Trojaner-Board - IE & Opera stürzen automatisch - Programme werden nicht installiert

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - IE & Opera stürzen automatisch - Programme werden nicht installiert (https://www.trojaner-board.de/73429-ie-opera-stuerzen-automatisch-programme-installiert.html)

IE & Opera stürzen automatisch - Programme werden nicht installiert

Bei mir liegt folgendes Problem vor:

Wenn ich den IE öffnen möchte, dann öffnet sich zwar das Fenster, aber es gibt einen weißen Hintergrund und meine Startseite taucht nicht auf - und nach 2-3 Sekunden stürzt IE ab und gibt eine Fehlermeldung "Internet Explorer hat ein Problem festgestellt und muss beendet werden." heraus.

Dasselbe passiert mit Opera.

Außerdem kann ich keine weiteren Programme mehr installieren, weiß hier auch nicht, warum.

Deswegen wollte ich anfragen, ob mir jemand meinen Hijackthis-Log überprüfen und mir sagen kann, ob dort irgendwelche Ungereimtheiten vorliegen.

Ich danke schon mal im Voraus!

Hijackthis-Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:08, on 23.05.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\FolderSize\FolderSizeSvc.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\DOKUME~1\***\LOKALE~1\Temp\~nsu.tmp\Au_.exe
C:\DOKUME~1\***\LOKALE~1\Temp\nsd1E1.tmp\ns1E2.tmp
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Arcor AG & Co. KG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32

\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no

file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-

4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame

Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering

Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir

PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper]

"C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -

minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony

Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe

-trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32

\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... -

C:\Programme\MP3 Player Utilities 3.74\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... -

C:\Programme\MP3 Player Utilities 4.04\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites -

h**p://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: MediaManager tool grab multimedia

file - C:\Programme\MP3 Player Utilities 4.04

\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-

11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01

\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-

A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-

A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-

a92d743db949} - C:\Dokumente und

Einstellungen\***\Startmenü\Programme\IMVU\Run IMVU.lnk (file

missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-

d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-

11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -

h**p://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash

.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer

(AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir

PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard

(AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir

PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. -

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown

owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown

owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file

missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. -

C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86

(clr_optimization_v2.0.50727_32) - Unknown owner -

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file

missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd.

- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio -

C:\Programme\FolderSize\FolderSizeSvc.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0

(FontCache3.0.0.0) - Unknown owner -

C:\WINDOWS\Microsoft.NET\Framework\v3.0

\WPF\PresentationFontCache.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Programme\Gemeinsame

Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner -

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. -

C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company -

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Unknown owner -

C:\WINDOWS\System32\StkSrv2K.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) -

Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9140 bytes

Hallo und :hallo:

1.) Lade bitte die Dateien

Code:

C:\DOKUME~1\***\LOKALE~1\Temp\~nsu.tmp\Au_.exe

C:\DOKUME~1\***\LOKALE~1\Temp\nsd1E1.tmp\ns1E2.tmp

gemäß dieser Anleitung bei uns hoch.

2.) Klicke auf "Für alle Neuen", lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab. Das neue HJT-Log bitte ohne Zeilenumbrüche posten.

ciao, andreas

Malwarebytes-Log:

Code:

Malwarebytes' Anti-Malware 1.36

Datenbank Version: 1945

Windows 5.1.2600 Service Pack 2
 

24.05.2009 12:46:55

mbam-log-2009-05-24 (12-46-55).txt
 

Scan-Methode: Quick-Scan

Durchsuchte Objekte: 72408

Laufzeit: 5 minute(s), 38 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 17

Infizierte Registrierungswerte: 2

Infizierte Dateiobjekte der Registrierung: 4

Infizierte Verzeichnisse: 1

Infizierte Dateien: 6
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\Interface\{16c65d96-ef19-4439-a6ea-f73a8bec4df0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{c12fc24b-a7b9-487f-9603-5481ebf00c6f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95e1d855-9232-48f7-80d9-1adb65b7939c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c12fc24b-a7b9-487f-9603-5481ebf00c6f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{616d534c-3ca8-43ab-b439-618f850f1d2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot.
 

