Trojaner-Board - PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung

Seite 1 von 4

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung (https://www.trojaner-board.de/74935-pc-wahrscheinlich-infiziert-bitte-um-hilfe-pruefung.html)

shirocko

07.07.2009 15:27

PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung

Hi Leute,
seit ein paar tagen verhält sich mein PC eigenartig und auch Kaspersky hat mitterweile einen/mehrere Trojaner bzw. Backdoor Programme gefunden
Allerdings werde ich sie durch einfache löschen leider nicht los.
Ich hoffe mal ihr könnt mir helfen.
Gleich vorweg: eines dieser Programme heißt laut Kaspersky "SKYNETvbfuhivd.dll" im Verzeichnis "globalroot\systemroot\system32\SKYNETvbfuhivd.dll

Ich habe mal nen HiJackThis Scan gemacht.
Hier mal die log:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:46, on 07.07.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\explorer.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\ICQ6.5\ICQ.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: 78.46.78.140 forum.bplaced.net

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O13 - Gopher Prefix: 

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208959603510

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208959493218

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208959527273

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7014EA2-7460-4F23-B215-F1B48A36952F}: NameServer = 139.7.30.125 139.7.30.126

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\apache\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: gupdate1c9e39a101dcf54 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: MySQL - Unknown owner - c:\mysql\bin\mysqld-nt.exe

O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator  3\SynoDrService.exe

O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe

O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe

O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

--

End of file - 16822 bytes

Ich hoffe ihr könnt mir helfen

ciao shirocko

john.doe

07.07.2009 21:00

Hallo und :hallo:

Dieben wir doch bei den Kollegen vom HJT-Forum:

Zitat:

Ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden. Es ist wichtig, dass Du solange mitarbeitest, bis wir sagen, dass der Rechner "sauber" ist, auch wenn die Symptome eventuell nach den ersten Aktionen verschwunden sein sollten. Dazu gehört auch, keine weiteren Programme zu installieren oder Scans durchzuführen, ausser wenn es hier entsprechend angeordnet wird. Wenn Du dazu bereit bist, arbeite die folgenden Punkte in der angegebenen Reihenfolge ab. Drucke die Anleitungen zur Bereinigung Deines Systems am besten aus. Lese zunächst alles durch und wenn Dir etwas unklar ist, bitte fragen, bevor Du weitermachst.

Wenn Du mit dem Abarbeiten der einzelnen Punkte fertig bist, kontrolliere aufmerksam, ob Du keinen Punkt vergessen und alle angeforderten Logfiles in Code-Tags gepostet hast. Ergänze Deine jeweils letzten Beiträge solange über den "Ändern-Button", bis Dir jemand geantwortet hat. Wichtig: Bitte während unserer Reinigungphase nur Programme installieren, die wir anordnen. Bitte alle Aktionen, die wir anordnen nicht in einem eingeschränkten Userkonto ausführen, sondern vom Hauptuserkonto aus.

Hinweis an Vistabenutzer: Alle Programme mit Mausklick rechts => Ausführen als Administrator starten.

1.) Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Sollte sich ComboFix nicht starten lassen, dann benenne es um in cofi.exe und versuche es nocheinmal.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

2.) Systemdetails mit RSIT prüfen

Lade Random's System Information Tool (RSIT) von random/random herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt hier in den Thread.

ciao, andreas

shirocko

09.07.2009 13:50

sry aber der combofix download geht nicht

john.doe

09.07.2009 16:03

Versuche den hier => Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de

ciao, andreas

shirocko

09.07.2009 21:16

okay hat soweit geklappt
hier die logs, hoffe ihr könnt mir helfen:

ComboFix Log:

Code:

ComboFix 09-07-08.07 - Admin 09.07.2009 20:42.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1031.18.2046.965 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\cofixilein.exe

AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Security Suite CBE *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\TEMP\logishrd\LVPrcInj01.dll
 

.

(((((((((((((((((((((((   Dateien erstellt von 2009-06-09 bis 2009-07-09  ))))))))))))))))))))))))))))))

.
 

2009-07-09 19:09 . 2009-07-09 19:20        --------        d-----w-        c:\users\***\AppData\Local\temp

2009-07-06 13:19 . 2009-07-06 13:19        --------        d-----w-        c:\program files\Trend Micro

2009-07-05 09:57 . 2009-02-12 09:41        973312        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

2009-07-04 10:35 . 2009-07-04 10:35        90112        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

2009-07-04 10:35 . 2009-07-04 10:35        307200        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe

2009-07-04 10:35 . 2009-07-04 10:35        172032        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe

2009-07-04 10:27 . 2009-07-04 10:27        --------        d-----w-        c:\users\***\AppData\Roaming\Vodafone

2009-07-04 10:27 . 2009-07-04 10:27        --------        d-----w-        c:\programdata\InstallShield

2009-07-04 10:25 . 2008-03-17 09:05        101632        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys

2009-07-04 10:24 . 2009-07-04 10:24        --------        d-----w-        c:\programdata\Vodafone

2009-07-04 10:24 . 2009-07-04 10:24        --------        d-----w-        c:\program files\Vodafone

2009-07-03 15:21 . 2009-07-03 15:21        --------        d-----w-        c:\users\***\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}

