Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 2 Trojaner gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.12.2009, 22:40   #1
domi0815
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



Hallo,

habe ein Problem mit folgendem Trojaner:
TR/Crypt.ZPACK.Gen!

Antivir findet ihn und ich hab ihn schon viermal gelöscht, aber er ist immer wieder da.
Hab hier im Forum gelesen, dass andere user das selbe Problem hatten und ihnen geholfen werden konnte.
Aber jedes System ist ja verschieden und ich will nicht einfach rumprobieren, dafür kenn ich mich auch zuwenig mit Systemdateien und -wiederherstellungen aus.
Zudem habe ich vorhin auch noch einen weiteren Trojaner gefunden:
TR/Dropper.Gen

Ich habe sowohl CCCleaner, als auch Malwarebytes-Anti-Malware durchgeführt(dort hat er 9 Infizierungen gefunden). Hierbei bin ich genau nach Anleitung hier im Board vorgegangen.



Hier die Log von Malwarebytes-Anti-Malware



Zitat:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3288
Windows 5.1.2600 Service Pack 3

03.12.2009 22:22:16
mbam-log-2009-12-03 (22-22-16).txt

Scan-Methode: Vollständiger Scan (C:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 261124
Laufzeit: 51 minute(s), 7 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\domi\Startmenü\WinPC Defender.LNK (Rogue.WinPCDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACakdvgpjy.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.

Rsit hab ich auch ausgeführt, hier die 2 logs:


1. log

Zitat:
Logfile of random's system information tool 1.06 (written by random/random)
Run by domi at 2009-12-03 22:27:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (58%) free of 51 GB
Total RAM: 3326 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:31, on 03.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
C:\Programme\Canon\MyPrinter\BJMyPrt.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\NETGEAR\WG111v2\WG111v2.exe
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
G:\SERIEN\RSIT.exe
C:\Programme\trend micro\domi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Programme\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - Unknown owner - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 9384 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-02-16 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Easy-PrintToolBox"=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2006-06-19 499712]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-02-16 148888]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NokiaMServer"=C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles []
"Nokia FastStart"=C:\Programme\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]
"AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"CanonSolutionMenu"=C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-09-21 305440]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Power2GoExpress"= []
"DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"ICQ"=C:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
NETGEAR WG111v2 Smart Wizard.lnk - C:\Programme\NETGEAR\WG111v2\WG111v2.exe
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico

C:\Dokumente und Einstellungen\domi\Startmenü\Programme\Autostart
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-03 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\CyberLink\PowerDirector\PDR.exe"="C:\Programme\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"G:\Sacred 2\system\s2gs.exe"="G:\Sacred 2\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"G:\Sacred 2\system\sacred2.exe"="G:\Sacred 2\system\sacred2.exe:*:Enabled:Sacred 2"
"G:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="G:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"G:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="G:\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"G:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="G:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="G:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"G:\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="G:\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"G:\Dragon Age\bin_ship\daorigins.exe"="G:\Dragon Age\bin_ship\daorigins.exe:*:Enabledragon Age Origins -Spiel"
"G:\Dragon Age\DAOriginsLauncher.exe"="G:\Dragon Age\DAOriginsLauncher.exe:*:Enabledragon Age Origins -Launcher"
"G:\Dragon Age\bin_ship\daupdatersvc.service.exe"="G:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabledragon Age Origins -Inhaltsupdater"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a3d4220-e243-11dd-a702-001b2f3a6c63}]
shell\AutoRun\command - K:\BS4Launcher.exe


======List of files/folders created in the last 1 months======

2009-12-03 22:27:24 ----D---- C:\rsit
2009-12-03 22:27:24 ----D---- C:\Programme\trend micro
2009-12-03 21:26:11 ----D---- C:\Dokumente und Einstellungen\domi\Anwendungsdaten\Malwarebytes
2009-12-03 21:26:06 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-03 21:26:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-03 21:16:54 ----D---- C:\Programme\CCleaner
2009-11-28 13:26:35 ----D---- C:\Programme\Gemeinsame Dateien\DirectX
2009-11-28 13:25:03 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-11-28 13:25:03 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-11-28 13:25:02 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-11-28 13:25:02 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-11-28 13:25:02 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-11-28 13:25:01 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-11-28 13:25:01 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-11-28 13:20:23 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-11-28 13:20:23 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-11-28 13:20:23 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-11-28 13:20:22 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-11-28 13:20:21 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-11-28 13:18:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Divinity 2
2009-11-27 11:48:01 ----D---- C:\Programme\Gemeinsame Dateien\BioWare
2009-11-26 12:42:25 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-11-26 12:42:12 ----D---- C:\Programme\ALDI Foto Service
2009-11-18 07:23:36 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-11-07 18:18:44 ----A---- C:\WINDOWS\jestertb.dll
2009-11-04 13:42:02 ----HD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan

======List of files/folders modified in the last 1 months======

2009-12-03 22:27:31 ----D---- C:\WINDOWS\Prefetch
2009-12-03 22:27:24 ----RD---- C:\Programme
2009-12-03 22:22:16 ----D---- C:\WINDOWS\system32\drivers
2009-12-03 22:22:16 ----D---- C:\WINDOWS\system32
2009-12-03 21:51:20 ----D---- C:\Programme\Mozilla Firefox
2009-12-03 21:18:32 ----D---- C:\WINDOWS\Debug
2009-12-03 21:18:32 ----AD---- C:\WINDOWS
2009-12-03 21:18:31 ----D---- C:\WINDOWS\Temp
2009-12-03 18:00:41 ----A---- C:\WINDOWS\RTacDbg.txt
2009-12-03 10:58:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-03 07:23:59 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-11-28 13:26:35 ----D---- C:\Programme\Gemeinsame Dateien
2009-11-28 13:25:04 ----D---- C:\WINDOWS\system32\DirectX
2009-11-28 13:25:03 ----HD---- C:\WINDOWS\inf
2009-11-28 13:20:03 ----RSD---- C:\WINDOWS\assembly
2009-11-28 13:19:30 ----SHD---- C:\WINDOWS\Installer
2009-11-28 13:19:29 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-28 13:18:46 ----D---- C:\Programme\AGEIA Technologies
2009-11-28 13:00:06 ----HD---- C:\Programme\InstallShield Installation Information
2009-11-28 12:16:37 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-27 19:25:14 ----D---- C:\WINDOWS\system32\config
2009-11-27 12:12:39 ----D---- C:\WINDOWS\WinSxS
2009-11-27 11:04:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-18 07:23:48 ----RD---- C:\Programme\Skype
2009-11-18 07:23:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-11-16 18:58:45 ----SD---- C:\Dokumente und Einstellungen\domi\Anwendungsdaten\Microsoft
2009-11-08 01:12:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD Shrink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-13 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-19 278728]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-19 25416]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-08-08 104512]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-03 3100160]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 afnrgccy;afnrgccy; C:\WINDOWS\system32\drivers\afnrgccy.sys []
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-01-26 4352]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-29 47360]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-03 552960]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2007-10-26 1524512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-02-16 152984]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 StarWindService;StarWind iSCSI Service; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 ServiceLayer;ServiceLayer; C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 TwonkyMedia;TwonkyMedia; C:\Programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe []
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
INFO

Zitat:
info.txt logfile of random's system information tool 1.06 2009-12-03 22:27:33