Infizierte Dateien:

C:\WINDOWS\sqsmqn.yux (Trojan.Daonol) -> Delete on reboot.

C:\WINDOWS\system32\twain_32\0705AF46.uf (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\BM313e2b3d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Hijackthis-Log:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:01:22, on 24.05.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\Programme\FolderSize\FolderSizeSvc.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\Programme\iPod\bin\iPodService.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\MP3 Player Utilities 3.74\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.04\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\***\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - h**p://lads.myspace.com/upload/MySpaceUploader1006.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Programme\FolderSize\FolderSizeSvc.exe

O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Syntek DC-112X Service (StkSSrv) - Unknown owner - C:\WINDOWS\System32\StkSrv2K.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
 

--

End of file - 8162 bytes

Liste installierter Software

Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnswerWorks Runtime
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
ATI Display Driver
Avanquest update
Avira AntiVir Personal - Free Antivirus
Bonjour
Brother MFL-Pro Suite DCP-145C
CCleaner (remove only)
Choice Guard
Collab
DeepBurner v1.8.0.224
Deinstallation der Arcor Online Software
DivX Player
DivX Web Player
FL Studio 8
FLV Player 2.0, build 24
Folder Size for Windows
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix für Windows Internet Explorer 7 (KB947864)
ICQ 5.1
IL Download Manager
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
MC-Load Preinstaller
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.7)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NTI Backup NOW! 4
NTI CD & DVD-Maker 7 Platinum
OpenOffice.org 3.0
Opera 9.64
Pack Vista Inspirat 2 1.0
Paint.NET v3.36
PDF Settings
PowerDVD
QuickTime
Realtek AC'97 Audio
Remedy
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
ShortKeys Lite
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
SiS 900 PCI Fast Ethernet Adapter Driver
SiSAGP driver
Sony Ericsson PC Suite 4.010.00
Text-To-Speech-Runtime
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.762
WG111v2 Configuration Utility
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live-Uploadtool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR
WWAYM - NWBass V1.1
WWAYM - NWBass V2
WWAYM - NWEQ V1.21
XML Paper Specification Shared Components Language Pack 1.0
Xvid 1.1.3 final uninstall

Systemdetails mit RSIT prüfen

Lade Random's System Information Tool (RSIT) von random/random herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Erstelle ein Filelisting

Lade die Datei File-Upload.net - listing0.bat auf deinen Desktop
Doppelklicke auf listing0.bat
Am Ende befindet sich eine Datei listing.txt auf dem Desktop. Die bei einem Filehoster (z.B. Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de) hochladen und hier den Link posten.

ciao, andreas

C:\rsit\log.txt

Code:

Logfile of random's system information tool 1.06 (written by random/random)

Run by *** at 2009-05-24 15:20:00

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 5 GB (5%) free of 93 GB

Total RAM: 511 MB (37% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:20:09, on 24.05.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\Programme\FolderSize\FolderSizeSvc.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\Programme\iPod\bin\iPodService.exe

C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe

C:\Programme\Trend Micro\HijackThis\***.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\MP3 Player Utilities 3.74\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: Add to Windows &Live Favorites - h**p://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.04\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\***\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - h**p://lads.myspace.com/upload/MySpaceUploader1006.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Programme\FolderSize\FolderSizeSvc.exe

O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Syntek DC-112X Service (StkSSrv) - Unknown owner - C:\WINDOWS\System32\StkSrv2K.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
 

--

End of file - 8281 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"=Alaunch []

"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]

"avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-01-05 413696]

"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-04-02 342312]

"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe [2006-07-11 3144800]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]

"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe [2006-07-11 3144800]
 

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

WG111v2 Smart Wizard Wireless Setting.lnk - C:\Programme\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"HonorAutoRunSetting"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\Programme\Real\RealPlayer\RealPlay.exe"="C:\Programme\Real\RealPlayer\RealPlay.exe:*:Enabled:RealPlayer"

"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"