2009-07-02 12:49 . 2009-07-02 12:49        1029456        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe

2009-07-02 12:49 . 2009-07-02 12:49        314712        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe

2009-07-02 12:49 . 2009-07-02 12:49        25440        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll

2009-07-02 12:49 . 2009-07-02 12:49        169312        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll

2009-07-02 12:49 . 2009-07-02 12:49        348496        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll

2009-07-02 12:49 . 2009-07-02 12:49        298336        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll

2009-07-02 12:48 . 2009-07-02 12:48        84832        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll

2009-07-02 12:48 . 2009-07-02 12:48        1630560        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll

2009-07-02 12:48 . 2009-07-02 12:48        40288        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll

2009-07-02 12:48 . 2009-07-02 12:48        246128        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll

2009-07-02 12:48 . 2009-07-02 12:48        85352        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe

2009-07-02 12:48 . 2009-07-02 12:48        664424        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll

2009-07-02 12:48 . 2009-07-02 12:48        563064        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2009-07-02 12:48 . 2009-07-02 12:48        566632        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2009-07-02 12:48 . 2009-07-02 12:48        2352968        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2009-07-02 12:48 . 2009-07-02 12:48        629072        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe

2009-07-02 12:48 . 2009-07-02 12:48        520024        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe

2009-06-21 19:40 . 2006-12-20 12:23        114688        ------w-        c:\windows\system32\pcleDVdc.dll

2009-06-21 19:40 . 2006-12-20 12:23        90112        ------w-        c:\windows\system32\pcleDVcd.dll

2009-06-21 19:40 . 2006-12-20 12:23        90112        ------w-        c:\windows\system32\pcleADV.dll

2009-06-21 19:40 . 2006-12-20 12:23        90112        ------w-        c:\windows\system32\ACnvrtX.dll

2009-06-21 19:40 . 2006-12-20 12:23        876544        ------w-        c:\windows\system32\CSCnvrtX.dll

2009-06-14 10:00 . 2009-04-30 12:37        428544        ----a-w-        c:\windows\system32\EncDec.dll

2009-06-14 10:00 . 2009-04-30 12:37        293376        ----a-w-        c:\windows\system32\psisdecd.dll

2009-06-11 11:53 . 2009-06-11 11:53        --------        d-----w-        c:\program files\Western Digital Corporation
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-09 19:15 . 2008-07-17 16:29        1528540192        --sha-w-        c:\windows\system32\drivers\fidbox.dat

2009-07-09 19:13 . 2008-01-11 15:07        --------        d-----w-        c:\programdata\VMware

2009-07-09 19:11 . 2008-07-17 16:29        20476004        --sha-w-        c:\windows\system32\drivers\fidbox.idx

2009-07-09 18:33 . 2008-02-03 23:54        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2009-07-09 16:23 . 2006-11-02 15:48        737124        ----a-w-        c:\windows\system32\perfh007.dat

2009-07-09 16:23 . 2006-11-02 15:48        166582        ----a-w-        c:\windows\system32\perfc007.dat

2009-07-09 16:19 . 2008-07-01 19:03        169936        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe

2009-07-09 16:16 . 2007-12-25 01:38        --------        d-----w-        c:\programdata\Kaspersky Lab

2009-07-09 16:13 . 2008-01-11 15:11        --------        d-----w-        c:\users\***\AppData\Roaming\VMware

2009-07-05 21:54 . 2007-12-25 12:20        --------        d-----w-        c:\users\***\AppData\Roaming\Skype

2009-07-05 18:12 . 2008-09-30 15:27        56        ---ha-w-        c:\programdata\ezsidmv.dat

2009-07-05 18:12 . 2007-12-25 12:21        --------        d-----w-        c:\users\***\AppData\Roaming\skypePM

2009-07-04 16:09 . 2007-12-26 22:08        --------        d-----w-        c:\users\***\AppData\Roaming\FileZilla

2009-07-04 10:24 . 2007-12-25 01:23        --------        d-----w-        c:\program files\Common Files\InstallShield

2009-07-02 15:29 . 2008-02-03 23:54        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2009-06-29 07:35 . 2007-12-26 22:00        --------        d-----w-        c:\program files\Google

2009-06-26 19:38 . 2009-06-06 18:44        --------        d-----w-        c:\program files\FileZilla Client

2009-06-25 06:13 . 2008-04-28 12:51        --------        d-----w-        c:\users\***\AppData\Roaming\Free Download Manager

2009-06-24 05:54 . 2007-12-25 13:38        --------        d-----w-        c:\program files\Mozilla Thunderbird

2009-06-18 15:50 . 2008-04-03 13:57        --------        d-----w-        c:\users\***\AppData\Roaming\Audacity

2009-06-14 15:58 . 2007-12-27 00:00        --------        d-----w-        c:\programdata\Microsoft Help

2009-06-06 15:23 . 2007-12-26 18:53        --------        d-----w-        c:\users\***\AppData\Roaming\Apple Computer

2009-06-06 12:38 . 2008-07-10 17:51        --------        d-----w-        c:\program files\iTunes

2009-06-06 12:37 . 2009-06-06 12:37        --------        d-----w-        c:\program files\iPod

