Keylogger noch da?

Spidaschwein · 17.12.2009, 21:31

Hallo! bin neu hier und kenne mich auch recht wenig aus.
Hatte gestern eine Datei mit Keylogger geschickt bekommen...
könnt ihr bitte überprüfen ob dieser noch da ist?
habe bereits Spybot und Super AntiSpyware drüber laufen lassen

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3380
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.12.2009 20:49:45
mbam-log-2009-12-17 (20-49-45).txt

Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 172306
Laufzeit: 20 minute(s), 28 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 64

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{hetl76j4-37jw-742g-243n-qvc0e1j7114p} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Rogue.Antispy) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updates (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
F:\Programme\antispy (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info (Rogue.Antispy) -> Quarantined and deleted successfully.

Infizierte Dateien:
F:\WINDOWS\install\server.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
F:\Programme\antispy\antispy17.exe (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\SUPERAntiSpyware.exe (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\Anti-Spy.Info jetzt kaufen!.url (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\AntiSpy.exe (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\antispy_de.cnt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\antispy_de.hlp (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\antispy_en.cnt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\antispy_en.hlp (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\ascode.dll (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\bestell.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\file_id.diz (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\formulaire.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\leggimi.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_albanian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_arabic.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_bulgarian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_catalan.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_chinese (Traditional).txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_chinese.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_croatian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_czech.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_danish.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_deutsch.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_dutch.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_english.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_estonian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_finnish.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_french.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_galician.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_greek.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_hungarian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_indonesian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_italiano.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_korean.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_latvian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_macedonian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_norwegian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_polish.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_portuguese (Brasil).txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_portuguese.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_romanian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_russian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_slovak.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_slovenian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_spanish.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_swedish.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_turkish.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_ukrainian.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\lgs_vietnam.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\liesmich.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\manual_de.pdf (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\manual_en.pdf (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\order.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\pad_file.xml (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\psapi_.dll (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\readme.txt (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\Setup.exe (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\SpyProDll.dll (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\SpyProtector.exe (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Programme\antispy\Anti-Spy.Info\uninstal.exe (Rogue.Antispy) -> Quarantined and deleted successfully.
F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
F:\Dokumente und Einstellungen\patrick\Lokale Einstellungen\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
F:\Dokumente und Einstellungen\patrick\Lokale Einstellungen\Temp\ATI_disp.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by xxx at 2009-12-17 21:05:49
Microsoft Windows XP Home Edition Service Pack 3
System drive F: has 873 GB (92%) free of 954 GB
Total RAM: 3327 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:50, on 17.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programme\Avira\AntiVir Desktop\sched.exe
F:\Programme\Avira\AntiVir Desktop\avguard.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Programme\Analog Devices\Core\smax4pnp.exe
F:\Programme\Analog Devices\SoundMAX\Smax4.exe
F:\Programme\ASUS\AI Suite\AiNap\AiNap.exe
F:\Programme\CyberLink\PowerDVD\PDVDServ.exe
F:\Programme\lg_fwupdate\fwupdate.exe
F:\Programme\Nero\Nero 7\InCD\NBHGui.exe
F:\Programme\Nero\Nero 7\InCD\InCD.exe
F:\Programme\Avira\AntiVir Desktop\avgnt.exe
F:\Programme\Winamp\winampa.exe
F:\Programme\avmwlanstick\wlangui.exe
F:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programme\Messenger\msmsgs.exe
F:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Programme\ASUS WiFi-AP Solo\RtWLan.exe
F:\Programme\Xfire\xfire.exe
F:\Programme\avmwlanstick\WlanNetService.exe
F:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Programme\CyberLink\Shared Files\RichVideo.exe
F:\Programme\Internet Explorer\iexplore.exe
F:\Programme\Internet Explorer\iexplore.exe
F:\Programme\Internet Explorer\iexplore.exe
F:\Programme\Internet Explorer\iexplore.exe
F:\Dokumente und Einstellungen\patrick\Desktop\RSIT.exe
F:\Programme\trend micro\xxx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - F:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Programme\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - F:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "F:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Nap] "F:\Programme\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "F:\Programme\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] F:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] F:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [LGODDFU] F:\Programme\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] F:\Programme\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] F:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "F:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] F:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [StartCCC] "F:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVMWlanClient] F:\Programme\avmwlanstick\wlangui.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] F:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RGSC] F:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = F:\Programme\Xfire\xfire.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: F:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B3BDE18-E05C-4E4C-90BA-CE2FED9D1FF3}: NameServer = 192.168.0.1
O20 - Winlogon Notify: !SASWinLogon - F:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - F:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - F:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - F:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - F:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - F:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - F:\Programme\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - F:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Programme\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9551 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
F:\WINDOWS\tasks\User_Feed_Synchronization-{9B3F55AA-F87D-49DB-B2CC-EBCDC70344F4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - F:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - F:\Programme\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - F:\Programme\Ask.com\GenericAskToolbar.dll [2009-11-18 1196936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=F:\Programme\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"SoundMAX"=F:\Programme\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"JMB36X IDE Setup"=F:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=F:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]
"Ai Nap"=F:\Programme\ASUS\AI Suite\AiNap\AiNap.exe [2007-09-06 1426432]
"CPU Power Monitor"=F:\Programme\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2007-10-16 626176]
"Cpu Level Up help"=F:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-09-11 880640]
"RemoteControl"=F:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=F:\Programme\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"LGODDFU"=F:\Programme\lg_fwupdate\fwupdate.exe [2007-02-26 249856]
"NeroFilterCheck"=F:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2008-02-27 570664]
"SecurDisc"=F:\Programme\Nero\Nero 7\InCD\NBHGui.exe [2008-02-18 1629480]
"InCD"=F:\Programme\Nero\Nero 7\InCD\InCD.exe [2008-02-18 1057064]
"avgnt"=F:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"WinampAgent"=F:\Programme\Winamp\winampa.exe [2009-04-10 37888]
"StartCCC"=F:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-13 98304]
"AVMWlanClient"=F:\Programme\avmwlanstick\wlangui.exe [2008-02-25 1753088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=F:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=F:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"LightScribe Control Panel"=F:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe [2008-01-24 2289664]
"RGSC"=F:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-06-13 306088]
"SpybotSD TeaTimer"=F:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SUPERAntiSpyware"=F:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]

