| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC friert ein / Virenbefall? /Rootkit?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.12.2009, 23:09
| #1 |
| |  PC friert ein / Virenbefall? /Rootkit? Hallo liebe Leute... Nach Stunden des Suchens, lesens und "probierens" kapituliere ich nun und eröffne doch mal neues Thema. Zur Situation: Gesten fing mein PC an nach einiger Zeit nach und nach einzufrieren. Dabei ging es langsam los mit leichtem "hinterherziehen" der Fenster, bis hin zu "Echos" der Fenster, welche nicht verschwanden und den gesammten Bereich ausfüllten in dem ich das Fenster verschob. Dann kam nach 0,5-2 Minuten der komplette Hänger und ich konnte nurnoch die Maus bewegen. HijackThis-Log von ca 21.00Uhr: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:02:24, on 14.12.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Programme\Microsoft IntelliType Pro\itype.exe D:\programme\HHVcdV7Sys\VC7Play.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\ADVANC~1\wh_exec.exe D:\Programme\Java\jre6\bin\jusched.exe C:\Program Files\GIGABYTE\GEST\gest.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe D:\Programme\Microsoft IntelliType Pro\dpupdchk.exe E:\steam\steam.exe D:\Programme\Sandboxie\SbieCtrl.exe d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe d:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\oodag.exe d:\PROGRA~1\AVG\AVG8\avgrsx.exe d:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\PnkBstrA.exe d:\Programme\Sandboxie\SbieSvc.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\programme\HHVcdV7Sys\VC7SecS.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\GIGABYTE\GEST\GSvr.exe C:\WINDOWS\system32\wuauclt.exe D:\programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/software/flash/fl4about R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Programme\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [itype] "D:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [VC7Player] D:\programme\HHVcdV7Sys\VC7Play.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [egui] "D:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] d:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent O4 - HKCU\..\Run: [SandboxieControl] "d:\Programme\Sandboxie\SbieCtrl.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {28E2EDF1-2383-4BA9-9A8C-980D1414B3B0} (ctrlNev1.ctrlNev) - http://www.neveron.com/ctrlNev1.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Programme\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing) O23 - Service: ESET Service (ekrn) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing) O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - D:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - d:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - d:\Programme\Sandboxie\SbieSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - D:\programme\HHVcdV7Sys\VC7SecS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 10716 bytes Ein Scan mit AVG und einer älteren Version von Spybot S&D führten zu nichts da die Suchläufe nicht beendet wurden. Dann kamen heute die neuen Versuche im Abgesicherten Modus... AVG-Log: Code:
ATTFilter AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.387
Virus Database: Version 270.14.107/2564 2009-12-14
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\edb.log Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\tmp.edb Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.
E:\System Volume Information\ Locked file. Not tested.
F:\System Volume Information\ Locked file. Not tested.
G:\System Volume Information\ Locked file. Not tested.
H:\System Volume Information\ Locked file. Not tested.
I:\System Volume Information\ Locked file. Not tested.
J:\System Volume Information\ Locked file. Not tested.
K:\System Volume Information\ Locked file. Not tested.
------------------------------------------------------------
Objects scanned : 1134278
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
CCleaner wurde Benutzt, RSIT auch: RSIT-Log von 16.00Uhr: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2009-12-15 15:56:16 Microsoft Windows XP Professional Service Pack 2 System drive C: has 9 GB (35%) free of 26 GB Total RAM: 3582 MB (88% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:56:22, on 15.12.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe D:\programme\Trend Micro\HijackThis\Administrator.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/software/flash/fl4about R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Programme\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [itype] "D:\Programme\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [VC7Player] D:\programme\HHVcdV7Sys\VC7Play.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] d:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent O4 - HKCU\..\Run: [SandboxieControl] "d:\Programme\Sandboxie\SbieCtrl.