2009-06-06 12:37 . 2007-12-26 18:49        --------        d-----w-        c:\program files\Common Files\Apple

2009-06-06 12:33 . 2008-01-11 12:19        --------        d-----w-        c:\program files\QuickTime Alternative

2009-06-06 12:20 . 2009-06-06 12:20        75048        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-01 14:11 . 2009-05-11 20:22        1        ----a-w-        c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-06-01 11:57 . 2009-06-01 11:57        15688        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe

2009-05-21 14:28 . 2008-07-17 16:36        94643        ----a-w-        c:\windows\system32\drivers\klick.dat

2009-05-21 14:28 . 2008-07-17 16:36        105395        ----a-w-        c:\windows\system32\drivers\klin.dat

2009-05-19 16:31 . 2007-12-25 01:18        130424        ----a-w-        c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-19 16:11 . 2008-01-07 18:20        --------        d-----w-        c:\program files\Microsoft Works

2009-05-18 16:55 . 2009-05-18 16:54        --------        d-----w-        c:\users\***\AppData\Roaming\AllDup

2009-05-18 16:53 . 2009-05-18 16:53        --------        d-----w-        c:\program files\AllDup

2009-05-17 14:37 . 2009-05-17 14:37        64160        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys

2009-05-13 06:24 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2009-05-11 20:22 . 2009-05-11 20:22        --------        d-----w-        c:\users\***\AppData\Roaming\OpenOffice.org

2009-05-11 20:16 . 2009-05-11 20:15        --------        d-----w-        c:\program files\OpenOffice.org 3

2009-05-09 05:50 . 2009-06-10 07:18        915456        ----a-w-        c:\windows\system32\wininet.dll

2009-05-09 05:34 . 2009-06-10 07:18        71680        ----a-w-        c:\windows\system32\iesetup.dll

2009-05-08 15:11 . 2009-05-08 16:51        44018        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe

2009-05-08 15:11 . 2009-05-08 16:51        16896        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll

2009-05-06 12:23 . 2009-05-07 16:28        372736        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

2009-04-29 18:42 . 2009-05-08 16:51        110592        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll

2009-04-29 18:42 . 2009-05-08 16:51        110592        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll

2009-04-23 12:43 . 2009-06-10 07:18        784896        ----a-w-        c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 07:18        636928        ----a-w-        c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-10 07:18        2033152        ----a-w-        c:\windows\system32\win32k.sys

2007-12-26 19:50 . 2007-12-26 19:50        0        --sh--w-        c:\windows\S1589D1C6.tmp

2006-05-03 09:06 . 2008-07-08 12:39        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47 . 2008-07-08 12:39        31232        --sh--r-        c:\windows\System32\msfDX.dll

2008-03-16 12:30 . 2008-07-08 12:39        216064        --sh--r-        c:\windows\System32\nbDX.dll

.
 

(((((((((((((((((((((((((((((   SnapShot@2009-07-09_17.28.16   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-09 19:09 . 2009-07-09 19:13        16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-09 17:22 . 2009-07-09 17:26        16384              c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-09 17:22 . 2009-07-09 17:26        16384              c:\windows\Temp\History\History.IE5\index.dat

+ 2009-07-09 19:09 . 2009-07-09 19:13        16384              c:\windows\Temp\History\History.IE5\index.dat

- 2009-07-09 17:22 . 2009-07-09 17:26        16384              c:\windows\Temp\Cookies\index.dat

+ 2009-07-09 19:09 . 2009-07-09 19:13        16384              c:\windows\Temp\Cookies\index.dat

+ 2007-12-25 02:18 . 2009-07-09 19:16        72842              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:03 . 2009-07-09 19:17        82004              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2007-12-25 01:19 . 2009-07-09 19:17        13888              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-952325796-3084994041-2608643616-1000_UserData.bin

+ 2006-11-02 13:00 . 2009-07-09 18:26        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:00 . 2009-07-09 16:14        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2006-11-02 13:00 . 2009-07-09 16:14        49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 13:00 . 2009-07-09 18:26        49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2006-11-02 13:00 . 2009-07-09 16:14        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-11-02 13:00 . 2009-07-09 18:26        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-09 17:24 . 2009-07-09 17:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-07-09 19:12 . 2009-07-09 19:12        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-07-09 19:12 . 2009-07-09 19:12        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-09 17:24 . 2009-07-09 17:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk

backup=c:\windows\pss\PDFCreator.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk

backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]

path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

backup=c:\windows\pss\DSL-Manager.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]

path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

shirocko

09.07.2009 21:18

Forsetzung ComboFixLog:

Code:

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]

path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi

"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi

"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server

"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server

"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server

"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server

"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance

"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance

"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program

"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program

"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE

"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE

"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009

"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009

"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
 

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [20.05.2008 03:58 39472]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19.01.2009 14:57 64160]

R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [11.06.2008 16:59 254440]

R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29.06.2007 17:32 62056]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [18.10.2006 18:39 17920]

R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [06.01.2008 15:35 16448]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 12:05 20496]

R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [11.06.2008 16:59 372584]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.05.2008 12:07 61424]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30.04.2008 01:15 1153368]

R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator  3\SynoDrService.exe [06.08.2007 20:36 557056]

R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [29.08.2008 08:29 185640]