"C:\Dokumente und Einstellungen\***\Desktop\Bla\Bla1\SopCast\SopCast.exe"="C:\Dokumente und Einstellungen\***\Desktop\Bla\Bla1\SopCast\SopCast.exe:*:Disabled:SopCast Main Application"

"C:\Dokumente und Einstellungen\***\Desktop\Bla\Bla1\SopCast\adv\SopAdver.exe"="C:\Dokumente und Einstellungen\***\Desktop\Bla\Bla1\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"

"C:\Programme\Safari\Safari.exe"="C:\Programme\Safari\Safari.exe:*:Enabled:Safari Web Browser"

"C:\Programme\BearShare\BearShare.exe"="C:\Programme\BearShare\BearShare.exe:*:Disabled:BearShare"

"C:\Dokumente und Einstellungen\***\Desktop\Bla\teeworlds-0.4.3-win32\teeworlds_srv.exe"="C:\Dokumente und Einstellungen\***\Desktop\Bla\teeworlds-0.4.3-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv"

"C:\PROGRAMME\LIVESTATION\1.0.77.3\LIVESTATION.EXE"="C:\Programme\Livestation\1.0.77.3\Livestation.exe"

"C:\Dokumente und Einstellungen\***\Desktop\Lozdodge\LDG_Service.exe"="C:\Dokumente und Einstellungen\***\Desktop\Lozdodge\LDG_Service.exe:*:Disabled:Lozdodge Server Application"

"C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"C:\WINDOWS\System32\algs.exe"="C:\WINDOWS\System32\algs.exe:*:Disabled:algs"

"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\PROGRAMME\LIVESTATION\1.0.77.3\LIVESTATION.EXE"="C:\Programme\Livestation\1.0.77.3\Livestation.exe"

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
 

======File associations======
 

.scr - open - "%1" %*
 

======List of files/folders created in the last 1 months======
 

2009-05-24 15:20:00 ----D---- C:\rsit

2009-05-24 11:00:51 ----D---- C:\Programme\MSXML 6.0

2009-05-24 10:49:52 ----D---- C:\Programme\MSXML 4.0

2009-05-23 22:19:00 ----D---- C:\Programme\Malwarebytes' Anti-Malware

2009-05-23 15:51:41 ----D---- C:\Programme\Panda Security

2009-05-23 14:46:50 ----D---- C:\Programme\Google

2009-05-15 00:51:59 ----A---- C:\WINDOWS\amcap.exe

2009-05-15 00:48:15 ----D---- C:\Programme\Logitech
 

======List of files/folders modified in the last 1 months======
 

2009-05-24 15:04:34 ----A---- C:\WINDOWS\win.ini

2009-05-24 13:54:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-05-24 13:51:54 ----A---- C:\WINDOWS\system32\eRLog.ini

2009-05-22 23:06:06 ----N---- C:\WINDOWS\SchedLgU.Txt

2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]

R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-03-31 66048]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R2 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []

R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-19 3644800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]

R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]

R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2009-02-04 6144]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2005-03-18 32256]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []

S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []

S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []

S3 DMSKSSRh;DMSKSSRh; \??\C:\DOKUME~1\***\LOKALE~1\Temp\DMSKSSRh.sys []

S3 e29ca4d7-b7ff-4fc9-9b08-3a149f13ca8b;e29ca4d7-b7ff-4fc9-9b08-3a149f13ca8b; \??\E:\Player\cds300.dll []

S3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]

S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\C:\Programme\MAGIX\Samplitude_SE_No9\mxasio.sys []

S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-15 167808]

S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 83496]

S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]

S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]

S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976]

S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 24872]

S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 100008]

S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 105896]

S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service; C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 15104]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOKUME~1\***\LOKALE~1\Temp\sony_ssm.sys []

S3 StkMini;Syntek DC-112X; C:\WINDOWS\System32\Drivers\StkMini.sys [2005-07-05 787081]

S3 StkScan;Syntek DC-112X Filter Driver; C:\WINDOWS\System32\Drivers\StkScan.sys [2005-06-10 4673]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-06-04 611664]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]

