15 19:08:03 ----D---- C:\WINDOWS\ie8updates
2009-10-15 19:03:20 ----HDC---- C:\WINDOWS\ie8
2009-10-14 21:50:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2009-10-14 20:09:46 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Malwarebytes
2009-10-14 16:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 16:15:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 16:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 16:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 16:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 16:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 16:12:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 16:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 16:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-11 19:57:08 ----D---- C:\Programme\Mozilla Firefox
2009-10-11 17:35:40 ----D---- C:\Programme\Microsoft Office Outlook Connector
2009-10-11 17:26:10 ----A---- C:\Programme\wlsetup-web.exe
2009-10-11 11:28:46 ----D---- C:\Programme\Lavalys
2009-10-11 11:28:08 ----A---- C:\Programme\everesthome220.exe
2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\Mp3cnfg.exe
2009-10-10 01:29:48 ----A---- C:\WINDOWS\system32\DivXc32.dll
2009-10-09 23:45:39 ----A---- C:\Programme\OOo_2.4.3_Win32Intel_install_de.exe
2009-10-09 23:40:50 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Google
2009-10-09 23:40:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2009-10-09 23:22:47 ----D---- C:\Programme\trend micro
2009-10-09 21:31:30 ----D---- C:\Programme\Avira
2009-10-09 21:31:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-09-26 22:51:42 ----A---- C:\WINDOWS\system32\unrar.dll

======List of files/folders modified in the last 1 months======

2009-10-18 09:27:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-18 09:27:43 ----RD---- C:\Programme
2009-10-18 09:13:04 ----D---- C:\WINDOWS\temp
2009-10-18 09:12:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-18 09:12:29 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt
2009-10-18 03:30:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-17 21:46:23 ----D---- C:\WINDOWS\system32\drivers
2009-10-17 20:05:24 ----SHD---- C:\WINDOWS\Installer
2009-10-17 20:05:11 ----HD---- C:\Config.Msi
2009-10-17 15:51:41 ----D---- C:\WINDOWS\system32
2009-10-17 13:01:48 ----D---- C:\WINDOWS\Prefetch
2009-10-17 09:38:01 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-16 16:30:29 ----D---- C:\WINDOWS
2009-10-16 15:14:11 ----HD---- C:\WINDOWS\inf
2009-10-16 15:14:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-16 15:13:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-16 15:03:49 ----D---- C:\Spiele
2009-10-16 15:03:40 ----D---- C:\Programme\Internet Explorer
2009-10-16 15:03:26 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\AD ON Multimedia
2009-10-16 15:03:20 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\dvdcss
2009-10-16 15:02:20 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-10-16 10:25:34 ----D---- C:\WINDOWS\system32\config
2009-10-16 10:25:06 ----D---- C:\WINDOWS\system32\wbem
2009-10-16 10:25:06 ----D---- C:\WINDOWS\Registration
2009-10-16 09:58:03 ----D---- C:\WINDOWS\Minidump
2009-10-16 08:15:27 ----D---- C:\WINDOWS\Debug
2009-10-15 19:11:29 ----D---- C:\WINDOWS\system32\de-de
2009-10-15 19:11:28 ----D---- C:\WINDOWS\Media
2009-10-15 19:11:28 ----D---- C:\WINDOWS\Help
2009-10-15 03:40:52 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-14 20:30:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 20:30:42 ----RSD---- C:\WINDOWS\assembly
2009-10-14 16:20:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 16:19:35 ----D---- C:\WINDOWS\WinSxS
2009-10-14 16:15:06 ----D---- C:\WINDOWS\ie7updates
2009-10-14 16:14:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-10-12 23:00:41 ----D---- C:\Dokumente und Einstellungen
2009-10-12 22:55:36 ----D---- C:\VIDEO_OUTPUT
2009-10-11 17:41:15 ----D---- C:\Programme\DivX
2009-10-11 17:35:40 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-10-11 17:34:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-11 17:33:52 ----D---- C:\Programme\Windows Live
2009-10-11 17:32:42 ----D---- C:\WINDOWS\system32\DirectX
2009-10-11 17:30:57 ----D---- C:\Programme\Microsoft
2009-10-11 17:20:33 ----D---- C:\WINDOWS\network diagnostic
2009-10-10 10:44:39 ----SD---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\Microsoft
2009-10-10 01:30:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
2009-10-10 01:27:18 ----D---- C:\WINDOWS\system32\Macromed
2009-10-10 01:17:43 ----RSD---- C:\WINDOWS\Fonts
2009-10-09 23:40:28 ----D---- C:\Programme\Google
2009-10-09 10:15:54 ----D---- C:\Mumi
2009-10-06 12:47:07 ----HD---- C:\Programme\InstallShield Installation Information
2009-10-06 12:47:07 ----D---- C:\Programme\Gemeinsame Dateien\Sony Shared
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-26 23:06:19 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-09-26 23:01:21 ----D---- C:\Dokumente und Einstellungen\Mumi\Anwendungsdaten\DivX
2009-09-26 22:50:43 ----D---- C:\WINDOWS\system32\quicktime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-01-16 12970]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-02 1681920]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 105984]
S3 aukumzd3;aukumzd3; C:\WINDOWS\system32\drivers\aukumzd3.sys []
S3 bdacap;PC-DTV Receiver; C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 217728]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-03 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-08-03 21672]
S3 giveio;giveio; \??\C:\WINDOWS\system32\giveio.sys []
S3 GLHIDKBFILTER;GLHIDKBFILTER; C:\WINDOWS\system32\DRIVERS\GLKbFilter.sys [2006-01-06 11264]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-07-11 84096]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC301b;Apache USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-12-01 93632]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-02 401408]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-08-10 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety-Dienst; C:\Programme\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-09 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSCSPTISRV;MSCSPTISRV; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Larusso · 18.10.2009, 13:27