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {28E2EDF1-2383-4BA9-9A8C-980D1414B3B0} (ctrlNev1.ctrlNev) - http://www.neveron.com/ctrlNev1.CAB O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Programme\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing) O23 - Service: ESET Service (ekrn) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing) O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - D:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - d:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - d:\Programme\Sandboxie\SbieSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - D:\programme\HHVcdV7Sys\VC7SecS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9681 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - d:\Programme\AVG\AVG8\avgssie.dll [2009-12-14 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - d:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] AVG Security Toolbar BHO - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - d:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - d:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "GEST"=C:\Program Files\GIGABYTE\GEST\RUN.exe [2007-12-14 236040] "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864] "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080] "itype"=D:\Programme\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584] "VC7Player"=D:\programme\HHVcdV7Sys\VC7Play.exe [2005-03-02 233472] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016] "ZoneAlarm Client"=d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-18 981384] "WheelMouse"=C:\ADVANC~1\wh_exec.exe [2007-11-10 98304] "SunJavaUpdateSched"=d:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-06-20 155648] "AVG8_TRAY"=d:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-14 1948440] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-06-01 15360] "Steam"=e:\steam\steam.exe [2009-11-03 1217808] "SandboxieControl"=d:\Programme\Sandboxie\SbieCtrl.exe [2009-09-30 387584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-09-24 483328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agamiyayiyohuy] C:\WINDOWS\Ahajamolimari.dll,e [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray] D:\Programme\AGEIA Technologies\bin\TrayIcon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\qttask.exe [2008-06-20 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-12-14 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableLockWorkstation"=1 "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoFolderOptions"=0 "NoSetActiveDesktop"=1 "NoActiveDesktopChanges"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoFolderOptions"= "NoSetActiveDesktop"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "d:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm"="d:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm:Enabled:GameExe2" "d:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe"="d:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M] shell\AutoRun\command - M:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b046bc8f-6adc-11de-b10f-001d7d024b14}] shell\AutoRun\command - O:\Menu.exe ======List of files/folders created in the last 1 months====== 2009-12-15 15:56:16 ----D---- C:\rsit 2009-12-15 15:41:05 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Fuel Industries 2009-12-15 13:09:08 ----D---- d:\Programme\CCleaner 2009-12-14 15:26:07 ----HD---- C:\$AVG8.VAULT$ 2009-12-14 14:47:08 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-12-14 14:46:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar 2009-12-14 14:46:38 ----D---- d:\Programme\AVG 2009-12-14 14:46:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg8 2009-12-14 13:26:24 ----SHD---- C:\WINDOWS\CSC 2009-11-30 13:50:06 ----D---- d:\Programme\Freelancer Mod Manager 2009-11-23 21:24:15 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-23 21:24:15 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-23 21:24:15 ----A---- C:\WINDOWS\system32\java.exe 2009-11-18 02:18:03 ----A---- C:\WINDOWS\DIIUnin.exe ======List of files/folders modified in the last 1 months====== 2009-12-15 15:52:19 ----D---- C:\WINDOWS\Internet Logs 2009-12-15 15:50:42 ----D---- C:\WINDOWS 2009-12-15 15:49:38 ----D---- C:\WINDOWS\Temp 2009-12-15 15:48:12 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-15 14:58:30 ----D---- d:\Programme\Mozilla Firefox 2009-12-15 13:21:27 ----D---- d:\Programme\Malwarebytes' Anti-Malware 2009-12-15 13:21:25 ----D---- C:\WINDOWS\system32\drivers 2009-12-15 13:10:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-12-15 13:09:55 ----D---- C:\WINDOWS\Minidump 2009-12-15 13:09:55 ----D---- C:\WINDOWS\Debug 2009-12-15 07:35:54 ----D---- C:\WINDOWS\system32 2009-12-14 21:46:18 ----D---- d:\Programme\Mozilla Thunderbird 2009-12-14 19:25:33 ----A---- C:\WINDOWS\BlendSettings.ini 2009-12-14 15:06:30 ----A---- C:\WINDOWS\win.ini 2009-12-14 14:23:21 ----D---- C:\WINDOWS\Prefetch 2009-12-14 13:12:51 ----A---- C:\WINDOWS\Sandboxie.ini 2009-12-14 12:29:37 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.purple 2009-12-14 12:15:49 ----D---- C:\WINDOWS\system32\config 2009-12-14 11:23:51 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc 2009-12-14 10:26:55 ----D---- C:\Dokumente und Einstellungen 2009-12-13 20:34:18 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Hamachi 2009-12-13 19:00:49 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\teamspeak2 2009-12-11 10:34:09 ----AD---- d:\Programme\JDownloader 0.6.193 2009-12-09 22:45:41 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-09 00:49:40 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss 2009-12-07 17:18:50 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 2009-12-03 14:32:42 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia 2009-12-02 16:17:48 ----HD---- d:\Programme\InstallShield Installation Information 2009-12-02 11:26:20 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-11-30 09:43:03 ----SH---- C:\boot.ini 2009-11-30 09:43:03 ----A---- C:\WINDOWS\system.ini 2009-11-23 21:24:19 ----SHD---- C:\WINDOWS\Installer 2009-11-23 21:24:00 ----D---- d:\Programme\Java 2009-11-23 21:23:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-11-23 21:01:04 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe 2009-11-21 23:46:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek 2009-11-18 02:22:05 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll 2009-11-16 19:55:17 ----A---- C:\WINDOWS\system32\CmdLineExt.