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Adobe AIR-->C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
ALDI Nord Online Druck Service 4.6-->C:\Programme\ALDI Foto Service\ALDI_ODS\Deinstallieren.exe
Alive YouTube Video Converter (version 1.6.2.2)-->"C:\Programme\AliveMedia\YouTube Video Converter\unins000.exe"
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Programme\AskBarDis\unins000.exe"
Assassin's Creed-->C:\Programme\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0007 -removeonly
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Baphomets Fluch - Der Engel des Todes-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F41C11EC-7C13-47A7-A07C-251D96EC3879}\setup.exe" -l0x7 -removeonly
Birth of the Federation-->C:\WINDOWS\IsUn0407.exe -fg:\BoF\Uninst.isu
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon iP4200-->C:\WINDOWS\system32\CNMCP78.exe "-PRINTERNAMECanon iP4200" "-HELPERDLLC:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP4200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0407.dll"
Canon MP Navigator EX 2.0-->"C:\Programme\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP540 series Benutzerregistrierung-->C:\Programme\Canon\IJEREG\MP540 series\UNINST.EXE
Canon MP540 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x0007
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon Setup Utility 2.0-->"C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.0\uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Programme\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Programme\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Programme\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Championship Manager 2010 (September Data Patch)-->"C:\Programme\InstallShield Installation Information\{14592A8E-4DA6-4338-A9D5-E16449647EC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Championship Manager 2010 Data Editor-->"C:\Programme\InstallShield Installation Information\{4FA69A6D-C245-4D80-B0A6-623D8B7C3C51}\setup.exe" -runfromtemp -l0x0009 -removeonly
Championship Manager 2010-->"C:\Programme\InstallShield Installation Information\{5CA7899B-FFEC-4254-A05B-448420831F37}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Cisco Systems VPN Client 5.0.02.0090-->MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
CutePDF Writer 2.7-->C:\Programme\Acro Software\CutePDF Writer\uninscpw.exe
Die Sims™ 3 Reiseabenteuer-->"C:\Programme\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\Sims3EP01Setup.exe" -runfromtemp -l0x0007 -removeonly
Die Sims™ 3-->"C:\Programme\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
Divinity II - Ego Draconis-->"G:\Divinity II - Ego Draconis\unins000.exe"
Dragon Age: Origins-->C:\Programme\Gemeinsame Dateien\BioWare\Uninstall Dragon Age.exe
DVD Decrypter (Remove Only)-->"C:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DVDFab 6.0.5.0 Beta (29/08/2009)-->"C:\Programme\DVDFab 6\unins000.exe"
ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7 -removeonly
FinePrint-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst5.exe /uninstall
Free Video to iPod Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Free YouTube Downloader Converter-->C:\PROGRA~1\FREEYO~1\UNWISE.EXE C:\PROGRA~1\FREEYO~1\INSTALL.LOG
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
GIMP 2.6.7-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Grand Theft Auto IV-->"C:\Programme\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iClone v2.1 SE-->C:\Programme\InstallShield Installation Information\{580EC579-E476-469F-9EBF-F82D696FC67A}\setup.exe -runfromtemp -l0x0007 -removeonly /remove
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
LIDL Fotoservice-->"C:\Programme\LIDL Fotoservice\unins000.exe"
LucasArts' Star Wars Rebellion-->C:\WINDOWS\unin0407.exe -f"g:\LucasArts\Star Wars Rebellion\DeIsL1.isu"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.15)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{E0F252A6-DE85-4E93-A93B-DFC3537B3965}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Home Media Server-->MsiExec.exe /X{F5A3D2C9-22CF-489B-8B01-F7159D1A7412}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Music-->MsiExec.exe /I{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi One Touch Access 6.85.3011-->msiexec /qn /x {4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}
Nokia Ovi One Touch Access-->MsiExec.exe /I{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}
Nokia Ovi Suite-->MsiExec.exe /I{B5264B25-8908-49BB-A708-5A70DFBF8094}
Nokia Ovi System Utilities 6.85.3016-->msiexec /qn /x {FF34EA62-92C1-41E6-BA64-B2B7ECB53737}
Nokia Ovi System Utilities-->MsiExec.exe /X{FF34EA62-92C1-41E6-BA64-B2B7ECB53737}
Nokia Photos-->MsiExec.exe /I{D3656CE3-0F62-447F-AEF3-9BF29B6197D9}
Nokia Software Updater-->MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PhotoNow!-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
Power2Go 5.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrintParade Studio-->C:\PROGRA~1\PRINTP~1\UNWISE.EXE C:\PROGRA~1\PRINTP~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Programme\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Rockstar Games Social Club-->"C:\Programme\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Total Video Converter 3.21 090220-->"C:\Programme\Total Video Converter\unins000.exe"
TwonkyMedia-->C:\Programme\Nokia\Nokia Home Media Server\\Media Server\UninstallTwonkyMedia.exe
Ulead Video ToolBox Basic-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x7
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Winamp Remote-->"C:\Programme\Winamp Remote\uninstall.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
YouTube Video Converter-->MsiExec.exe /I{52E1698D-8B87-4B79-B609-77C763C3E6D9}

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: FU7UR3LESS
Event Code: 7036
Message: Dienst "Ati HotKey Poller" befindet sich jetzt im Status "Beendet".

Record Number: 52190
Source Name: Service Control Manager
Time Written: 20091127000534.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 52189
Source Name: Service Control Manager
Time Written: 20091126235516.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 52188
Source Name: Service Control Manager
Time Written: 20091126235509.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 52187
Source Name: Service Control Manager
Time Written: 20091126235509.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: FU7UR3LESS
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{74850009-CD88-4D80-B451-7DDF348E8105}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 52186
Source Name: Tcpip
Time Written: 20091126203119.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "C:\Dokumente und Einstellungen\fu7ur3\Lokale Einstellungen\Anwendungsdaten\Nokia\Nokia Data Store\DataBase\MDataStore.db3"


Record Number: 11411
Source Name: Nokia M Platform
Time Written: 20091113102142.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "c:\dokume~1\fu7ur3\lokale~1\anwend~1\nokia\nokiad~1\DataBase\MDataStore.db3"


Record Number: 11410
Source Name: Nokia M Platform
Time Written: 20091113102142.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "C:\Dokumente und Einstellungen\fu7ur3\Lokale Einstellungen\Anwendungsdaten\Nokia\Nokia Data Store\DataBase\MDataStore.db3"


Record Number: 11409
Source Name: Nokia M Platform
Time Written: 20091113102142.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

Nokia M Data Store opened at location "C:\Dokumente und Einstellungen\fu7ur3\Lokale Einstellungen\Anwendungsdaten\Nokia\Nokia Data Store\DataBase\MDataStore.db3"


Record Number: 11408
Source Name: Nokia M Platform
Time Written: 20091113102140.000000+060
Event Type: Informationen
User:

Computer Name: FU7UR3LESS
Event Code: 1
Message: Nokia M Platform 2.4.124 (NLib 0.8.346)

NokiaMServer: Started

Record Number: 11407
Source Name: Nokia M Platform
Time Written: 20091113102131.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RGSCLauncher"=G:\\Rockstar Games\Rockstar Games Social Club
"RGSC"=G:\\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Ich hoffe jemand kann mir helfen, da ich fast am verzweifeln bin, weil der einfach nicht weg geht

Alt 04.12.2009, 08:19   #2
kira
/// Helfer-Team
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



Hallo und Herzlich Willkommen!

dein System vermutlich von einem Rootkit befallen
Warnung!:
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Sicherheitskonzept v. SETI@home/Punkt 1.
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
ich brauche mehr `Übersicht` bzw Daten über einen längeren Zeitraum - dazu bitte Versteckte - und Systemdateien sichtbar machen::
→ Klicke unter Start auf Arbeitsplatz.
→ Klicke im Menü Extras auf Ordneroptionen.
→ Dateien und Ordner/Erweiterungen bei bekannten Dateitypen ausblenden → Haken entfernen
→ Geschützte und Systemdateien ausblenden → Haken entfernen
→ Versteckte Dateien und Ordner/Alle Dateien und Ordner anzeigen → Haken setzen.
→ Bei "Geschützte Systemdateien ausblenden" darf kein Häkchen sein und "Alle Dateien und Ordner anzeigen" muss aktiviert sein.