R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 FolderSize;Folder Size; C:\Programme\FolderSize\FolderSizeSvc.exe [2006-03-24 98304]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-12-14 61440]

R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2006-06-08 126976]

R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-04-02 656168]

S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe []

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800]

S2 StkSSrv;Syntek DC-112X Service; C:\WINDOWS\System32\StkSrv2K.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-07 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe []

S3 fsssvc;Windows Live Family Safety; C:\Programme\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe []

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe []
 

-----------------EOF-----------------

C:\rsit\info.txt

Code:

info.txt logfile of random's system information tool 1.06 2009-05-24 15:20:16

======Uninstall list======
 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -fC:\Programme\WexTech\AnswerWorks\Uninst.isu

Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ASIO4ALL-->C:\Programme\ASIO4ALL v2\uninstall.exe

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Avanquest update-->"C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0007 -removeonly

Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Brother MFL-Pro Suite DCP-145C-->"C:\Programme\InstallShield Installation Information\{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}\Setup.exe"  -runfromtemp -l0x0007 UNINSTALL Reg=BH9_C1 -removeonly

CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Collab-->C:\Programme\Image-Line\Collab\uninstall.exe

DeepBurner v1.8.0.224-->"C:\Programme\Astonsoft\DeepBurner\Uninstall.exe" "C:\Programme\Astonsoft\DeepBurner\install.log"

Deinstallation der Arcor Online Software-->"C:\Programme\ArcorOnline\unins000.exe"

DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN

FL Studio 8-->C:\Programme\Image-Line\FL Studio 8\uninstall.exe

FLV Player 2.0, build 24-->C:\Programme\FLV Player\uninst.exe

Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}

HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

ICQ 5.1-->C:\Programme\ICQLite\ICQLiteUninstall.EXE

IL Download Manager-->C:\Programme\Image-Line\Downloader\uninstall.exe

iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}

Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

Last.fm 1.5.4.24567-->"C:\Programme\Last.fm\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"

MC-Load Preinstaller-->C:\\Dokumente und Einstellungen\\***\\Anwendungsdaten\\McLoad\\Uninstall-Mcload.exe

Messenger Plus! Live-->"C:\Programme\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}

Mozilla Firefox (3.0.7)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

NTI Backup NOW! 4-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BF94465A-AE33-4ABB-AF66-011BA9F15878} BUN4

NTI CD & DVD-Maker 7 Platinum-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{95B87E45-CC33-49B6-9B4C-6570941FA90C} CDM7

OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}

Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}

Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe

Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7  -removeonly

Remedy-->C:\PROGRA~1\KEYTOS~1\REMEDY\UNWISE.EXE C:\PROGRA~1\KEYTOS~1\REMEDY\INSTALL.LOG

ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

ShortKeys Lite-->C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG

Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe

SiSAGP driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x7 

Sony Ericsson PC Suite 4.010.00-->C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0007 -removeonly

Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}

Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

WG111v2 Configuration Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x7 REMOVE -removeonly

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}

Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}

Windows Live Family Safety-->MsiExec.exe /X{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}

Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}

Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}

Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}

Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

WinRAR-->C:\Programme\WinRAR\uninstall.exe

WWAYM - NWBass V1.1-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=WWAYM - NWBass V1.1

WWAYM - NWBass V2-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=WWAYM - NWBass V2

WWAYM - NWEQ V1.21-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=WWAYM - NWEQ V1.21

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Xvid 1.1.3 final uninstall-->"C:\Programme\Xvid\unins000.exe"
 

=====HijackThis Backups=====
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = h**p://search.bearshare.com/sidebar.html?src=ssb [2008-05-26]

O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file) [2008-05-26]

O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file) [2008-05-26]

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqnnno.dll [2008-05-26]

O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - (no file) [2008-05-26]

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [2008-05-26]

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [2008-05-26]

O4 - HKCU\..\Run: [antispy] C:\Programme\IEAntiVirus\ANTIVIRUS.exe [2008-05-26]

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqnnno.dll [2008-05-26]

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll [2008-05-26]

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) [2008-05-26]

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) [2008-05-26]

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\***\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing) [2008-05-26]