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-14 108552] R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-18 353672] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-21 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-26 6784] S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-14 335752] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-14 27784] S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208] S1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-06-01 40192] S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228] S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-18 281760] S2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS [] S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448] S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064] S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-18 25888] S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-06-01 88448] S2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-06-01 63232] S2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-06-01 55936] S3 ALSysIO;ALSysIO; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ALSysIO.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys [] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120] S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120] S3 Lnttuse2gub;Lnttuse2gub; C:\WINDOWS\system32\drivers\Lnttuse2gub.sys [] S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584] S3 SbieDrv;SbieDrv; \??\d:\Programme\Sandboxie\SbieDrv.sys [] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-18 2402184] S2 avg8wd;AVG Free8 WatchDog; d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-12-14 298776] S2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [] S2 ekrn;ESET Service; D:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe [] S2 gusvc;Google Software Updater; D:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 JavaQuickStarterService;Java Quick Starter; d:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004] S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280] S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-28 66872] S2 SbieSvc;Sandboxie Service; d:\Programme\Sandboxie\SbieSvc.exe [2009-09-30 65024] S2 StarWindService;StarWind iSCSI Service; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600] S2 VC7SecS;Virtual CD v7 Management Service; D:\programme\HHVcdV7Sys\VC7SecS.exe [2005-03-02 102400] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-20 72704] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;ESET HTTP Server; D:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2008-06-20 68096] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-06-01 89136] S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe [2005-08-24 118272] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-05-10 829440] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-06-01 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
15.12.2009, 23:10
| #2 |
| | PC friert ein / Virenbefall? /Rootkit? und RSIT Info:
__________________Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-12-15 15:56:22
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max 6-->MsiExec.exe /I{29744C5A-47C9-4ea5-A8F9-B0D093121471}
ACDSee 8-->MsiExec.exe /I{AA2E6BFE-4351-481C-A720-47CB3506570B}
Adobe Acrobat 7.0.5 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe After Effects 6.5-->MsiExec.exe /I{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0407-1E257A25E34D}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Wheel Mouse 6.0.0.002-->C:\ADVANC~1\uninst.exe
AGEIA GAME System Software 2.8.0-->MsiExec.exe /I{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}
Ahriman's Prophecy-->C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
AirRivalsDe 1.0.0.28-->"d:\Programme\Gameforge4D\AirRivalsDe\unins000.exe"
Alpha Prime-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{30B1CF12-BD0C-4D6E-A506-C0A33BCA3BCF}\setup.exe" -l0x7
Apophysis 2.0-->"d:\Programme\Apophysis 2.0\uninstall.exe"
Arithmogriph-->MsiExec.exe /X{5A299BE4-7511-45DB-A221-BFB2C482470D}
Audiograbber 1.83 SE-->MsiExec.exe /X{18742725-FAAF-4FF5-AA21-88A5814BC9CE}
Autorun Eater v2.3-->"d:\Programme\Autorun Eater\unins000.exe"
AVG Free 8.5-->d:\Programme\AVG\AVG8\setup.exe /UNINSTALL
Battle Beans-->MsiExec.exe /I{A3EB045B-C536-4F7D-AC30-6A9233F4B674}
Battle for Wesnoth 1.4.5-->"e:\minigames\Wesnoth 1.4.5\unins000.exe"
Blood Bowl 1.0.1.7-->"e:\Cyanide\Blood Bowl\unins000.exe"
Build-a-lot - Town of the Year Deluxe-->"e:\minigames\Zylom Games\Build-a-lot - Town of the Year Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Build-a-lot Deluxe-->"e:\minigames\Zylom Games\Build-a-lot Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Cars Hook International-->"D:\programme\InstallShield Installation Information\{62D64F27-745D-49C0-A308-B08DFF16ECA0}\setup.exe" -removeonly -runfromtemp -l0x0015
CDex extraction audio-->"C:\Programme\CDex_150\uninstall.exe"
character studio 4.2-->MsiExec.exe /I{AFEDE7CA-FEB8-401e-9352-DE7489FAA7AA}
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
Command & Conquer Generals-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Condition Zero Deleted Scenes-->"E:\Steam\steam.exe" steam://uninstall/100