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10.12.2008 10:49 185640]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [14.06.2008 15:02 282709]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [14.06.2008 15:02 122971]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04.07.2008 12:52 14336]

R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [09.05.2008 21:05 1650781]

R3 ndasbus;NDAS Bus Driver;c:\windows\System32\drivers\ndasbus.sys [29.06.2007 17:32 75880]

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [05.02.2007 10:26 247808]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136]

R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [05.04.2008 13:23 294912]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07.01.2008 10:37 25088]

R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25.12.2007 15:30 13976]

S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54;c:\program files\Google\Update\GoogleUpdate.exe [02.06.2009 17:51 133104]

S3 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13.06.2008 04:05 24635]

S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [28.02.2008 19:12 26816]

S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:\windows\System32\drivers\DLKRT32.sys [30.09.2008 00:02 70144]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]

S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [06.01.2008 15:34 17536]

S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\System32\drivers\ndasscsi.sys [29.06.2007 17:32 187368]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [04.04.2008 15:17 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [04.04.2008 15:17 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [04.04.2008 15:17 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [04.04.2008 15:19 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [04.04.2008 15:18 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [04.04.2008 15:19 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [04.04.2008 15:20 97704]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Inhalt des "geplante Tasks" Ordners
 

2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:48]
 

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
 

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
 

2009-07-09 c:\windows\Tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job

- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.t-online.de/

uInternet Settings,ProxyOverride = *.local

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\

FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de

FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=

FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-09 21:15

Windows 6.0.6001 Service Pack 1 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 
 

c:\windows\TEMP\TMP0000004E5B28E17ADED62EA9 524288 bytes executable
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 1
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]

"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]

"gaakomjbdaejdn"=hex:63,61,64,67,6b,6d,00,77
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'lsass.exe'(1172)

c:\windows\system32\relog_ap.dll
 

- - - - - - - > 'Explorer.exe'(10844)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\T-Online\DSL-Manager\Deskband.dll

c:\windows\system32\BsLangInDepRes.dll

c:\windows\system32\Bs2Res.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\mysql\bin\mysqld-nt.exe

c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe

c:\program files\NDAS\System\ndassvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\program files\VMware\VMware Server\vmware-authd.exe

c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

c:\windows\System32\vmnat.exe

c:\windows\System32\VSSVC.exe

c:\progra~1\COMMON~1\X10\Common\X10nets.exe

c:\windows\System32\vmnetdhcp.exe

c:\windows\System32\WUDFHost.exe

c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe

c:\windows\System32\conime.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2009-07-09 21:36 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2009-07-09 19:35

ComboFix2.txt  2009-07-09 17:51
 

Vor Suchlauf: 9.511.886.848 Bytes frei

Nach Suchlauf: 9.351.917.568 Bytes frei
 

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,44

465        --- E O F ---        2009-06-30 06:02

shirocko

09.07.2009 21:24

info.txt

Code:

info.txt logfile of random's system information tool 1.06 2009-07-09 21:50:35
 

======Uninstall list======
 

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}

-->MsiExec.exe /I{09715083-BF10-4834-9E28-B5D8820513CA}

-->MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}

-->MsiExec.exe /I{35103A8A-E9D8-40FA-AEC7-4D138952DB30}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Acronis*True*Image*Home-->MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}

Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe

Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}

Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe Captivate 3-->MsiExec.exe /X{4B8B4A35-7347-47F9-8293-E47A14E75F0E}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}

Adobe Contribute CS3-->MsiExec.exe /I{FF3E2850-BD2E-4B56-A89D-21E588D518E0}

Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=m:\adobe creative suite 2.0/lang=0407

Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen-->C:\Program Files\Common Files\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe

Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}

Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}

Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}

Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}

Adobe Fireworks CS3-->MsiExec.exe /I{C9D456FD-C25B-49DE-AA71-6B76D6550B23}

Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}

Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}

Adobe Illustrator CS3-->MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}

Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}

Adobe InDesign CS3-->MsiExec.exe /I{411E0CC3-587A-468C-B461-95FAFD05E4DE}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}

Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}

Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}

Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}

Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe Setup-->MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}

Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log

Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}

Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}

Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}

Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}

Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}

Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}

Advanced Port Scanner v1.3-->C:\Program Files\Advanced Port Scanner\uninstal.exe

Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45} 

AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}

AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}

Album Art Downloader XUI 0.24-->C:\Program Files\AlbumArtDownloader\uninst.exe

Alcatech BPM Studio Professional v4.9.1-->C:\PROGRA~1\ALCATech\BPM-ST~1\UNWISE.EXE C:\PROGRA~1\ALCATech\BPM-ST~1\INSTALL.LOG

AllDup 2.0.10-->"C:\Program Files\AllDup\unins000.exe"

AllSync 2.7.60-->"C:\Program Files\AllSync\unins000.exe"

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

Apache HTTP Server 2.2.9-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}

Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Aspell German Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"

Audacity 1.3.5 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"

Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

BDE_ENT-->MsiExec.exe /I{E966F0CC-76B3-11D3-945B-00C04FB1760A}

Bluesoleil 5.0.5.178-->MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Bus Simulator 2008-->"C:\Program Files\Bus Simulator 2008\unins000.exe"