2.
Für XP und Win2000 (ansonsten auslassen)
→ lade Dir das filelist.zip auf deinen Desktop herunter
→ entpacke die Zip-Datei auf deinen Desktop
→ starte nun mit einem Doppelklick auf die Datei "filelist.bat" - Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
→ kopiere aus die erzeugten Logfile alle 7 Verzeichnisse ("C\...") usw - aber nur die Einträge der letzten 6 Monate - hier in deinem Thread
** vor jedem Eintrag steht ein Datum, also Einträge, die älter als 6 Monate sind bitte herauslöschen!

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - "Show all" soll nicht angehakt sein! dann klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
** kannst Du das Log bei File-Upload.net/kostenlos hochladen und den Link mir hier posten.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________


Alt 05.12.2009, 15:42   #3
domi0815
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



Code:
ATTFilter
----- Root ----------------------------- 
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: F473-F22F

 Verzeichnis von C:\

05.12.2009  15:36                43 filelist.txt
05.12.2009  13:41     2.145.386.496 pagefile.sys
13.01.2009  11:59           251.712 ntldr
12.01.2009  21:56                 0 CONFIG.SYS
12.01.2009  21:56                 0 MSDOS.SYS
12.01.2009  21:56                 0 IO.SYS
12.01.2009  21:56                 0 AUTOEXEC.BAT
12.01.2009  21:51               211 boot.ini
04.08.2004  13:00            47.564 NTDETECT.COM
04.08.2004  13:00             4.952 bootfont.bin
              10 Datei(en)  2.145.690.978 Bytes
               0 Verzeichnis(se), 31.278.895.104 Bytes frei
----- Windows -------------------------- 
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: F473-F22F

 Verzeichnis von C:\WINDOWS

05.12.2009  15:27             2.564 RTacDbg.txt
05.12.2009  15:27         1.868.054 WindowsUpdate.log
05.12.2009  13:49             2.125 setupapi.log
05.12.2009  13:43                 0 0.log
05.12.2009  13:42               159 wiadebug.log
05.12.2009  13:42                50 wiaservc.log
05.12.2009  13:42             2.048 bootstat.dat
05.12.2009  00:16            32.644 SchedLgU.Txt
27.11.2009  11:04               116 NeroDigital.ini
07.11.2009  18:18            21.504 jestertb.dll
25.10.2009  12:10               552 win.ini

---- System 32 (Achtung: Zeitfenster beachten!) --- 
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: F473-F22F

 Verzeichnis von C:\WINDOWS\system32

05.12.2009  13:42             2.206 wpa.dbl
26.10.2009  06:52           292.480 FNTCACHE.DAT
16.09.2009  19:55               216 spupdsvc.inf
16.09.2009  19:53           440.656 perfh009.dat
16.09.2009  19:53           456.964 perfh007.dat
16.09.2009  19:53            70.742 perfc009.dat
16.09.2009  19:53            83.402 perfc007.dat
16.09.2009  19:53         1.020.606 PerfStringBackup.INI
15.09.2009  22:55            25.088 mlfcache.dat
05.09.2009  00:54            69.632 QuickTime.qts
05.09.2009  00:54            94.208 QuickTimeVR.qtx
04.09.2009  17:44           515.416 XAudio2_5.dll
04.09.2009  17:44           238.936 xactengine3_5.dll
04.09.2009  17:44            69.464 XAPOFX1_3.dll
04.09.2009  17:29           453.456 d3dx10_42.dll
04.09.2009  17:29           235.344 d3dx11_42.dll
04.09.2009  17:29         5.501.792 d3dcsx_42.dll
04.09.2009  17:29         1.974.616 D3DCompiler_42.dll
04.09.2009  17:29         1.892.184 D3DX9_42.dll
06.08.2009  18:24           327.896 wucltui.dll
06.08.2009  18:24           209.632 wuweb.dll
06.08.2009  18:24            18.144 wuaueng.dll.mui
06.08.2009  18:24            44.768 wups2.dll
06.08.2009  18:24           217.816 wuaucpl.cpl
06.08.2009  18:24            35.552 wups.dll
06.08.2009  18:24            15.584 wuapi.dll.mui
06.08.2009  18:24            53.472 wuauclt.exe
06.08.2009  18:24            96.480 cdm.dll
06.08.2009  18:24            15.584 wuaucpl.cpl.mui
06.08.2009  18:24            23.264 wucltui.dll.mui
06.08.2009  18:23           575.704 wuapi.dll
06.08.2009  18:23         1.929.952 wuaueng.dll
09.07.2009  11:16         2.060.288 usbaaplrc.dll
23.06.2009  19:03                56 ezsidmv.dat
25.05.2009  13:01            89.256 ElbyCDIO.dll

----- Prefetch ------------------------- 
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: F473-F22F