Condition Zero-->"E:\Steam\steam.exe" steam://uninstall/80
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike: Source-->"E:\steam\steam.exe" steam://uninstall/240
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Curator Defense-->MsiExec.exe /I{7A8358BC-78B6-404B-9792-F344A6AB59C9}
Dawn Of Magic 2-->"D:\programme\InstallShield Installation Information\{B725D249-58A9-4579-809E-B9767F363B99}\setup.exe" -runfromtemp -l0x0007 -removeonly
Defense Grid: The Awakening-->"E:\Steam\steam.exe" steam://uninstall/18500
Deutschopoly-->MsiExec.exe /X{5223594C-5BF7-4776-AFED-6ABB164ECE3B}
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Die Gilde Gold-Edition-->E:\JoWooD\DIEGIL~1\UNWISE.EXE E:\JoWooD\DIEGIL~1\INSTALL.LOG
DivX Converter-->C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
Dynamic Energy Saver B7.1214.3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}\setup.exe" -l0x9 -removeonly
Empire Earth II-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" -l0x7 -removeonly
Empire Earth-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Programme\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EVEREST Home Edition v2.20-->"d:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Fable - The Lost Chapters-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
FLV Player 2.0, build 24-->d:\Programme\FLV Player\uninst.exe
Flyingcode NFO-Viewer 1.0-->C:\Programme\NFO-Viewer\unins000.exe
Galactic Civilizations II-->E:\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE E:\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
Garden Defense Deluxe-->"e:\minigames\Zylom Games\Garden Defense Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Gemeinsam genutzte Internet-Komponenten von Westwood-->C:\Westwood\Internet\UnstllAP.EXE
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x7 -removeonly
GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe
Half-Life 2: Episode One-->"E:\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"E:\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast-->"E:\Steam\steam.exe" steam://uninstall/340
Half-Life 2-->"E:\Steam\steam.exe" steam://uninstall/220
Hamachi 1.0.3.0-->D:\programme\Hamachi\uninstall.exe
HD Tune 2.55-->"d:\Programme\HD Tune\unins000.exe"
HDD Health v3.3 Beta-->"d:\Programme\HDD Health\unins000.exe"
HeavyMetal Plus-->C:\WINDOWS\iun507.exe d:\BT\HeavyMetal\irunin.ini
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "D:\programme\Hero Editor\ST6UNST.LOG"
Hide and Seek version 1.0-->"e:\minigames\Hide and Seek\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"D:\programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoffmann + Associates Applications-->C:\WINDOWS\H+a\Uninstal.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe"
http.SIGN Client Library-->MsiExec.exe /I{931AED42-841F-426E-AD65-62AD8C29418A}
I of the Enemy Ril'Cerat 2.25-->C:\WINDOWS\iun6002.exe "e:\minigames\I of the Enemy Ril'Cerat\irunin.ini"
ICQ6.5-->"D:\programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL-2 Sturmovik 1946-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1031
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
Interpol - The Trail of Dr. Chaos Deluxe-->"e:\minigames\Zylom Games\Interpol - The Trail of Dr. Chaos Deluxe\GameInstlr.exe" --uninstall UnInstall.log
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JGoodies JDiskReport 1.3.1-->"d:\Programme\JGoodies\JDiskReport 1.3.1\uninstall.exe"
Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Klomanager-->e:\minigames\Klomanager\Sxuninst.exe
LDraw Parts Library 2009-02-->"d:\LDraw\unins000.exe"
Lost Planet: Extreme Condition-->"E:\Steam\steam.exe" steam://uninstall/6510
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\setup.exe" -l0x7 UNINSTALL
MAGIX music studio 2003 deLuxe-->D:\MAGIX\ms2003_deLuxe\ms2003_deLuxe\unwise.exe D:\MAGIX\ms2003_deLuxe\ms2003_deLuxe\INSTALL.LOG
Malwarebytes' Anti-Malware-->"d:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Master of Orion 3-->E:\MOO3\MASTER~1\UNWISE.EXE E:\MOO3\MASTER~1\INSTALL.LOG
Master of Orion II-->C:\WINDOWS\uninst.exe -fC:\MPS\Orion2\DeIsL1.isu
MechWarrior 4 Mercenaries-->"e:\Microsoft Games\MechWarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Programme\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x7
Memento Mori-->E:\Memento Mori\Memento Mori\Uninstall.exe
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Baseline Security Analyzer 1.2.1-->MsiExec.exe /I{DF15059E-A356-47B2-B14B-6380ED32AB68}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft XNA Framework Redistributable 1.0 Refresh-->MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
mIRC-->d:\Programme\mIRC\uninstall.exe _?=d:\Programme\mIRC
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (1.5)-->C:\Programme\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (de)"
Mozilla Firefox (3.0.15)-->D:\programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->D:\programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{42347B75-9660-2DA4-63FD-D35E344E1031}
No-IP.com DUC (remove only)-->"d:\Programme\No-IP\DUC20.exe" -uninstall
Norton PartitionMagic 8.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
One Moon-->MsiExec.exe /I{F8A0C3B5-5DDC-41E7-BE00-576D52E44B8C}
OpenAL-->"d:\Programme\OpenAL\oalinst.exe" /U
Overlord-->D:\programme\InstallShield Installation Information\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}\Setup.exe -runfromtemp -l0x0007 -removeonly
Peggle Deluxe 1.0-->d:\Programme\PopCap Games\Peggle Deluxe\PopUninstall.exe "d:\Programme\PopCap Games\Peggle Deluxe\Install.log"