F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
ASUS WiFi-AP Solo.lnk - F:\Programme\ASUS WiFi-AP Solo\RtWLan.exe

F:\Dokumente und Einstellungen\patrick\Startmenü\Programme\Autostart
Xfire.lnk - F:\Programme\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
F:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
F:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="F:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Programme\CyberLink\PowerDVD\PowerDVD.exe"="F:\Programme\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"E:\CDS\Nero\Installation\SetupX.exe"="E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"
"F:\Programme\Xfire\xfire.exe"="F:\Programme\Xfire\xfire.exe:*:Enabled:Xfire"
"F:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="F:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"F:\Programme\Metin2_Germany\metin2.bin"="F:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2"
"F:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="F:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"F:\Programme\ICQ6.5\ICQ.exe"="F:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="F:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"F:\Programme\EA GAMES\Battlefield 2\BF2.exe"="F:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"F:\Dokumente und Einstellungen\patrick\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe"="F:\Dokumente und Einstellungen\patrick\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver"
"F:\Programme\Warcraft III\Warcraft III.exe"="F:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"F:\Programme\LF2\LF2_v2.0\lf2.exe"="F:\Programme\LF2\LF2_v2.0\lf2.exe:*:Enabled:lf2"
"F:\Programme\EA GAMES\Command & Conquer Generäle Stunde Null\game.dat"="F:\Programme\EA GAMES\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game"
"F:\Programme\Bethesda Softworks\Fallout 3\Fallout3ng.exe"="F:\Programme\Bethesda Softworks\Fallout 3\Fallout3ng.exe:*:Enabled:Fallout3"
"F:\WINDOWS\system32\PnkBstrA.exe"="F:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"F:\WINDOWS\system32\PnkBstrB.exe"="F:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\Programme\Electronic Arts\BattleForge\Bootstrapper.exe"="F:\Programme\Electronic Arts\BattleForge\Bootstrapper.exe:*:Enabled:BattleForge™ Launcher"
"F:\Programme\Electronic Arts\BattleForge\BattleForge.exe"="F:\Programme\Electronic Arts\BattleForge\BattleForge.exe:*:Enabled:BattleForge™"
"F:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe"="F:\Programme\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"F:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="F:\Programme\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"F:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe"="F:\Programme\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"F:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe"="F:\Programme\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"F:\Programme\BitTorrent\bittorrent.exe"="F:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a8966e3-578f-11de-a79e-806d6172696f}]
shell\AutoRun\command - D:\.\Bin\Assetup.exe