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe [2008-05-26]

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe [2008-05-26]

O2 - BHO: {7af2de21-6ef2-a08b-4624-5386404b1c25} - {52c1b404-6835-4264-b80a-2fe612ed2fa7} - C:\WINDOWS\system32\bcmhsqdb.dll (file missing) [2008-05-28]

O2 - BHO: IE - {616D534C-3CA8-43AB-B439-618F850F1D2B} - C:\WINDOWS\apsagy.dll (file missing) [2008-05-28]

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C0D3CD0-613D-42C6-B1BA-5C97D71501BF}: NameServer = 85.255.115.53,85.255.112.217 [2008-05-28]

O17 - HKLM\System\CCS\Services\Tcpip\..\{2E1ACCC7-6B9F-4559-BE66-36FB0D40491D}: NameServer = 85.255.115.53,85.255.112.217 [2008-05-28]

O17 - HKLM\System\CCS\Services\Tcpip\..\{90A32034-E0C3-4B2E-A251-79F513396827}: NameServer = 85.255.115.53,85.255.112.217 [2008-05-28]

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217 [2008-05-28]

O17 - HKLM\System\CS1\Services\Tcpip\..\{2C0D3CD0-613D-42C6-B1BA-5C97D71501BF}: NameServer = 85.255.115.53,85.255.112.217 [2008-05-28]

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217 [2008-05-28]

O17 - HKLM\System\CS2\Services\Tcpip\..\{2C0D3CD0-613D-42C6-B1BA-5C97D71501BF}: NameServer = 85.255.115.53,85.255.112.217 [2008-05-28]

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.53 85.255.112.217 [2008-05-28]

O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll (file missing) [2008-05-28]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = h**p://seek.yisou.com/srchcust.htm [2008-06-04]

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-06-04]

O2 - BHO: SVC plugin - {C12FC24B-A7B9-487F-9603-5481EBF00C6F} - C:\WINDOWS\odsagy.dll (file missing) [2008-06-04]

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe [2008-07-08]

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe [2008-08-09]

O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) [2008-08-21]

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe [2008-08-21]

O24 - Desktop Component 0: (no name) - (no file) [2008-08-21]

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe [2008-08-21]

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe [2008-08-21]

O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) [2008-09-13]

O24 - Desktop Component 0: (no name) - (no file) [2008-09-13]
 

======Security center information======
 

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (outdated)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition (outdated)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

--Fortsetzung--

Code:

======System event log======
 

Computer Name: ACER

Event Code: 7035

Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "FLEXnet Licensing Service" gesendet.
 

Record Number: 1802

Source Name: Service Control Manager

Time Written: 20090504204310.000000+120

Event Type: Informationen

User: ACER\***
 

Computer Name: ACER

Event Code: 4226

Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.
 

Record Number: 1801

Source Name: Tcpip

Time Written: 20090504203508.000000+120

Event Type: Warnung

User: 
 

Computer Name: ACER

Event Code: 4226

Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.
 

Record Number: 1800

Source Name: Tcpip

Time Written: 20090504193219.000000+120

Event Type: Warnung

User: 
 

Computer Name: ACER

Event Code: 4226

Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.
 

Record Number: 1799

Source Name: Tcpip

Time Written: 20090504185152.000000+120

Event Type: Warnung

User: 
 

Computer Name: ACER

Event Code: 4226

Message: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.
 

Record Number: 1798

Source Name: Tcpip

Time Written: 20090504182442.000000+120

Event Type: Warnung

User: 
 

=====Application event log=====
 

Computer Name: ACER

Event Code: 3

Message: 

Record Number: 10288

Source Name: Adobe Version Cue CS3

Time Written: 20090327223000.000000+060

Event Type: Fehler

User: 
 

Computer Name: ACER

Event Code: 3

Message: 

Record Number: 10287

Source Name: Adobe Version Cue CS3

Time Written: 20090327223000.000000+060

Event Type: Fehler

User: 
 

Computer Name: ACER

Event Code: 3

Message: 