Peggle Extreme-->"E:\Steam\steam.exe" steam://uninstall/3483
Pepakura Viewer 3-->"d:\Programme\tamasoftware\pepakura3en\viewer\epuninst.exe" /s
Pidgin-->d:\Programme\Pidgin\pidgin-uninst.exe
Portal-->"E:\Steam\steam.exe" steam://uninstall/400
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prey-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x7 -removeonly
Privoxy (remove only)-->"d:\Programme\Privoxy\privoxy_uninstall.exe"
Prototype(TM)-->D:\programme\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.5.1-->MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1031
RAR Password Cracker 4.12-->d:\Programme\RAR Password Cracker\uninstall.exe
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->D:\programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x7 -removeonly
Registry System Wizard-->"d:\Programme\Registry System Wizard\unins000.exe"
ResizerXT v1.2-->C:\WINDOWS\st6unst.exe -n "D:\programme\ResizerXT\ST6UNST.LOG"
RichTyping 1.35-->"d:\Programme\Adobe\After Effects 6.5\Support Files\Plug-Ins\Filters\Panopticum\unins000.exe"
SafeCast Shared Components-->C:\Programme\Gemeinsame Dateien\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Sam and Max 104: Abe Lincoln Must Die-->"E:\Steam\steam.exe" steam://uninstall/8230
Sandboxie 3.40-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Serious Sam The First Encounter-->"C:\Program Files\Serious Sam The First Encounter\Uninstall\uninstall.exe" "/U:E:\Serious Sam 1\Uninstall\uninstall.xml"
Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Soldat 1.4.2-->"e:\minigames\Soldat\unins000.exe"
SoulSeek 157 NS 13c-->"d:\Programme\SoulseekNS\uninstall.exe"
SPORE™ Labor Basisversion-->"D:\programme\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0007 -removeonly
Spybot - Search & Destroy 1.4-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"d:\Programme\Spybot - Search & Destroy\unins000.exe"
Starships Unlimited Divided Galaxies v2.1-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{E8A45707-9A63-4291-8710-0BF65C7B5641}\setup.exe" -l0x7
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SweetIM for Messenger 2.7-->MsiExec.exe /X{EC87E256-B0A4-4A41-8682-AB57FF21196D}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
Team Fortress 2-->"E:\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->d:\Programme\Teamspeak2_RC2\unins000.exe
The Alawar Compendium-->"D:\programme\InstallShield Installation Information\{45015AFD-A792-4F10-83F6-7990B7A9C35F}\setup.exe" -runfromtemp -l0x0009 -removeonly
THE Rename 2.1.6-->"d:\Programme\THE Rename\unins000.exe"
TrackMania Nations Forever-->"E:\Steam\steam.exe" steam://uninstall/11020
TrackMania Sunrise Extreme 1.5.1-->"e:\TrackMania Sunrise\unins000.exe"
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
TVgenial-->C:\Programme\TVgenial\Uninstall.exe
Twin Sector-->"e:\Headup Games\Twin Sector\unins000.exe"
UltraEdit-32-->"C:\Programme\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Programme\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
Universe at War: Earth Assault-->"E:\Steam\steam.exe" steam://uninstall/10430
Unreal Tournament 3 (LG)-->MsiExec.exe /X{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
version 3.3 (Secure Network)-->"d:\Programme\NETSCAN PRO 3.3\unins000.exe"
Virtual CD v7 Smart Reader-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{913CE8FB-DCE1-4B22-8475-558880DCB59C}\SVCD7.exe" -l0x7 -removeonly
VLC media player 1.0.1-->d:\Programme\VideoLAN\VLC\uninstall.exe
WarRock-->D:\programme\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Water 1.03. for Adobe After Effects-->"d:\Programme\Adobe\After Effects 6.5\Support Files\Plug-ins\Panopticum\unins000.exe"
WebCopier 5.1-->"d:\Programme\WebCopier\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP-Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
WinUHA 2.0 RC1 (2005.02.27)-->d:\Programme\WinUHA\unins000.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Xfire (remove only)-->"d:\Programme\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XviD 1.1 final uninstall-->"C:\Programme\XviD\unins000.exe"
Zodiac Tower Deluxe-->"e:\Zylom Games\Zodiac Tower Deluxe\GameInstlr.exe" --uninstall UnInstall.log
ZoneAlarm Pro-->d:\Programme\Zone Labs\ZoneAlarm\zauninst.exe
=====HijackThis Backups=====
O17 - HKLM\System\CS1\Services\Tcpip\..\{437C801E-192C-4B80-8A78-3B2A8657BB23}: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O17 - HKLM\System\CCS\Services\Tcpip\..\{437C801E-192C-4B80-8A78-3B2A8657BB23}: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-03-28]
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe [2009-03-28]
O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe [2009-03-28]
O4 - HKLM\..\Run: [Agamiyayiyohuy] rundll32.exe "C:\WINDOWS\Ahajamolimari.dll",e [2009-03-28]
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-03-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-28]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-28]
O4 - HKLM\..\Run: [Agamiyayiyohuy] rundll32.exe "C:\WINDOWS\Ahajamolimari.dll",e [2009-03-28]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, [2009-03-28]
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe [2009-03-28]
O4 - HKLM\..\Run: [Agamiyayiyohuy] rundll32.exe "C:\WINDOWS\Ahajamolimari.dll",e [2009-04-19]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free
AV: ESET NOD32 Antivirus 4.0 (outdated)
FW: ZoneAlarm Pro Firewall (disabled)
======System event log======
Computer Name: NIGHTSHADE
Event Code: 10
Message: Die digitale Audiowiedergabe wird von diesem Laufwerk nicht unterstützt.