Camtasia Studio 5-->MsiExec.exe /I{9B7802FF-2E35-4361-8A82-D207C7E9F99B}

Canon iP4300 Benutzerregistrierung-->C:\Program Files\Canon\IJEREG\iP4300\UNINST.EXE

Canon iP4300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0007

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDCheck-->"C:\Program Files\CDCheck\uninst.exe"

CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}

CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe

CodingFTP 2008-->"C:\Program Files\Coding FTP\unins000.exe"

Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}

Crystal Reports Basic German Language Pack for Visual Studio 2008-->MsiExec.exe /X{3924C3E7-C440-4B23-9740-9A9EC0545F21}

CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall

Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}

DebugMode Wink-->"C:\Program Files\DebugMode\Wink\uninst.exe"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DSL-Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7 

DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.0.0-->"C:\Program Files\DVDFab 5\unins000.exe"

EasyBCD 1.7-->C:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

FastXplore-->MsiExec.exe /I{AB3AC948-4E8A-4D0F-82F8-5EDE2DB7BA78}

FastXplore-->MsiExec.exe /I{FFE2D245-B9C7-4A0C-9310-828D80D6F5D2}

FileZilla Client 3.2.5-->C:\Program Files\FileZilla Client\uninstall.exe

FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"

FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe

FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul

Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"

Free FLV Converter V 5.0-->"C:\Program Files\Free FLV Converter\unins000.exe"

Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"

Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"

FreeMind-->"C:\Program Files\FreeMind\unins000.exe"

GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

GlassFish V2 UR2-->"C:\Program Files\glassfish-v2ur2\uninstall.exe"

GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"

Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GTA2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9 

GTK+ Runtime 2.12.8 rev a (nur entfernen)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix für Microsoft Visual Studio 2008 Professional Edition - DEU (KBKB952241)-->C:\Windows\system32\msiexec.exe /package {445174EA-3D3A-308E-84AD-446127E71441} /uninstall {DC93B23E-0882-46A9-B45F-3B6F279EFB39} /qb+ REBOOTPROMPT=""

HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot

HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9  anything

ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

IE7Pro-->C:\Program Files\IEPro\uninst.exe

Internet Explorer Developer Toolbar-->MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

iTSfv 5.60.24.1 BETA-->"C:\Program Files\iTSfv\unins000.exe"

iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}

Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}

Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java(TM) SE Development Kit 6 Update 10-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160100}

Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}

Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}

KC Softwares SUMo-->"C:\Program Files\KC Softwares\SUMo\unins000.exe"

KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}

Labtec Legacy USB Camera-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.1130\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress

Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"

Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}

Logitech QuickCam-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress

Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly

MagicDirector 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe"  -uninstall

MakeDisc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe"  -uninstall

Maple 11-->"C:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"

MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.exe"  -uninstall

Media Converter SA Edition 0.8-->C:\Program Files\Media Converter SA Edition\uninst.exe

MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe

MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe"  -uninstall

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}

Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 SDK - DEU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft .NET Framework 2.0 SDK - DEU\install.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe

Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Device Emulator Version 3.0 - DEU-->MsiExec.exe /X{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}

Microsoft Document Explorer 2008 Language Pack - DEU-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008 Language Pack - DEU\install.exe

Microsoft Document Explorer 2008 Language Pack - DEU-->MsiExec.exe /X{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}

Microsoft Document Explorer 2008-->C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe

Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}

Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}

Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}

Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}

Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

shirocko

09.07.2009 21:25

info.txt fortsetzung 1

Code:

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}

Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}

Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}

Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0407-0000-0000000FF1CE} /uninstall {0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}

Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}

Microsoft Office Visual Web Developer MUI (German) 2007-->MsiExec.exe /X{90120000-0021-0407-0000-0000000FF1CE}

Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}

Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server Compact 3.5 Design Tools DEU-->MsiExec.exe /X{E32260E7-0B10-43C7-9B77-AB9F4184676D}

Microsoft SQL Server Compact 3.5 DEU-->MsiExec.exe /I{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}

Microsoft SQL Server Compact 3.5 for Devices DEU-->MsiExec.exe /I{1C3ADB5F-750E-4453-AC98-B75C5323845C}

Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}

Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4}

Microsoft Tool Web Package : EXTRACT.EXE-->MsiExec.exe /X{D52A721B-E44C-4AD7-AD4F-29D83144384B}

Microsoft Train Simulator-->"C:\Program Files\Microsoft Games\Train Simulator\UNINSTAL.EXE" /runtemp /addremove

Microsoft Visual Basic 2008 Express Edition - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - DEU\setup.exe

Microsoft Visual Basic 2008 Express Edition - DEU-->MsiExec.exe /X{56403FFF-145E-35C5-A090-96598BE57FB8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe

Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack\install.exe

Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}

Microsoft Visual Studio 2008 Professional Edition - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - DEU\setup.exe

Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}

Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}

Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}

Microsoft Windows SDK for Visual Studio 2008 Tools-->MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}

Microsoft Windows SDK for Visual Studio 2008 Win32 Tools-->MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}

Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Sunbird (0.9)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe

Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

Mp3tag v2.42-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE

MSDN Library for Visual Studio 2008 - DEU-->MsiExec.exe /X{D475588F-91C9-365E-AB40-D588111DD7C4}

MSDN Library für Visual Studio 2008 - DEU-->C:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - DEU\setup.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MySQL Server 5.0-->MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}