Record Number: 10286

Source Name: Adobe Version Cue CS3

Time Written: 20090327223000.000000+060

Event Type: Fehler

User: 
 

Computer Name: ACER

Event Code: 3

Message: 

Record Number: 10285

Source Name: Adobe Version Cue CS3

Time Written: 20090327223000.000000+060

Event Type: Fehler

User: 
 

Computer Name: ACER

Event Code: 3

Message: 

Record Number: 10284

Source Name: Adobe Version Cue CS3

Time Written: 20090327223000.000000+060

Event Type: Fehler

User: 
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin;C:\Programme\QuickTime\QTSystem;C:\Programme\Microsoft SQL Server\80\Tools\Binn\;C:\Programme\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0409

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"LANG"=C

"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip

"QTJAVA"=C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip
 

-----------------EOF-----------------

Filelisting-Link

http://www.materialordner.de/P1mZoKJe5fATWbLglMurkfY5QuOmeh5U.html

Schon bei der Adobe Master Collection wurde ich misstrauisch. :)

Aber bei dem hier

Code:

 Verzeichnis von C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent

24.03.2009  11:43            80.464 Reason 4 + Keygen + Patch RPS.torrent

wollte ich es doch wissen und habe mir das runtergeladen, allerdings nur eine Datei und zwar:
Reason4 RpsPatch.zip
Mal schauen, was VT dazu meint: Virustotal. MD5: d11c57312360517909da52e2bd6994c0 Backdoor.Formador Trojan.Backdoor.Pcclient.jhu Backdoor.Win32.PcClient.jhu

Code:

Datei ReasonRpsPatch.exe empfangen 2009.05.24 14:11:11 (UTC)

Status:   Beendet 

Ergebnis: 28/39 (71.8%) 

 Filter 

Drucken der Ergebnisse  Antivirus        Version        letzte aktualisierung        Ergebnis

a-squared        4.0.0.101        2009.05.24        Backdoor.Win32.PcClient!IK

AhnLab-V3        5.0.0.2        2009.05.24        -

AntiVir        7.9.0.168        2009.05.24        BDS/Pcclient.jhu

Antiy-AVL        2.0.3.1        2009.05.22        Backdoor/Win32.PcClient

Authentium        5.1.2.4        2009.05.23        W32/Backdoor2.CSHE

Avast        4.8.1335.0        2009.05.24        Win32:Trojan-gen {Other}

AVG        8.5.0.339        2009.05.24        BackDoor.Generic10.EYC

BitDefender        7.2        2009.05.24        GenPack:Backdoor.Agent.AABM

CAT-QuickHeal        10.00        2009.05.23        Backdoor.PcClient.jhu

ClamAV        0.94.1        2009.05.24        -

Comodo        1157        2009.05.08        Backdoor.Win32.PcClient.~PF

DrWeb        5.0.0.12182        2009.05.24        -

eSafe        7.0.17.0        2009.05.24        Win32.PcClient.jhu

eTrust-Vet        31.6.6519        2009.05.23        -

F-Prot        4.4.4.56        2009.05.23        W32/Backdoor2.CSHE

F-Secure        8.0.14470.0        2009.05.23        Backdoor.Win32.PcClient.jhu

Fortinet        3.117.0.0        2009.05.23        -

GData        19        2009.05.24        GenPack:Backdoor.Agent.AABM

Ikarus        T3.1.1.49.0        2009.05.24        Backdoor.Win32.PcClient

K7AntiVirus        7.10.741        2009.05.21        Backdoor.Win32.PcClient

Kaspersky        7.0.0.125        2009.05.24        Backdoor.Win32.PcClient.jhu

McAfee        5625        2009.05.24        -

McAfee+Artemis        5625        2009.05.24        -

McAfee-GW-Edition        6.7.6        2009.05.24        Trojan.Backdoor.Pcclient.jhu