Noch Probleme ?

Ayse · 18.10.2009, 14:08

Ja,

Ich kann immernoch nicht mein Hintergrundbild ändern.

Avira zeigt mich immer den hier an

Code:

ATTFilter

 Exportierte Ereignisse:

18.10.2009 11:14 [Guard] Malware gefunden
      In der Datei 'C:\System Volume 
      Information\_restore{760356E5-BCE9-476B-B907-4990E96A32A7}\RP143\A0031731.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

Larusso · 18.10.2009, 21:37

sorry, hatte ich nicht abonniert

Schritt 1

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Poste bitte die erhaltene Logfile

Ayse · 18.10.2009, 21:44

Code:

ATTFilter

 SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 22:42 on 18/10/2009 by Mumi (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
(No values found)


-=End Of File=-

Ich verstehe das nicht etwas ist auf meinem Rechner aber kein Scann findet das

Larusso · 19.10.2009, 13:32

nö da ist nichts mehr, aber es war da

schritt 1

Registry mit ERUNT sichern

Da wir in der Registry Änderungen vornehmen müssen, wirst Du die Registry vorher wie folgt sichern:
Lade das Tool ERUNT von Lars Hederer herunter und installiere es. Starte die erunt.exe und erstelle damit eine Backup der Registry in den vorgegebenen Ordner. Unter Sicherungsoptionen bitte alle drei Möglichkeiten anhaken. Das Programm nicht in den Systemstart aufnehmen.

schritt 2

Registry Einträge ändern, löschen oder erstellen

Start --> ausführen --> regedit (eingeben) --> OK

Navigiere nun wie folgt.
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft ->Windows -> CurrentVersion -> Policies.
Hier müsste der Eintrag ActiveDesktop stehen.
Rechtsklick darauf und in NoChangingWallpaper benennen.
Nun im Rechten Fenster auf Standard klicken und bei Wert einfach 0 eingeben --> OK

Schritt 2b

navigiere bitte zu
HKEY_CURRENT_USER -> Software -> Microsoft -> Windows -> CurrentVersion -> Policies.

Sollte auch hier der Eintrag Active Desktop stehen, dann die selben Schritte wie oben.
Sollte dieser nicht vorhanden sein, einfach nichts machen.

Starte nun den Rechner neu auf und berichte.

18.10.2009, 13:27	#41
Larusso /// Selecta Jahrusso	Malwarebytes-Anti-Malware hat was gefunden bitte um Hilfe Noch Probleme ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Malwarebytes-Anti-Malware hat was gefunden bitte um Hilfe

Log-Analyse und Auswertung: Malwarebytes-Anti-Malware hat was gefunden bitte um Hilfe