 Verzeichnis von C:\WINDOWS\Prefetch

05.12.2009  15:36            11.092 FIND.EXE-0EC32F1E.pf
05.12.2009  15:36            11.010 CMD.EXE-087B4001.pf
05.12.2009  15:36            36.648 WINRAR.EXE-3588DFE8.pf
05.12.2009  15:36            48.078 AVSCAN.EXE-25724B6E.pf
05.12.2009  15:35            14.488 VERCLSID.EXE-3667BD89.pf
05.12.2009  15:34            85.106 SKYPENAMES.EXE-00E36E08.pf
05.12.2009  15:33            29.056 RUNDLL32.EXE-2E1142B3.pf
05.12.2009  15:27           105.202 FIREFOX.EXE-1D57670A.pf
05.12.2009  15:27            14.540 WINAMPA.EXE-2BDF6A16.pf
05.12.2009  15:27            25.238 FPDISP5A.EXE-109D6FA9.pf
05.12.2009  15:27            46.466 RTHDCPL.EXE-06918CFA.pf
05.12.2009  15:27             6.966 NCLRSSRV.EXE-04B12690.pf
05.12.2009  15:27             9.176 NCLUSBSRV.EXE-0C8FE645.pf
05.12.2009  15:27            77.130 ATI2EVXX.EXE-19D16EB9.pf
05.12.2009  15:27            95.958 EXPLORER.EXE-082F38A9.pf
05.12.2009  15:27           123.222 USERINIT.EXE-30B18140.pf
05.12.2009  15:27             5.438 CLISTART.EXE-025897C5.pf
05.12.2009  15:27            11.560 ALCMTR.EXE-235F9538.pf
05.12.2009  15:17             7.342 JQSNOTIFY.EXE-1E60A522.pf
05.12.2009  13:49            95.038 SERVICELAYER.EXE-1F92E785.pf
05.12.2009  13:49            15.108 NCLINSTALLER.EXE-2F4C1B98.pf
05.12.2009  13:49           109.770 SKYPEPM.EXE-03F1BFBD.pf
05.12.2009  13:49           131.650 WMIPRVSE.EXE-28F301A9.pf
05.12.2009  13:49           149.522 PRESENTATIONFONTCACHE.EXE-1706C4D2.pf
05.12.2009  13:49            36.772 CSC.EXE-01730C27.pf
05.12.2009  13:49            11.100 CVTRES.EXE-2329DCD5.pf
05.12.2009  13:49            45.098 IPODSERVICE.EXE-233792DA.pf
05.12.2009  13:49            54.006 WG111V2.EXE-1BBF507C.pf
05.12.2009  13:48            19.430 VPNGUI.EXE-10986A0F.pf
05.12.2009  13:48            16.118 WMIADAP.EXE-2DF425B2.pf
05.12.2009  13:48            40.420 APPLESYNCNOTIFIER.EXE-0DCBD908.pf
05.12.2009  13:48            57.930 DAEMON.EXE-0281E4E0.pf
05.12.2009  13:48            95.796 ICQ.EXE-15A4C655.pf
05.12.2009  13:48           123.590 RGSC.EXE-09553FF5.pf
05.12.2009  13:48            52.292 MBAM.EXE-11D8BBD8.pf
05.12.2009  13:48            77.782 SKYPE.EXE-21F19BC8.pf
05.12.2009  13:48            27.296 ORBTRAY.EXE-025DD7E9.pf
05.12.2009  13:48            14.474 CTFMON.EXE-0E17969B.pf
05.12.2009  13:48            20.538 GROOVEMONITOR.EXE-27AC1EA0.pf
05.12.2009  13:48            12.584 ITUNESHELPER.EXE-08906EB7.pf
05.12.2009  13:48            70.802 CCC.EXE-1B087988.pf
05.12.2009  13:48            10.024 BJMYPRT.EXE-2D435E4B.pf
05.12.2009  13:48            84.408 RGSCLAUNCHER.EXE-096408F8.pf
05.12.2009  13:48            94.044 MOM.EXE-36B2EDCA.pf
05.12.2009  13:48             9.196 ALCFDRTM.EXE-1A22C94E.pf
05.12.2009  13:48            51.416 AVGNT.EXE-39CD89BF.pf
05.12.2009  13:48            10.420 READER_SL.EXE-2FAFE67A.pf
05.12.2009  13:48            10.262 JUSCHED.EXE-336229D9.pf
05.12.2009  13:48             8.402 QTTASK.EXE-2D7EEF34.pf
05.12.2009  13:48            17.172 WUAUCLT.EXE-399A8E72.pf
05.12.2009  13:48             9.592 CNSLMAIN.EXE-32AB703B.pf
05.12.2009  13:48            65.126 NOKIAMUSIC.EXE-396823AB.pf
05.12.2009  13:48            86.564 IMAPI.EXE-0BF740A4.pf
05.12.2009  13:48             9.286 BJPSMAIN.EXE-13BB334D.pf
05.12.2009  13:48             6.510 NEROCHECK.EXE-092C6DFA.pf
04.12.2009  23:59            42.166 ONENOTEM.EXE-1B134824.pf
04.12.2009  23:23             7.552 LOGON.SCR-151EFAEA.pf
04.12.2009  21:04            57.168 SOFTWAREUPDATE.EXE-1E90DF1F.pf
04.12.2009  21:04            18.524 DLLHOST.EXE-205D880D.pf
04.12.2009  19:32           553.974 Layout.ini
04.12.2009  19:31           120.358 HELPSVC.EXE-2878DDA2.pf
04.12.2009  18:56            70.042 AVNOTIFY.EXE-31D7686A.pf
04.12.2009  18:56            55.838 UPDATE.EXE-3398FCD6.pf
04.12.2009  13:23            16.148 DEFRAG.EXE-273F131E.pf
04.12.2009  13:23            89.118 DFRGNTFS.EXE-269967DF.pf
04.12.2009  11:25            73.962 TS3EP01.EXE-1AA16962.pf
04.12.2009  11:25            93.042 SIMS3LAUNCHER.EXE-046D69CD.pf
04.12.2009  11:25            95.396 SIMS3LAUNCHER.EXE-049333F9.pf
04.12.2009  11:25            27.166 S3LAUNCHER.EXE-3B76C4AA.pf
04.12.2009  10:32            17.756 NOKIAMSERVER.EXE-1060D689.pf
03.12.2009  22:57            66.262 DAORIGINS.EXE-067A39C3.pf
03.12.2009  22:57            72.172 DAORIGINSLAUNCHER.EXE-0DB69642.pf
03.12.2009  22:49             7.856 MBAMGUI.EXE-1E06AB95.pf
03.12.2009  22:27            69.090 NOTEPAD.EXE-336351A9.pf
03.12.2009  22:27            52.702 DOMI.EXE-3ABD1DBA.pf
03.12.2009  22:27            19.290 RSIT.EXE-19BAF3B5.pf
03.12.2009  22:22            11.676 REGEDIT.EXE-1B606482.pf
03.12.2009  22:19            16.266 GUARDGUI.EXE-147E0160.pf
03.12.2009  21:26            16.638 REGSVR32.EXE-25EEFE2F.pf
03.12.2009  21:26            21.612 MBAM-SETUP.TMP-0C2454EA.pf
03.12.2009  21:26            13.948 MBAM-SETUP.EXE-0F9B0906.pf
03.12.2009  21:17            19.040 CCLEANER.EXE-065E2F3F.pf
03.12.2009  21:16            27.246 CCSETUP226.EXE-0DDDD504.pf
03.12.2009  19:57            83.816 IEXPLORE.EXE-2CA9778D.pf
03.12.2009  19:57            27.558 RUNDLL32.EXE-34EC2FFC.pf
03.12.2009  19:45            32.488 RUNDLL32.EXE-39223380.pf
03.12.2009  18:18            73.132 RUNDLL32.EXE-37F9EC55.pf
03.12.2009  18:18             7.114 CNMSE9E.EXE-1AB094D7.pf
03.12.2009  18:18            11.800 RUNDLL32.EXE-451FC2C0.pf
03.12.2009  18:00             3.702 KILLTRAY.EXE-1CB9F0E1.pf
03.12.2009  16:14            29.042 RUNDLL32.EXE-22570581.pf
03.12.2009  16:14             9.570 DW20.EXE-005BA42F.pf
03.12.2009  11:04            21.856 JAVAWS.EXE-1714DD62.pf
03.12.2009  11:04            81.658 JAVAW.EXE-0159D575.pf
02.12.2009  19:23            19.288 RUNDLL32.EXE-12E27DD0.pf
02.12.2009  07:32            56.912 ADOBE_UPDATER.EXE-059F58EC.pf
01.12.2009  20:09            65.360 WINWORD.EXE-0B995611.pf
01.12.2009  19:58            27.314 RUNDLL32.EXE-1C30D140.pf
01.12.2009  19:40            29.262 RUNDLL32.EXE-47B0F4B7.pf
01.12.2009  18:59            12.334 CALC.EXE-02CD573A.pf
01.12.2009  18:10            61.956 JAVA.EXE-2167859B.pf
30.11.2009  19:07            30.072 DRWTSN32.EXE-2B4B52AC.pf
30.11.2009  19:07            37.856 DWWIN.EXE-30875ADC.pf
30.11.2009  16:57            27.492 RUNDLL32.EXE-338046A1.pf
29.11.2009  22:48            27.314 RUNDLL32.EXE-3552D6F1.pf
29.11.2009  22:41            30.902 RUNDLL32.EXE-466CC8F9.pf
29.11.2009  20:01            57.542 DIVINITY2.EXE-17297791.pf
29.07.2009  09:22                 0 RUNDLL32.EXE-14206DDC.pf
29.07.2009  09:22                 0 CONTROL.EXE-013DBFB5.pf
29.07.2009  09:21                 0 CLEANMGR.EXE-1F86EA8E.pf
20.07.2009  11:14            30.228 AVWSC.EXE-3AC95876.pf
112 Datei(en)      6.468.744 Bytes
               0 Verzeichnis(se), 31.278.759.936 Bytes frei

----- Tasks ---------------------------- 
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: F473-F22F

 Verzeichnis von C:\WINDOWS\tasks

05.12.2009  13:42                 6 SA.DAT
04.12.2009  21:04               276 AppleSoftwareUpdate.job