======List of files/folders created in the last 1 months======

2009-12-17 21:03:20 ----D---- F:\rsit
2009-12-17 21:03:20 ----D---- F:\Programme\trend micro
2009-12-17 18:19:24 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\Malwarebytes
2009-12-17 18:19:20 ----D---- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-17 18:03:13 ----D---- F:\Programme\Anti-Spyware
2009-12-17 17:33:19 ----D---- F:\Programme\HijackThis
2009-12-16 23:09:18 ----D---- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-12-16 23:09:04 ----D---- F:\Programme\SUPERAntiSpyware
2009-12-16 23:09:04 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\SUPERAntiSpyware.com
2009-12-16 23:08:27 ----D---- F:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-12-16 22:23:49 ----D---- F:\Programme\Spybot - Search & Destroy
2009-12-16 22:23:49 ----D---- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-12-16 20:02:53 ----D---- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiSpyInfo
2009-12-16 19:06:39 ----D---- F:\Programme\Ask.com
2009-12-16 19:06:38 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\BitTorrent
2009-12-16 19:04:21 ----D---- F:\Programme\BitTorrent
2009-12-16 16:28:59 ----D---- F:\WINDOWS\install
2009-12-16 02:20:13 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\WinRAR
2009-12-16 02:19:53 ----D---- F:\Programme\WinRAR
2009-12-14 14:39:32 ----AD---- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-12-09 20:04:17 ----HDC---- F:\WINDOWS\$NtUninstallKB970430$
2009-12-09 20:04:07 ----HDC---- F:\WINDOWS\$NtUninstallKB974318$
2009-12-09 20:03:32 ----HDC---- F:\WINDOWS\$NtUninstallKB973904$
2009-12-09 20:02:53 ----HDC---- F:\WINDOWS\$NtUninstallKB974392$
2009-12-09 20:02:42 ----HDC---- F:\WINDOWS\$NtUninstallKB971737$
2009-11-30 20:33:46 ----A---- F:\WINDOWS\system32\xfcodec.dll
2009-11-25 20:00:44 ----HDC---- F:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 20:00:40 ----HDC---- F:\WINDOWS\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-17 21:03:26 ----D---- F:\WINDOWS\Prefetch
2009-12-17 21:03:20 ----RD---- F:\Programme
2009-12-17 20:53:56 ----D---- F:\WINDOWS\system32\CatRoot2
2009-12-17 20:53:51 ----D---- F:\WINDOWS\Temp
2009-12-17 20:53:51 ----D---- F:\WINDOWS
2009-12-17 20:53:45 ----A---- F:\WINDOWS\RTacDbg.txt
2009-12-17 20:53:39 ----D---- F:\Programme\lg_fwupdate
2009-12-17 20:53:38 ----A---- F:\WINDOWS\lgfwup.ini
2009-12-17 20:53:17 ----D---- F:\WINDOWS\system32\drivers
2009-12-17 20:53:17 ----D---- F:\WINDOWS\EHome
2009-12-17 20:52:25 ----A---- F:\WINDOWS\SchedLgU.Txt
2009-12-17 18:08:04 ----D---- F:\WINDOWS\Minidump
2009-12-17 18:08:04 ----D---- F:\WINDOWS\Debug
2009-12-17 17:35:12 ----SHD---- F:\WINDOWS\Installer
2009-12-17 16:28:46 ----D---- F:\Programme\Metin2_Germany
2009-12-17 15:31:33 ----D---- F:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-12-17 14:51:40 ----D---- F:\Programme\Metin2
2009-12-17 14:29:47 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\Xfire
2009-12-16 23:08:27 ----D---- F:\Programme\Gemeinsame Dateien
2009-12-16 19:06:43 ----SD---- F:\WINDOWS\Tasks
2009-12-16 17:18:48 ----D---- F:\Programme\WinZip
2009-12-16 16:59:51 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\Winamp
2009-12-16 15:41:16 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\ICQ
2009-12-11 06:57:51 ----RSD---- F:\WINDOWS\assembly
2009-12-11 06:57:51 ----D---- F:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-12-11 06:57:29 ----RSD---- F:\WINDOWS\Fonts
2009-12-11 06:57:15 ----D---- F:\Programme\Microsoft Works
2009-12-10 01:22:51 ----D---- F:\Programme\Xfire
2009-12-09 20:48:45 ----D---- F:\WINDOWS\system32
2009-12-09 20:48:45 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 20:04:21 ----HD---- F:\WINDOWS\inf
2009-12-09 20:04:19 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-12-09 20:03:55 ----D---- F:\Programme\Internet Explorer
2009-12-09 20:03:48 ----D---- F:\WINDOWS\ie8updates
2009-12-09 20:03:42 ----HD---- F:\WINDOWS\$hf_mig$
2009-12-01 21:06:19 ----A---- F:\WINDOWS\system32\MRT.exe