NcFTP 3.2.1-->C:\PROGRA~1\NcFTP\UNWISE.EXE C:\PROGRA~1\NcFTP\INSTALL.LOG

Nero 8 Ultra Edition HD-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}

Nero Mega Plugin Pack-->MsiExec.exe /I{EF901A4B-A25A-4962-83C6-C6691D062ED9}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NetBeans IDE 6.1-->"C:\Program Files\NetBeans 6.1\uninstall.exe"

Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}

Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}

Paint.NET v3.35-->MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}

Paragon Partition Manager 9.0 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x7 

PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7 

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

PhET-->C:\Program Files\PhET-1.0\uninstall.exe

PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe"  -uninstall

phpDesigner 2008 version 6.0.1.2-->"C:\Program Files\phpDesigner 2008\unins000.exe"

Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe

Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x7 UNINSTALL

Powerbullet Presenter-->"C:\Program Files\Powerbullet\unins000.exe"

PowerCinema Linux 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}\Setup.exe"  -uninstall

PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe"  -uninstall

PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall

Prism 0.8-->"C:\Program Files\Prism\unins000.exe"

PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"

QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

RAD Studio-->"C:\ProgramData\{2EB4C530-C94F-4893-ABDC-C1E05A89956E}\Setup.exe" REMOVE=TRUE MODIFY=FALSE

RAD Studio-->C:\ProgramData\{2EB4C530-C94F-4893-ABDC-C1E05A89956E}\Setup.exe

Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

RouterControl 1.90-->C:\Windows\RCoUn0.exe /UnInst:"C:\Windows\RouterControl_Uninstall.in"

Screencast.com Desktop Uploader-->MsiExec.exe /I{3A34D76D-CF17-451E-A862-766F1918A0D7}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb

Setl2 for Windows-->MsiExec.exe /I{F464454C-B3AD-4C94-9065-ABBCBDE506F8}

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

Sony Ericsson Themes Creator 3.32-->C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe

SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000004}

Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0007 UNINSTALL -removeonly

Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}

SUPER © Version 2008.bld.32 (July 8, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0

Synology Assistant-->MsiExec.exe /I{C59ADB1C-0403-4A11-8930-9F81ABC71908}

Synology Data Replicator  3-->MsiExec.exe /I{8E310838-457C-4269-B177-3EFB300CBDDC}

Synology Download Redirector-->MsiExec.exe /I{B1E9B7ED-8187-433a-9EAE-20DF1A8968B1}

Systemsteuerung "MobileMe"-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}

TeamViewer 3-->C:\Program Files\TeamViewer3\uninstall.exe

TeamViewer 4 Host-->C:\Program Files\TeamViewer\Version4\uninstall.exe

T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS

T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7

Tools für Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}

Total Commander (Remove or Repair)-->C:\Program Files\Total Commander\tcuninst.exe

TrainSimPro "Streckenpack" 1.0-->"C:\Program Files\Microsoft Games\Train Simulator\SETUP.1\setup.exe" /u

TrekStor NDAS-Software 3.20.1523-->MsiExec.exe /I{07C16B8B-AE11-4515-888F-0BD2E0A9F2AD}

Tunatic-->"C:\Windows\lsb_un20.exe" /C=UC /N=Tunatic

TV Enhance-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4C891D6-6844-41B8-86E8-633CACCC644F}\setup.exe"  -uninstall

Ulead GIF Animator Lite Edition 1.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\Ulead GIF Animator Lite Edition\GALE.isu"

Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall

Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"

Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe

Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}

Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}

Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}

Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}

Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}

Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}

UpdateStar-->MsiExec.exe /X{6DEF9FB2-6BDD-4CE8-A93F-FA56DABEF8AC}

VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VIA Plattform-Geräte-Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} 

video2brain Training-->C:\Program Files\video2brain Training\uninst.exe

VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}

VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"

VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}

VistaGlazz-->MsiExec.exe /X{CCBCD550-D91D-443D-9CF0-0CD02D2FDB95}

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe

Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe

Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}

Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU\install.exe

VMware Server-->MsiExec.exe /I{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}

VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"

Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}

Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}

Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}

Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}

Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

shirocko

09.07.2009 21:26

info.txt ende

Code:

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}

Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{DA7F48EF-5F56-45FE-9169-3B8159A7A323}

Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

Windows-Soundschemas-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall

WinHTTrack Website Copier 3.43-4-->"C:\Program Files\WinHTTrack\unins000.exe"

WinRAR-->C:\Program Files\WinRAR\uninstall.exe

X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

XMedia Recode 2.0.5.3-->C:\Program Files\XMedia Recode\uninst.exe

XnView 1.93.6-->"C:\Program Files\XnView\unins000.exe"

Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

XviD MPEG4 Video Codec (remove only)-->"C:\Windows\system32\xvid-uninstall.exe"

Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}

Zattoo 3.3.2 Beta-->C:\Program Files\Zattoo\uninst.exe
 

======Security center information======
 

AV: Kaspersky Security Suite CBE (disabled)

FW: Kaspersky Security Suite CBE

AS: Spybot - Search and Destroy (disabled)

AS: Lavasoft Ad-Watch Live! (disabled)

AS: Windows-Defender

AS: Kaspersky Security Suite CBE (disabled)
 

======System event log======
 

Computer Name: Vista

Event Code: 7036

Message: Dienst "Startprogramm für Windows Media Center" befindet sich jetzt im Status "Beendet".