             3 Datei(en)            347 Bytes
               0 Verzeichnis(se), 31.278.759.936 Bytes frei

----- Windows/Temp ----------------------- 
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: F473-F22F

 Verzeichnis von C:\WINDOWS\Temp

05.12.2009  13:42            16.384 Perflib_Perfdata_10c.dat
08.09.2009  18:48           118.315 dneinst.log
27.06.2009  18:04            16.320 wudf_update.log
05.05.2009  15:16             1.536 NEventMessages.dll
05.05.2009  15:08               678 MSIa87d6.LOG



              19 Datei(en)      4.880.281 Bytes
               0 Verzeichnis(se), 31.278.755.840 Bytes frei


---- Temp ----------------------------- 
 Datentr„ger in Laufwerk C: ist Windows
 Volumeseriennummer: F473-F22F

 Verzeichnis von C:\DOKUME~1\domi\LOKALE~1\Temp

05.12.2009  15:35                 0 etilqs_WmXDpXQmKDFeXzATSuvR
05.12.2009  15:32           946.021 jusched.log
05.12.2009  15:27                 0 JET8663.tmp
29.11.2009  19:49            34.374 java_install_reg.log
24.11.2009  20:40               906 jar_cache5127163183663177319.tmp
24.11.2009  20:39                58 jar_cache3200178458103189064.tmp
24.11.2009  20:39               639 jar_cache171078256269368885.tmp
24.11.2009  20:39               217 jar_cache7315432807220914633.tmp
24.11.2009  20:39               907 jar_cache469225876291781426.tmp
24.11.2009  20:39             2.090 jar_cache7454447625791542448.tmp
24.11.2009  20:39             2.072 jar_cache3987063536171395487.tmp
24.11.2009  20:39             1.007 jar_cache5738944478721000693.tmp
19.11.2009  21:28               931 jinstall.cfg
16.11.2009  18:58                62 OneNote_MigrationLog.txt
16.11.2009  18:58            12.112 {7F0572C6-49E2-49CF-8F18-B7660EF8C01E}
15.11.2009  15:20            12.818 control.xml
05.11.2009  06:56            16.384 ~DFE1D3.tmp
04.11.2009  07:13            16.384 ~DFE493.tmp
03.11.2009  18:11            16.384 ~DF2DC5.tmp
02.11.2009  07:04            16.384 ~DFD763.tmp
01.11.2009  11:34            16.384 ~DF717D.tmp
30.10.2009  07:09            16.384 ~DF3D75.tmp
29.10.2009  18:46            16.384 ~DF9894.tmp
29.10.2009  07:11            16.384 ~DF9A02.tmp
27.10.2009  18:40            16.384 ~DFA6C7.tmp
27.10.2009  16:56            16.384 ~DF68D9.tmp
27.10.2009  07:10            16.384 ~DFCA78.tmp
26.10.2009  16:16            16.384 ~DFAF68.tmp
25.10.2009  12:20           129.562 SetupExe(20091025120118CE0).log
25.10.2009  11:34            16.384 ~DFA057.tmp
25.10.2009  10:29           383.804 WT16.tmp
25.10.2009  10:29           367.112 WT15.tmp
25.10.2009  00:18            16.384 ~DF6F19.tmp
23.10.2009  06:09            16.384 ~DFCAED.tmp
22.10.2009  20:55            16.384 ~DF5B5E.tmp
22.10.2009  15:44            16.384 ~DFA9DF.tmp
22.10.2009  14:07            16.384 ~DFC64E.tmp
21.10.2009  15:56            16.384 ~DF30CD.tmp
21.10.2009  05:03            16.384 ~DFFF7B.tmp
20.10.2009  06:08            16.384 ~DF55C4.tmp
19.10.2009  06:09            16.384 ~DFB228.tmp
17.10.2009  12:02                58 jar_cache1275175899325810578.tmp
17.10.2009  12:02               217 jar_cache3298976233374009330.tmp
17.10.2009  12:02               906 jar_cache4413306113105081085.tmp
17.10.2009  12:02               639 jar_cache2294502355142730792.tmp
17.10.2009  12:02             1.007 jar_cache5194103968802860725.tmp
17.10.2009  12:02             2.090 jar_cache5924811299361547421.tmp
17.10.2009  12:02             2.072 jar_cache8282463158630008212.tmp
16.10.2009  06:13            16.384 ~DFB103.tmp
14.10.2009  15:40            16.384 ~DF4E14.tmp
14.10.2009  15:22             8.989 au-descriptor-1.6.0_15-b71.xml
09.10.2009  20:31            16.384 ~DF5D2F.tmp
09.10.2009  06:11            16.384 ~DF3940.tmp
08.10.2009  06:14            16.384 ~DF6D4B.tmp
07.10.2009  14:51            16.384 ~DF36E9.tmp
07.10.2009  06:10            16.384 ~DFE634.tmp
07.10.2009  06:03            32.768 RMS9.tmp
07.10.2009  06:03            32.768 RMS8.tmp
06.10.2009  20:21            16.384 ~DF2D79.tmp
06.10.2009  15:33            16.384 ~DF4B70.tmp
06.10.2009  06:13            16.384 ~DF4FEE.tmp
05.10.2009  19:55            16.384 ~DFC906.tmp
05.10.2009  15:53            16.384 ~DFECB7.tmp
04.10.2009  21:45            16.384 ~DFD6EC.tmp
04.10.2009  19:19            16.384 ~DF8597.tmp
04.10.2009  12:19            16.384 ~DFF80B.tmp
04.10.2009  11:42            16.384 ~DF6633.tmp
04.10.2009  11:32            16.384 ~DF8350.tmp
04.10.2009  09:38            16.384 ~DF83F3.tmp
03.10.2009  22:30            16.384 ~DFF45A.tmp
01.10.2009  06:16            16.384 ~DF3ED8.tmp
30.09.2009  06:15            16.384 ~DF1C3D.tmp
29.09.2009  18:35           798.234 IMTD4.xml
29.09.2009  18:35               426 IMTD3.xml
29.09.2009  18:35             2.036 IMTD2.xml