Record Number: 5
Source Name: redbook
Time Written: 20091214123432.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.
Record Number: 4
Source Name: EventLog
Time Written: 20091214123416.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.
Record Number: 3
Source Name: EventLog
Time Written: 20091214123416.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 7036
Message: Dienst "ESET Service" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2
Source Name: Service Control Manager
Time Written: 20091214121916.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 7031
Message: Der Dienst "ESET Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Record Number: 1
Source Name: Service Control Manager
Time Written: 20091214121914.000000+060
Event Type: Fehler
User:
=====Application event log=====
Computer Name: NIGHTSHADE
Event Code: 101
Message: wuauclt (3880) Das Datenbankmodul wurde beendet.
Record Number: 5
Source Name: ESENT
Time Written: 20091214124053.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 103
Message: wuaueng.dll (3880) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 4
Source Name: ESENT
Time Written: 20091214124053.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 102
Message: wuaueng.dll (3880) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).
Record Number: 3
Source Name: ESENT
Time Written: 20091214123550.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 100
Message: wuauclt (3880) Das Datenbankmodul 5.01.2600.2780 ist gestartet.
Record Number: 2
Source Name: ESENT
Time Written: 20091214123550.000000+060
Event Type: Informationen
User:
Computer Name: NIGHTSHADE
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 1
Source Name: SecurityCenter
Time Written: 20091214123504.000000+060
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Perl\site\bin;C:\Perl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\IDM Computer Solutions\UltraEdit-32;C:\Programme\Gemeinsame Dateien\Autodesk Shared\;d:\Programme\backburner 2\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
"tvdumpflags"=8
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
MBAM-Log von 17.00: Code:
ATTFilter Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3289
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13
15.12.2009 17:05:42
mbam-log-2009-12-15 (17-05-42).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Durchsuchte Objekte: 738813
Laufzeit: 43 minute(s), 6 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 10
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K129BOL5\eHcbf34a77V03f01530002R6aba994c102T80d63c9cQ000002c0900807F0020000aJ11000601l0007K83713c4e316P000500070[1] (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP352\A0409294.dll (Malware.Packer) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434788.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434790.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434794.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434801.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434803.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
G:\Prog Images\Vegas Video\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0435106.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0435108.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0435116.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
MBAM-Log von 20.00Uhr Code:
ATTFilter Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3289
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13
15.12.2009 20:01:48
mbam-log-2009-12-15 (20-01-48).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 849455
Laufzeit: 1 hour(s), 22 minute(s), 54 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0437283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Als ich dann doch endlich einen Thread fand der meinem Problem nahe kam Scannte ich mein System mit GMER und bekam folgendes ergebnis: GMER-Log von 21.30: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-15 21:34:21
Windows 5.1.2600 Service Pack 2
Running: n3pp43o8.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fxtyyaob.sys
---- System - GMER 1.0.15 ----
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF75BCC58]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB82BCFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB82B9C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB82D4170]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF75B0C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB82BD580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB82D1900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB82D1B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB82D5B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB82BD670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB82BA210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB82D49F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB82D47A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB82D1280]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF75B14FE]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF75BCD50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xB82B68C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB82D4F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB82D4F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xB82D5D90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB82BA070]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF75BCBD4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB82D3180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB82D2F40]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF75B151E]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF75BCCA6]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB82D56F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB82D5150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB82BCBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB82D5540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB82BD190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB82BA440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xB82B66A0]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF75BC4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB82D44E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB82D2200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB82D2080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xB82B6AF0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 12A 804E4964 2 Bytes [70, 0C] {JO 0xe}
.text ntoskrnl.exe!ZwYieldExecution + 12D 804E4967 13 Bytes [F7, 80, D5, 2B, B8, 00, 19, ...]