2009-11-29 00:54:35 ----D---- F:\Dokumente und Einstellungen\patrick\Anwendungsdaten\teamspeak2
2009-11-26 21:50:58 ----A---- F:\WINDOWS\NeroDigital.ini
2009-11-25 20:00:18 ----D---- F:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; F:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 avgio;avgio; \??\F:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; F:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 InCDPass;Nero InCDPass; F:\WINDOWS\system32\drivers\InCDPass.sys [2008-02-18 36648]
R1 incdrm;Nero InCD MRW Remapper; F:\WINDOWS\system32\drivers\InCDRm.sys [2008-02-18 38312]
R1 intelppm;Intel-Prozessortreiber; F:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SASDIFSV;SASDIFSV; \??\F:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\F:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; F:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; F:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-06-12 21035]
R2 avgntflt;avgntflt; F:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; F:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; F:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 Arp1394;1394-ARP-Clientprotokoll; F:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; F:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; F:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 fwlanusbn;FRITZ!WLAN N; F:\WINDOWS\system32\DRIVERS\fwlanusbn.sys [2007-12-19 401920]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; F:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394-Netzwerktreiber; F:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SASENUM;SASENUM; \??\F:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 SenFiltService;SenFilt Service; F:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; F:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;Nero InCD File System; F:\WINDOWS\system32\drivers\InCDFs.sys [2008-02-18 118952]
S3 avmeject;AVM Eject; F:\WINDOWS\system32\drivers\avmeject.sys [2009-05-07 4352]
S3 Bridge;MAC-Brücke; F:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC-Brückenminiport; F:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; F:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 176128]
S3 SjyPkt;SjyPkt; \??\F:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 USBSTOR;USB-Massenspeichertreiber; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; F:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-08-15 265856]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; F:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; F:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 Ati HotKey Poller;Ati HotKey Poller; F:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; F:\Programme\avmwlanstick\WlanNetService.exe [2008-02-25 364544]
R2 InCDsrv;InCD Helper; F:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2008-02-18 1553704]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; F:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2008-01-24 73728]
R2 PnkBstrA;PnkBstrA; F:\WINDOWS\system32\PnkBstrA.exe [2009-09-08 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); F:\Programme\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S1 InCDrec;Nero InCD File System Recognizer; F:\WINDOWS\system32\drivers\InCDRec.sys [2008-02-18 16040]
S2 ATI Smart;ATI Smart; F:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S2 NeroRegInCDSrv;Nero Registry InCD Service; F:\Programme\Nero\Nero 7\InCD\NBHRegInCDSrv.exe []
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 HP Port Resolver;HP Port Resolver; F:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; F:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; F:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; F:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 odserv;Microsoft Office Diagnostics Service; F:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; F:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Vielen dank für eure Bemühungen

Keylogger noch da?

Log-Analyse und Auswertung: Keylogger noch da?

Keylogger noch da?

Ähnliche Themen: Keylogger noch da?