29.09.2009  18:00            16.384 ~DF45EB.tmp
29.09.2009  06:15            16.384 ~DFB14C.tmp
26.09.2009  21:51            16.384 ~DF1916.tmp
25.09.2009  06:16            16.384 ~DF8264.tmp
24.09.2009  17:39            16.384 ~DFCA39.tmp
24.09.2009  06:09            16.384 ~DF945.tmp
23.09.2009  06:16            16.384 ~DF1D56.tmp
22.09.2009  18:36            32.768 RMS75.tmp
22.09.2009  18:36            32.768 RMS74.tmp
22.09.2009  06:15            16.384 ~DF911E.tmp
21.09.2009  06:10            16.384 ~DF6F3D.tmp
17.09.2009  17:21            16.384 ~DF7559.tmp
17.09.2009  06:24            65.536 drm_dialogs.dll
17.09.2009  06:24           204.800 drm_dyndata_7400009.dll
16.09.2009  20:18           204.800 drm_dyndata_7400006.dll
16.09.2009  19:59           347.758 dd_dotnetfx35install.txt
16.09.2009  19:59            88.918 uxeventlog.txt
16.09.2009  19:59           237.700 dd_depcheck_NETFX_EXP_35.txt
16.09.2009  19:59           204.002 dd_dotnetfx35install_lp.txt
16.09.2009  19:59            21.556 dd_XPS_LP.txt
16.09.2009  19:59           471.590 dd_NET_Framework35_LangPack_MSI527D.txt
16.09.2009  19:58         1.230.354 dd_NET_Framework_30LP_Agile_Setup520E.txt
16.09.2009  19:58         2.076.832 dd_NET_Framework_20LP_Agile_Setup5168.txt
16.09.2009  19:57                 2 dd_dotnetfx35error_lp.txt
16.09.2009  19:57         1.438.312 dd_NET_Framework35_MSI50E2.txt
16.09.2009  19:56         3.962.350 dd_NET_Framework30_Setup4FE0.txt
16.09.2009  19:56             4.841 dd_wcf_retCA754F.txt
16.09.2009  19:55            26.272 dd_XPS.txt
16.09.2009  19:54        22.651.152 dd_NET_Framework20_Setup4CC3.txt
16.09.2009  19:53             5.158 ASPNETSetup_00002.log
16.09.2009  19:51             8.740 dd_clwireg.txt
16.09.2009  19:49                 2 dd_dotnetfx35error.txt
11.09.2009  06:27            16.384 ~DF233A.tmp
06.09.2009  11:00            32.768 RMS6.tmp
06.09.2009  11:00            32.768 RMS7.tmp
05.09.2009  20:51            16.384 ~DF49AE.tmp
03.09.2009  00:25           383.804 WT96.tmp
03.09.2009  00:25           367.112 WT95.tmp
31.08.2009  15:36            16.384 ~DFFF0.tmp
28.08.2009  22:32            16.384 ~DFDC22.tmp
26.08.2009  19:36           721.408 2009-08 - Gus-Movies.xls
26.08.2009  15:45            16.384 ~DF9E75.tmp
24.08.2009  20:49            16.384 ~DF82E2.tmp
14.08.2009  19:03           737.280 ~DFD6B4.tmp
09.08.2009  13:29           737.280 ~DFDF80.tmp
04.08.2009  08:58            16.384 ~DF6313.tmp
01.08.2009  11:02            16.384 ~DF9E0.tmp
29.07.2009  09:22               124 dw.log
29.07.2009  08:27            16.384 ~DFCBE6.tmp
21.07.2009  07:35            16.384 ~DF4679.tmp
20.07.2009  08:43             9.665 1.6.0_13-b82.xml
15.07.2009  20:29           208.896 drm_dyndata_7370012.dll
15.07.2009  11:14            16.384 ~DF456B.tmp
13.07.2009  22:45            16.384 ~DFED18.tmp
10.07.2009  11:03            16.384 ~DF3281.tmp
05.07.2009  21:12            16.384 ~DF129D.tmp
05.07.2009  12:01            16.384 ~DF46D1.tmp
04.07.2009  09:02            16.384 ~DFD881.tmp
03.07.2009  06:33            16.384 ~DF79C2.tmp
02.07.2009  04:18            16.384 ~DFE630.tmp
30.06.2009  12:30            16.384 ~DF3639.tmp
29.06.2009  19:44            16.384 ~DF5E6A.tmp
27.06.2009  17:02         2.303.814 V_ LAUE_ Broken Windows und das New Yorker Modell, in_ Rossner et al._ Dusseldorfer Gutachten, 2002, S. 355-379..pdf
27.06.2009  16:59           127.921 O_ WILSON_ KELLING_ Broken Windows, in_ The Atlantic Quarterly 1982.pdf
27.06.2009  16:42           153.793 Prasentation.pdf
27.06.2009  14:25            16.384 ~DF862A.tmp
25.06.2009  19:39            16.384 ~DFDB09.tmp
23.06.2009  10:07            15.717 jar_cache4126800538517288013.tmp
23.06.2009  10:07            83.267 jar_cache8538519378549481362.tmp
23.06.2009  10:07            58.805 jar_cache1734695384796025247.tmp
15.06.2009  09:10             9.635 jupdate_d6597326
02.06.2009  10:04             9.635 1.6.0_13-b93.xml
26.05.2009  20:23             5.728 jar_cache8817680780477975142.tmp
15.05.2009  11:09           204.800 drm_dyndata_7380014.dll
08.05.2009  14:47            65.536 ~DFD73.tmp
08.05.2009  14:42            65.536 ~DF63BB.tmp
06.05.2009  15:55            65.536 ~DF293E.tmp
06.05.2009  15:04            65.536 ~DF2FF2.tmp
05.05.2009  15:08             1.615 NclRegPermissions(3).log
05.05.2009  15:01             7.978 NclRegPermissions(2).log
05.05.2009  15:01             2.331 NclRegPermissions(1).log
05.05.2009  14:59             1.536 NEventMessages.dll
05.05.2009  13:43           204.800 drm_dyndata_7390004.dll
01.05.2009  19:01            15.717 jar_cache2799270709570302139.tmp
01.05.2009  19:01            83.267 jar_cache4069761119175905930.tmp
01.05.2009  19:01            58.805 jar_cache8307672077535013458.tmp