Record Number: 281994

Source Name: Service Control Manager

Time Written: 20090709195012.000000-000

Event Type: Informationen

User: 
 

Computer Name: Vista

Event Code: 7036

Message: Dienst "KtmRm für Distributed Transaction Coordinator" befindet sich jetzt im Status "Ausgeführt".

Record Number: 281995

Source Name: Service Control Manager

Time Written: 20090709195019.000000-000

Event Type: Informationen

User: 
 

Computer Name: Vista

Event Code: 7036

Message: Dienst "TPM-Basisdienste" befindet sich jetzt im Status "Beendet".

Record Number: 281996

Source Name: Service Control Manager

Time Written: 20090709195019.000000-000

Event Type: Informationen

User: 
 

Computer Name: Vista

Event Code: 537

Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.

Record Number: 281997

Source Name: Microsoft-Windows-TBS

Time Written: 20090709195019.224626-000

Event Type: Informationen

User: NT-AUTORITÄT\LOKALER DIENST
 

Computer Name: Vista

Event Code: 7036

Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".

Record Number: 281998

Source Name: Service Control Manager

Time Written: 20090709195025.000000-000

Event Type: Informationen

User: 
 

=====Application event log=====
 

Computer Name: Vista

Event Code: 0

Message: 

Record Number: 63079

Source Name: hpqcxs08

Time Written: 20090709194804.000000-000

Event Type: Informationen

User: 
 

Computer Name: Vista

Event Code: 0

Message: 

Record Number: 63080

Source Name: BsHelpCS

Time Written: 20090709194804.000000-000

Event Type: Informationen

User: 
 

Computer Name: Vista

Event Code: 0

Message: 

Record Number: 63081

Source Name: TDslMgrService

Time Written: 20090709194806.000000-000

Event Type: Informationen

User: 
 

Computer Name: Vista

Event Code: 1

Message: Windows Mobile-based device connectivity service started.

Record Number: 63082

Source Name: RapiMgr

Time Written: 20090709194806.000000-000

Event Type: Informationen

User: 
 

Computer Name: Vista

Event Code: 1

Message: Windows Mobile-2003-based device connectivity service started.

Record Number: 63083

Source Name: WcesComm

Time Written: 20090709194811.000000-000

Event Type: Informationen

User: 
 

=====Security event log=====
 

Computer Name: Vista

Event Code: 5038

Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
 

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys        

Record Number: 84501

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090709195022.615251-000

Event Type: Überwachung gescheitert

User: 
 

Computer Name: Vista

Event Code: 5038

Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
 

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys        

Record Number: 84502

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090709195022.709001-000

Event Type: Überwachung gescheitert

User: 
 

Computer Name: Vista

Event Code: 4648

Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                VISTA$

        Kontodomäne:                MSHEIMNETZ

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Konto, dessen Anmeldeinformationen verwendet wurden:

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Zielserver:

        Zielservername:        localhost

        Weitere Informationen:        localhost
 

Prozessinformationen:

        Prozess-ID:                0x458

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Netzwerkadresse:        -

        Port:                        -
 

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.

Record Number: 84503

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090709195259.755876-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Vista

Event Code: 4624

Message: Ein Konto wurde erfolgreich angemeldet.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                VISTA$

        Kontodomäne:                MSHEIMNETZ

        Anmelde-ID:                0x3e7
 

Anmeldetyp:                        5
 

Neue Anmeldung:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7

        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}
 

Prozessinformationen:

        Prozess-ID:                0x458

        Prozessname:                C:\Windows\System32\services.exe
 

Netzwerkinformationen:

        Arbeitsstationsname:        

        Quellnetzwerkadresse:        -

        Quellport:                -
 

Detaillierte Authentifizierungsinformationen:

        Anmeldeprozess:                Advapi  

        Authentifizierungspaket:        Negotiate

        Übertragene Dienste:        -

        Paketname (nur NTLM):        -

        Schlüssellänge:                0
 

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
 

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
 

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
 

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
 

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
 

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.

         - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.

        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.

        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.

        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.

Record Number: 84504

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090709195259.755876-000

Event Type: Überwachung erfolgreich

User: 
 

Computer Name: Vista

Event Code: 4672

Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
 

Antragsteller:

        Sicherheits-ID:                S-1-5-18

        Kontoname:                SYSTEM

        Kontodomäne:                NT-AUTORITÄT

        Anmelde-ID:                0x3e7
 

Berechtigungen:                SeAssignPrimaryTokenPrivilege

                        SeTcbPrivilege

                        SeSecurityPrivilege

                        SeTakeOwnershipPrivilege

                        SeLoadDriverPrivilege

                        SeBackupPrivilege

                        SeRestorePrivilege

                        SeDebugPrivilege

                        SeAuditPrivilege

                        SeSystemEnvironmentPrivilege

                        SeImpersonatePrivilege

Record Number: 84505

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090709195259.755876-000

Event Type: Überwachung erfolgreich

User: 
 

======Environment variables======
 

"BDSCOMMONDIR"=C:\Users\Public\Documents\RAD Studio\5.0

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip;C:\Program Files\Java\jre6\lib;