Microsoft        1.4701        2009.05.24        -

NOD32        4098        2009.05.22        probably a variant of Win32/PcClient

Norman        6.01.05        2009.05.22        -

nProtect        2009.1.8.0        2009.05.24        Backdoor/W32.PcClient.13489

Panda        10.0.0.14        2009.05.24        Bck/Pcclient.ED

Prevx        3.0        2009.05.24        -

Rising        21.30.62.00        2009.05.24        -

Sophos        4.42.0        2009.05.24        Mal/Generic-A

Sunbelt        3.2.1858.2        2009.05.24        Backdoor.Win32.PcClient.jhu

Symantec        1.4.4.12        2009.05.24        Backdoor.Formador

TheHacker        6.3.4.3.331        2009.05.22        Backdoor/PcClient.jhu

TrendMicro        8.950.0.1092        2009.05.23        PAK_Generic.001

VBA32        3.12.10.5        2009.05.24        Backdoor.Win32.PcClient.jhu

ViRobot        2009.5.23.1749        2009.05.23        Backdoor.Win32.PcClient.13489

VirusBuster        4.6.5.0        2009.05.24        Backdoor.PcClient.FKS

weitere Informationen

File size: 13489 bytes

MD5...: d11c57312360517909da52e2bd6994c0

SHA1..: 29a113eb7c0b8582cb8122399e1c3bdab1e6bf7d

SHA256: 27d03d1d43e739f541d6f8555038875f92d76c8d9a0cc5c999560b6ea37b6dbd

SHA512: 7d13d2615444288ad09316d8c20e4360b5acb6cca400c1f507f5195fd03d762a

48b1d64e9ddb480d4e36893ee258470646f5f6cfedf445aa04cd377955d15d9c

ssdeep: 384:jS/qe8zdTyBsyqAIZhgugcEt6q286DEIXjAFpt:jjWsyqAggqW2rXjAFT

PEiD..: Petite v2.1 (2)

TrID..: File type identification

Petite compressed Win32 executable (78.0%)

Win32 Executable Generic (9.3%)

Win32 Dynamic Link Library (generic) (8.2%)

Generic Win/DOS Executable (2.1%)

DOS Executable Generic (2.1%)

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x510f

timedatestamp.....: 0x470f7527 (Fri Oct 12 13:22:47 2007)

machinetype.......: 0x14c (I386)
 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

0x1000 0x3000 0x1000 7.90 1f4776d68cfb822b6544081d6acdc126

.rsrc 0x4000 0x1000 0x6b1 4.16 22642e924033ee20cb8943c06c9f6019

.petite 0x5000 0x1879 0x1a00 6.22 9b595dd61bc20edf3831be56c62ed5bc
 

( 6 imports ) 

> MFC42.DLL: -

> MSVCRT.dll: exit

> KERNEL32.dll: ExitProcess, LoadLibraryA, GetProcAddress, VirtualProtect, GlobalAlloc, GlobalFree, GetModuleHandleA

> USER32.dll: MessageBoxA, wsprintfA

> SHELL32.dll: SHGetFileInfoA

> ole32.dll: OleInitialize
 

( 0 exports ) 

PDFiD.: -

RDS...: NSRL Reference Data Set

-

CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d11c57312360517909da52e2bd6994c0' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=d11c57312360517909da52e2bd6994c0</a>

Zitat:

Verzeichnis von C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent
24.03.2009 11:43 80.464 Reason 4 + Keygen + Patch RPS.torrent
04.02.2009 16:44 6.676 New Cracked NTI CD DVD Maker Platinum 7 7 0.rar.torrent
11.12.2008 12:20 17.675 AVS Video Converter 6.2.3.314 + Crack.torrent
17.04.2009 10:43 6.539 The Sims 2 - Multi Language NO CD NO DVD Crack.rar.torrent
11.12.2008 11:55 13.047 The Sims 2 Crack Pack.torrent
Verzeichnis von C:\Programme\Adobe\Adobe Photoshop CS3\Crack
07.01.2009 19:23 <DIR> Adobe Photoshop CS3 Extended + Crack

Wann lernt ihr endlich die Hände von geklauter Software zu lassen? :schmoll:

Da hilft jetzt nur noch eins: http://www.trojaner-board.de/51262-a...sicherung.html

Du bist entlassen und ich bin raus,
Andreas