382 Datei(en)     61.508.914 Bytes
               0 Verzeichnis(se), 31.278.718.976 Bytes frei
         

CCleaner:

Code:
ATTFilter
                            		1.9.5.3105
Adobe AIR	Adobe Systems Inc.	1.5.1.8210
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	10.0.12.36
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	10.0.32.18
Adobe Media Player	Adobe Systems Incorporated	1.6
Adobe Reader 9.1.2 - Deutsch	Adobe Systems Incorporated	9.1.2
ALDI Nord Online Druck Service 4.6	ORWO Net	4.6
Alive YouTube Video Converter (version 1.6.2.2)	AliveMedia, Inc.	
AnyDVD	SlySoft	
Apple Application Support	Apple Inc.	1.0
Apple Mobile Device Support	Apple Inc.	2.6.0.32
Apple Software Update	Apple Inc.	2.1.1.116
Ask Toolbar	Ask.com	4.1.0.2
Assassin's Creed	Ubisoft	1.02
ATI - Dienstprogramm zur Deinstallation der Software		6.14.10.1022
ATI AVIVO Codecs	ATI Technologies Inc.	9.15.0.20713
ATI Catalyst Control Center		2.008.0602.2242
ATI Display Driver		8.501-080602a-064785C-ATI
Avira AntiVir Personal - Free Antivirus	Avira GmbH	
Baphomets Fluch - Der Engel des Todes	THQ	1.00.0000
Birth of the Federation		
Bonjour	Apple Inc.	1.0.106
Canon iP4200		
Canon MP Navigator EX 2.0		
Canon MP540 series Benutzerregistrierung		
Canon MP540 series MP Drivers		
Canon PhotoRecord	Cisra	02.02.03002
Canon Setup Utility 2.0		
Canon Utilities Easy-PhotoPrint		
Canon Utilities Easy-PhotoPrint EX		
Canon Utilities Easy-PrintToolBox		
Canon Utilities My Printer		
Canon Utilities Solution Menu		
CCleaner	Piriform	
CD-LabelPrint		
Championship Manager 2010	Eidos	10.0.1
Championship Manager 2010 (September Data Patch)	Eidos	10.0.0000
Championship Manager 2010 Data Editor	Eidos	1.00.0000
Cisco Systems VPN Client 5.0.02.0090	Cisco Systems, Inc.	5.0.2
CloneDVD2	Elaborate Bytes	
CutePDF Writer 2.7		
Die Sims™ 3	Electronic Arts	1.7.9
Die Sims™ 3 Reiseabenteuer	Electronic Arts	2.0.86
Divinity II - Ego Draconis	dtp	
Dragon Age: Origins	Electronic Arts, Inc.	1.01
DVD Decrypter (Remove Only)		
DVD Shrink 3.2	DVD Shrink	
DVD Suite	CyberLink Corporation	5.0.2103
DVDFab 6.0.5.0 Beta (29/08/2009)	Fengtao Software Inc.	
ElsterFormular 2007/2008	Steuerverwaltung des Bundes und der Länder	9.5.1.0
FinePrint		
Free Video to iPod Converter version 3.1	DVDVideoSoft Limited.	
Free YouTube Downloader Converter		
Free YouTube to Mp3 Converter version 3.1	DVDVideoSoft Limited.	
GIMP 2.6.7		
Grand Theft Auto IV	Rockstar Games	1.00.0000
High Definition Audio Driver Package - KB888111	Microsoft Corporation	20040219.000000
HijackThis 2.0.2	TrendMicro	2.0.2
iClone v2.1 SE	Reallusion Inc.	2.1
ICQ6.5	ICQ	6.5
Image Resizer Powertoy for Windows XP	Microsoft Corporation	1.00.0001
IrfanView (remove only)		
iTunes	Apple Inc.	9.0.1.8
Java(TM) 6 Update 12	Sun Microsystems, Inc.	6.0.120
LIDL Fotoservice		
LucasArts' Star Wars Rebellion		
Malwarebytes' Anti-Malware	Malwarebytes Corporation	
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	2.2.30729
Microsoft .NET Framework 3.0 German Language Pack	Microsoft Corporation	
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	
Microsoft Games for Windows - LIVE 	Microsoft Corporation	2.0.675.0
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	2.0.673.0
Microsoft Office Enterprise 2007	Microsoft Corporation	12.0.6425.1000
Microsoft User-Mode Driver Framework Feature Pack 1.5	Microsoft Corporation	
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	9.0.30729
Microsoft WSE 3.0 Runtime	Microsoft Corp.	3.0.5305.0
MobileMe Control Panel	Apple Inc.	2.6.0.29
Mozilla Firefox (3.0.15)	Mozilla	3.0.15 (de)
MSXML 6.0 Parser (KB933579)	Microsoft Corporation	6.10.1200.0
Nero 7 Premium	Nero AG	7.00.0087
NETGEAR WG111v2 wireless USB 2.0 adapter	Ihr Firmenname	1.00.2012
Nokia Connectivity Cable Driver	Nokia	7.1.16.0
Nokia Flashing Cable Driver	Nokia	8.6.0.2
Nokia Home Media Server	Nokia	1.0.38
Nokia Map Loader	Nokia	1.3.12
Nokia Music	Nokia Music	1.2.20226
Nokia Ovi Application Installer 6.85.3011	Nokia	
Nokia Ovi Content Copier 6.85.3011	Nokia	
Nokia Ovi One Touch Access 6.85.3011	Nokia	
Nokia Ovi Suite	Nokia	3.1.311
Nokia Ovi System Utilities 6.85.3016	Nokia	
Nokia Photos	Nokia	1.6.145
Nokia Software Updater	Nokia Corporation	01.06.011.38351
NVIDIA PhysX	NVIDIA Corporation	9.09.0428
PC Connectivity Solution	Nokia	9.13.1.0
PhotoNow!	CyberLink Corp.	1.0.4310
Picasa 3	Google, Inc.	3.1
Power2Go 5.0		
PowerBackup	CyberLink Corporation	2.5.3327
PowerDirector	CyberLink Corp.	5.0.2730b
PowerProducer	CyberLink Corp.	072109
PrintParade Studio		
QuickTime	Apple Inc.	7.64.17.73
REALTEK GbE & FE Ethernet PCI NIC Driver	Realtek	1.08.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	5.10.0.5397
Rockstar Games Social Club	Rockstar Games	1.00.0000
Sacred 2	Ascaron Entertainment	2.0.2.0
Safari	Apple Inc.	4.31.9.1
Skype web features	Skype Technologies S.A.	1.0.3971
Skype™ 4.1	Skype Technologies S.A.	4.1.179
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	9.0.0
Total Video Converter 3.21 090220	EffectMatrix Inc.	
TwonkyMedia	Twonkyvison	0.4.24.0
Ulead Video ToolBox Basic	Ulead System	2.0
Uninstall 1.0.0.1		
Winamp	Nullsoft, Inc	5.541 
Winamp Remote	Orb Networks	2.2008.0508.1530
Windows Media Format 11 runtime		
Windows Media Player Firefox Plugin	Microsoft Corp	1.0.0.8
Windows XP Service Pack 3	Microsoft Corporation	20080414.031514
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	08/22/2008 7.0.0.0
WinRAR Archivierer		
YouTube Video Converter	Magic	2.20.0000
         
__________________

Geändert von domi0815 (05.12.2009 um 15:51 Uhr)

Alt 05.12.2009, 16:00   #4
domi0815
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



Gmer lässt sich bei mir nicht starten.

Wenn ich die exe starte, dann bricht er immer ab und es kommt das typische "Problimbericht" senden, was Windows immer macht.

Also:

gmer.exe hat ein Problem festgestellt und muss beendet werden.

Alt 06.12.2009, 10:41   #5
kira
/// Helfer-Team
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



hi

1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
ATTFilter
Ask Toolbar
         
2.
Bitte unbedingt alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner - wähle hier "My computer" aus und das Logergebnis speichern "Save as" dann posten
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben


Alt 06.12.2009, 18:25   #6
domi0815
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



Hab Kaspersky durchgeführt, hier die log:

Code:
ATTFilter
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Sunday, December 6, 2009
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Sunday, December 06, 2009 09:41:36
 Records in database: 3335647
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\
	J:\
	K:\
	M:\

Scan statistics:
	Objects scanned: 132897
	Threats found: 2
	Infected objects found: 3
	Suspicious objects found: 0
	Scan duration: 02:32:36


File name / Threat / Threats count
H:\Stefanie\pantsoff.exe	Infected: not-a-virus:PSWTool.Win32.Finder.d	1
I:\FIFA 09\1_bundesliga_flaggen_patch.exe	Infected: not-a-virus:RiskTool.Win32.HideWindows	1
I:\FIFA 09\1_bundesliga_flaggen_patch.rar	Infected: not-a-virus:RiskTool.Win32.HideWindows	1

Selected area has been scanned.
         

Da hat er nun nicht wirklich was gefunden, komisch oder?

gmer funktioniert immer noch nicht, auch merkwürdig.


Übrigens danke für deine Hilfe bisher, das hab ich ja noch nicht gesagt

Alt 07.12.2009, 14:55   #7
kira
/// Helfer-Team
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



Zitat:
Zitat von domi0815 Beitrag anzeigen

Da hat er nun nicht wirklich was gefunden, komisch oder?
die sind programme, die generell in sich eine gewisse Risiko tragen - aufgrund der Art der Daten und Programme: Skript zur Ausführung bösartigen Aktivitäten,die anfälligkeit gegen Angriffe, Sicherheitslücke etc = *Potentiell gefährliche Programme (Riskware)* -also sind nicht direkt böse
Potentiell gefährliche Anwendungen (Riskware): Solche Programme verfügen nicht über schädliche Funktionen, können aber unter bestimmten Umständen von Angreifern als Hilfskomponenten eines schädlichen Programms verwendet werden, weil sie Schwachstellen und Fehler enthalten. Unter bestimmten Umständen entsteht durch das Vorhandensein solcher Programme auf dem Computer ein Sicherheitsrisiko für Ihre Daten. Zu dieser Kategorie zählen beispielsweise bestimmte Dienstprogramme zur entfernten Administration, Programme zum automatischen Umschalten der Tastaturbelegung, IRC-Clients, FTP-Server, unterschiedliche Dienstprogramme zum Erstellen oder zum Verstecken von Prozessen.