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A34 12 Bytes [C0, 68, 2B, B8, 10, 4F, 2D, ...] {SHR BYTE [EAX+0x2b], 0xb8; ADC [EDI+0x2d], CL; MOV EAX, 0xb82d4f90}
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CryptDestroyKey 77DBA544 7 Bytes JMP 00D9299A
.text C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CryptDecrypt 77DBA7B1 7 Bytes JMP 00D9294A
.text C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CryptEncrypt 77DC1558 7 Bytes JMP 00D9290E
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!send 71A1428A 5 Bytes JMP 00D9277E
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 00D92870
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!recv 71A1615A 5 Bytes JMP 00D927B6
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 00D927EE
.text C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 00D928F2
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] ADVAPI32.dll!CryptDestroyKey 77DBA544 7 Bytes JMP 012E299A
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] ADVAPI32.dll!CryptDecrypt 77DBA7B1 7 Bytes JMP 012E294A
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] ADVAPI32.dll!CryptEncrypt 77DC1558 7 Bytes JMP 012E290E
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!send 71A1428A 5 Bytes JMP 012E277E
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 012E2870
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!recv 71A1615A 5 Bytes JMP 012E27B6
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 012E27EE
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 012E28F2
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B82DAB30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B82BA980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B82BA8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B82BAA80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B82BA5E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A475030
Device \FileSystem\Fastfat \FatCdrom 898DF848
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\ACPI \Device\00000060 89A6E258
Device \Driver\ACPI \Device\00000061 89A6E258
Device \Driver\ACPI \Device\00000055 89A6E258
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\ACPI \Device\00000062 89A6E258
Device \Driver\ACPI \Device\00000063 89A6E258
Device \Driver\ACPI \Device\00000064 89A6E258
Device \Driver\Cdrom \Device\CdRom0 8A2415B8
Device \FileSystem\Rdbss \Device\FsWrap 89CDAD30
Device \Driver\ACPI \Device\00000065 89A6E258
Device \Driver\ACPI \Device\00000059 89A6E258
Device \Driver\Cdrom \Device\CdRom1 8A2415B8
Device \Driver\ACPI \Device\00000073 89A6E258
Device \Driver\ACPI \Device\00000066 89A6E258
Device \Driver\ACPI \Device\00000080 89A6E258
Device \Driver\ACPI \Device\00000067 89A6E258
Device \Driver\ACPI \Device\00000081 89A6E258
Device \Driver\ACPI \Device\00000082 89A6E258
Device \Driver\ACPI \Device\00000076 89A6E258
Device \Driver\ACPI \Device\00000083 89A6E258
Device \FileSystem\Srv \Device\LanmanServer 898DABA0
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\ACPI \Device\0000006b 89A6E258
Device \Driver\ACPI \Device\0000005f 89A6E258
Device \Driver\ACPI \Device\0000006c 89A6E258
Device \Driver\ACPI \Device\0000007a 89A6E258
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89CD27C0
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\ACPI \Device\0000007b 89A6E258
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89CD27C0
Device \Driver\ACPI \Device\0000007c 89A6E258
Device \FileSystem\Npfs \Device\NamedPipe 8A275B98
Device \Driver\ACPI \Device\0000007d 89A6E258
Device \FileSystem\Msfs \Device\Mailslot 89EB2DF0
Device \Driver\Vax347s \Device\Scsi\Vax347s1 8A3300C8
Device \Driver\JRAID \Device\Scsi\JRAID1Port5Path0Target0Lun0 8A241AE0
Device \Driver\JRAID \Device\Scsi\JRAID1 8A241AE0
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0 8A3300C8
Device \FileSystem\Fastfat \Fat 898DF848
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89EAEEF8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89EAEEF8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89EAEEF8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89EAEEF8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89EAEEF8
Device \FileSystem\Cdfs \Cdfs 89CD0180
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\DRIVERS\vdrv7000.sys (*** hidden *** ) [SYSTEM] vdrv7000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej40 0xE5 0xE8 0xAE 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej41 0x43 0xE8 0xAE 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej42 0x43 0xE8 0xAE 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej43 0x43 0xE8 0xAE 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej44 0x43 0xE8 0xAE 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV7000.SYS
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@ImagePath system32\DRIVERS\vdrv7000.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Tag 64
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\security
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000@ServiceBinary C:\WINDOWS\system32\drivers\VDRV7000.SYS
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000@ImagePath system32\DRIVERS\vdrv7000.sys
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Tag 64
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\vdrv7000\security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%
---- EOF - GMER 1.0.15 ----
Seit dem dümpele ich hier im abgesicherten modus rum und freue mich dass der PC nur noch hakt (verzögerungen der Programme von 0,5 bis 1 Minute). Ich hab die Logs noch nicht Studiert, also zur sicherheit mal die groben technischen Daten: Windows XP Por, SP2 IntelCore2Duo E8400 @3,00GHz 4GBRam Mainbord grade unbekannt PS: Hab grade festgestellt dass ich nun auch noch nen "Redirecter" oder wie die Teile heissen habe (angeklickte Links werden auf andere Seiten umgeleitet) Bis soweit erstmal, mir platzt der Schädel  Und schonmal danke für die Hilfe... Gruss Nightsahade |
|
16.12.2009, 08:38
| #3 |
| | PC friert ein / Virenbefall? /Rootkit? Hallo nochmal.