*
Lade und installiere das Tool RootRepeal herunter

- setze einen Hacken bei: "Drivers", "Stealth Objects" und "Hidden Services" dann klick auf "OK"
- nach der Scan, klick auf "Save Report"
- speichere das Logfile als RootRepeal.txt auf dem Desktop und Kopiere den Inhalt hier in den Thread

Alt 07.12.2009, 19:45   #8
domi0815
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



Hab die drei Sachen gescant.

Hier ist die log:


Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/12/07 19:44
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name:          
Image Path:          
Address: 0xB9DCB000	Size: 98304	File Visible: No	Signed: -
Status: -

Name:          
Image Path:          
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xACD2E000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA622000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: PCI_PNP4990
Image Path: \Driver\PCI_PNP4990
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA95B7000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spiy.sys
Image Path: spiy.sys
Address: 0xB9EA7000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x8a6961f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_CREATE]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_CLOSE]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_READ]
Process: System	Address: 0x8a2bd638	Size: 11

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_WRITE]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_CLEANUP]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Udfsȅః扏济Sessionsȃఛ楄, IRP_MJ_PNP]
Process: System	Address: 0x8974f1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x8a49c8e8	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x8a2e4820	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CREATE]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CLOSE]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_READ]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_WRITE]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_EA]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_EA]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CLEANUP]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_POWER]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: ak09zszsȅఉ瑎捦܉@考, IRP_MJ_PNP]
Process: System	Address: 0x89c5cf00	Size: 99

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System	Address: 0x8a6981f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x8a4581f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x8a4581f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a4581f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a4581f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x8a4581f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a4581f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x8a4581f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8a70a1f8	Size: 121

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_READ]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP]
Process: System	Address: 0x8a1e2a80	Size: 99

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x899d01f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x899d01f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x899d01f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x899d01f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x899d01f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x899d01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x8a3e71f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x8a3e71f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a3e71f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a3e71f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x8a3e71f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a3e71f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x8a3e71f8	Size: 121

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System	Address: 0x8a4acfb0	Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System	Address: 0x8a5ea468	Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x8a5b5ac0	Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x899651f8	Size: 121

Object: Hidden Code [Driver: NpfsЅఉ敓, IRP_MJ_READ]
Process: System	Address: 0x8a662660	Size: 11

Object: Hidden Code [Driver: Msfsȅ扏煓Ш�Ȃఊ祓ジ, IRP_MJ_READ]
Process: System	Address: 0x8a49a178	Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System	Address: 0x8a48eba0	Size: 11

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_CREATE]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_CLOSE]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_READ]
Process: System	Address: 0x8a464178	Size: 11

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_CLEANUP]
Process: System	Address: 0x897501f8	Size: 121

Object: Hidden Code [Driver: Cdfsࠅ灎剆ࠁ఍敋ꁹ, IRP_MJ_PNP]
Process: System	Address: 0x897501f8	Size: 121

==EOF==
         

Alt 08.12.2009, 10:17   #9
kira
/// Helfer-Team
 
2 Trojaner gefunden - Standard

2 Trojaner gefunden



hi

1.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
  • `Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
  • `Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
  • für jedes Benutzerkonto bitte durchführen
  • anschließend den Papierkorb leeren

2.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

3.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Wie lange dauert die Startvorgang?
- Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
- Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
"Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK"
it-academy.cc
pqtuning.de
Laden von Programmen beim Start von Windows Vista verhindern
- Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
- Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
- Falls Du mal brauchst, kannst manuell auch starten
- Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
         
Da es ist immer Benutzerspezifisch, ein allgemein gültiges Rezept gibt es nicht, finde über Google die Grundfunktionen der einzelnen Programme heraus!
Gleich ein paar Vorschläge:
Code:
ATTFilter
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp 5a.exe" /source=HKLM
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Programme\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [  Malwarebytes Anti-Malware  (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
         
5.
mit HJT fixen: alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
[code]
Code:
ATTFilter
 08-09-18 Einträge - alle
         
6.
- Überflüssige Dienste belasten nur den Prozessor und Arbeitsspeicher, daher solltest Du abschalten:
Code:
ATTFilter
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - Unknown owner - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
         
- unter `Systemsteuerung - Verwaltung - Dienste oder "Ausführen"-> gibst Du in das Dialogfenster den Befehl services.msc -> Ok
mit der rechten Maustaste auf den Dienstnamen klicken→ wähle `Eigenschaften`→ `Starttyp`→ Manuell, damit wird der Dienst ruhiggestellt. Den Dienst erst dann nur starten, wenn ein Programm ihn benötigt.

** Wie läuft es denn jetzt?

Antwort

Themen zu 2 Trojaner gefunden
.com, antivir guard, ask toolbar, askbar, avgntflt.sys, avira, bho, bonjour, browser, canon, components, converter, decrypter, desktop, diagnostics, disabled.securitycenter, downloader, drvstore, excel, firefox, flash player, fontcache, google, grand theft auto, hijack.securitycenter, hijackthis, hkus\s-1-5-18, home, install.exe, location, logfile, malware.trace, malwarebytes anti-malware, malwarebytes' anti-malware, mp3, msiexec.exe, pcdefender, plug-in, problem, realtek, registrierungsschlüssel, rogue.winpcdefender, rojaner gefunden, senden, skype.exe, software, starten, system, trojaner, trojaner gefunden, usb 2.0, video converter, will nicht, windows xp, youtube downloader




Ähnliche Themen: 2 Trojaner gefunden


  1. Avira Scan, Trojaner TR/Crypt.ZPACK.50636 gefunden, Fehlalarm oder echter Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (17)
  2. Viren eingefangen (JAVA/dldr.lamar.TP), auch Trojaner (Polizei.Trojaner) gefunden
    Log-Analyse und Auswertung - 07.05.2013 (15)
  3. wigon.PB Trojaner und PSW.Agent.NUS Trojaner von ESET im Arbeitsspeicher gefunden
    Log-Analyse und Auswertung - 27.02.2013 (16)
  4. Trojaner gefunden, was tun?
    Log-Analyse und Auswertung - 28.01.2013 (14)
  5. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  6. Trojaner gefunden!
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (7)
  7. CPU Auslastung bei 100 % / Spiele ruckeln/ Viren und Trojaner gefunden ( Trojaner TR/Ramson.EJ.18..)
    Log-Analyse und Auswertung - 09.02.2012 (28)
  8. Trojaner gefunden - Was tun?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2011 (19)
  9. Trojaner Gefunden
    Log-Analyse und Auswertung - 12.04.2011 (25)
  10. Trojaner/ZbotR.Gen und Trojaner/Trash.Gen auf Pc gefunden!
    Plagegeister aller Art und deren Bekämpfung - 21.03.2011 (10)
  11. Trojaner gefunden-was nun?
    Log-Analyse und Auswertung - 18.01.2011 (4)
  12. Trojaner gefunden
    Log-Analyse und Auswertung - 11.08.2010 (17)
  13. Trojaner 'TR/Crypt.XPACK.Gen' gefunden, Sorge um weitere Trojaner
    Log-Analyse und Auswertung - 28.09.2008 (0)
  14. trojaner gefunden!!!!!!
    Mülltonne - 30.06.2008 (0)
  15. Trojaner gefunden was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2008 (25)
  16. Trojaner gefunden
    Log-Analyse und Auswertung - 18.09.2005 (6)
  17. Trojaner gefunden
    Log-Analyse und Auswertung - 01.05.2005 (12)

Zum Thema 2 Trojaner gefunden - Hallo, habe ein Problem mit folgendem Trojaner: TR/Crypt.ZPACK.Gen! Antivir findet ihn und ich hab ihn schon viermal gelöscht, aber er ist immer wieder da. Hab hier im Forum gelesen, dass - 2 Trojaner gefunden...
Archiv
Du betrachtest: 2 Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.