__________________Leider hatte ich vergessen zu erwähnen, dass auch ich den Benutzer "HelpAssistant" in dem Ordner "C:\Dokumente und Einstellungen\" und auch in der Benutzerverwaltung habe (neben dem deutschen "Hilfeassistent" welcher deaktiviert ist) welcher sich wie in einem anderem Thread http://www.trojaner-board.de/80373-w...-probleme.html nicht löschen oder deaktivieren lässt. Auch konnte ich kurzzeitif (im Abgesicherten Modus den Task "Administrator.exe" feststellen) Wenn es geht würde ich gern ein komplettes Plätten von HDD0 vermeiden, Neuaufsetzen ist weniger das problem... Gruss Nightshade Geändert von Nightshade2x (16.12.2009 um 08:44 Uhr) |
|
16.12.2009, 15:10
| #4 | |
  | PC friert ein / Virenbefall? /Rootkit? hi, Zitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen Support. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren! |
|
16.12.2009, 15:29
| #5 |
| | PC friert ein / Virenbefall? /Rootkit? Hi. Bevor ich mein System neu aufsetze hätte ich zumindest gerne noch die Frage beantwortet ob eine "normale" Standard-Installation incl Formatierung von C: ausreicht oder ob weiterreichende Maßnahmen anzuwenden sind (z.B. löschen der Partitionen o.Ä.), denn wenn ein normales Neuaufsetzen das Problem nicht beseitigt währe es ja sinnfrei... Gruss Nightshade PS: Den Keygen hab ich nicht "ausgeführt" da bekannt ist das solche Programme nichts gutes bringen, den hab ich wohl "im Bundle" mitkopiert ohne auf den genauen Inhalt der Ordner zu achten da Video-Bearbeitund nicht mein Ding ist. Geändert von Nightshade2x (16.12.2009 um 16:24 Uhr) |
|
17.12.2009, 15:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC friert ein / Virenbefall? /Rootkit? Ich empfehle alle wichtigen privaten Daten zu sichern (keine ausführbaren Dateien, nur Dokumente, Musik usw.) und dann komplett und "vernünftig" neu aufzusetzen. Wenn alles Relevante gesichert ist auf einem ext. Medium kannst/solltest Du ruhig im Windows-Setup alle Partitionen auf der internen (System)Platte löschen und zumindest eine für Windows erstellen. Ich weiß nicht wie Du das handelst, ich mags lieber wenn ich eine Partition fürs System (Windows) hab und eine zweite Partition für Daten. Dir stehts aber frei, Du kannst auch mehrere Partitionen einrichten oder C: den gesamten Platz der Platte zuweisen.
__________________ --> PC friert ein / Virenbefall? /Rootkit? |
|
17.12.2009, 15:33
| #7 |
| | PC friert ein / Virenbefall? /Rootkit? Dank dir für die Schnelle Reaktion/Antwort. Falls es deiner Meinung nach ausreicht "nur" die Partitionen zu löschen soll es für mich auch mehr als in ordung sein. oder ist es bei vorhandenem Rootkit (GMER warnte mich VOR und NACH dem Scan vor installierten Rootkits) nötig weitere Dinge zu beachten? (Wenn die Antwort lautet "Partitionen löschen reicht aus" kann das Thema von mir aus geschlossen werden) PS: Und nochmals danke (an euch alle), ihr habt mir bei der Rettung schon einiger PCs sehr geholfen, weil andere diese Viren/Würmer auch schon hatten. |
|
| Themen zu PC friert ein / Virenbefall? /Rootkit? |
| .vault, antivirus, avg free, avg security toolbar, bho, browser, desktop, disabletaskmgr, egui.exe, einfrieren, ekrn.exe, eset nod32, excel, fontcache, gigabyte, google, hkus\s-1-5-18, installation, internet, internet explorer, jdownloader, langsam, launch, logfile, maus, mozilla, object, pdf-datei, plug-in, realtek, registry, rootkit, rundll, security, server, software, sweetim, system, systray, teamspeak, toolbars, windows, windows xp |
Linear-Darstellung