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"KMP_DUPLICATE_LIB_OK"=TRUE

"NUMBER_OF_PROCESSORS"=2

"OS"=Windows_NT

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\Program Files\CodeGear\RAD Studio\5.0\bin;C:\Users\Public\Documents\RAD Studio\5.0\Bpl;C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2;C:\PROGRA~1\NcFTP;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Java\jdk1.6.0_07\bin;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Tcl\bin;C:\Users\Admin\AppData\Local\Start++\LNKs;C:\Users\Admin\AppData\Local\Start++\CMDs;C:\mysql\bin;C:\Users\Public\Documents\RAD Studio\5.0;C:\Program Files\QuickTime Alternative\QTSystem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=0f06

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"VS90COMNTOOLS"=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

"WATCOM"=C:\watcom-1.3

"windir"=%SystemRoot%
 

-----------------EOF-----------------

shirocko

09.07.2009 21:27

log.txt

Code:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Admin at 2009-07-09 21:49:10

Microsoft® Windows Vista™ Ultimate  Service Pack 1

System drive C: has 9 GB (6%) free of 154 GB

Total RAM: 2046 MB (40% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:50:24, on 09.07.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Admin\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Admin.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O13 - Gopher Prefix: 

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1208959603510

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208959493218

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208959527273

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\apache\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: gupdate1c9e39a101dcf54 - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: MySQL - Unknown owner - c:\mysql\bin\mysqld-nt.exe

O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SynoDrService - Unknown owner - C:\Program Files\Synology Data Replicator  3\SynoDrService.exe

O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe

O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe

O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

--

End of file - 15008 bytes
 

======Scheduled tasks folder======
 

C:\Windows\tasks\Ad-Aware Update (Weekly).job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]

IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-02-04 752744]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]

ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-09 320920]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]

IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-09 34816]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-27 118784]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

{0BF43445-2F28-4351-9252-17FE6E806AA0}

shirocko

09.07.2009 21:28

log.txt teil 2

Code:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208]

"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]

"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-08-31 2622232]

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-08-31 907040]

"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-08-31 140568]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-02 520024]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]

C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2007-09-10 258134]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

C:\Windows\system32\DUMeter.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]

C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2007-12-25 937984]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

C:\Program Files\ICQ6\ICQ.exe silent []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn]

C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe [2007-02-13 94212]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\Windows\system32\NvCpl.dll [2007-11-06 8530464]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

C:\Windows\system32\nvsvc.dll [2007-11-06 86016]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime Alternative\QTTask.exe [2009-05-26 413696]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Audio Engine]

mmrtkrnl.exe /i []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Windows\RtHDVCpl.exe [2007-11-14 4706304]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

C:\Windows\Skytel.exe [2007-10-11 1826816]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start++]

C:\Program Files\Brandon Paddock\Start++\Start++.exe /startup []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-09 136600]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-08-31 2622232]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]

C:\Program Files\Home Cinema\TV Enhance\TVEService.exe [2006-10-19 151552]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]

C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-11-16 25214]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE -systray -startup []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

C:\apache\bin\APACHE~1.EXE [2008-06-13 41041]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]

C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2008-02-27 2641920]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]

C:\PROGRA~1\NDAS\System\ndasmgmt.exe [2007-07-03 223744]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]

C:\PROGRA~1\T-Online\DSL-MA~1\DslMgr.exe [2007-11-26 1085440]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]

C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-02-13 493832]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

C:\apache\bin\APACHE~1.EXE [2008-06-13 41041]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2008-10-25 98696]
 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2\r3hook.dll C:\PROGRA~1\KASPER~1\KASPER~2\adialhk.dll"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\Windows\system32\klogon.dll [2008-02-08 219664]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-12-25 233888]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 

======File associations======
 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\dreamweaver.exe","%1"
 

======List of files/folders created in the last 1 months======
 

2009-07-09 21:49:10 ----D---- C:\rsit

2009-07-09 21:37:23 ----A---- C:\ComboFix.txt

2009-07-09 21:15:31 ----SHD---- C:\$RECYCLE.BIN

2009-07-09 18:44:01 ----A---- C:\Windows\zip.exe

2009-07-09 18:44:01 ----A---- C:\Windows\SWXCACLS.exe

2009-07-09 18:44:01 ----A---- C:\Windows\SWSC.exe

2009-07-09 18:44:01 ----A---- C:\Windows\SWREG.exe

2009-07-09 18:44:01 ----A---- C:\Windows\sed.exe

2009-07-09 18:44:01 ----A---- C:\Windows\PEV.exe

2009-07-09 18:44:01 ----A---- C:\Windows\NIRCMD.exe

2009-07-09 18:44:01 ----A---- C:\Windows\grep.exe

2009-07-09 18:43:02 ----D---- C:\Qoobox

2009-07-06 15:19:47 ----D---- C:\Program Files\Trend Micro

2009-07-04 12:27:20 ----D---- C:\Users\Admin\AppData\Roaming\Vodafone

2009-07-04 12:27:15 ----D---- C:\ProgramData\InstallShield

2009-07-04 12:24:32 ----ASH---- C:\Users\Admin\AppData\Roaming\desktop.ini

2009-07-04 12:24:12 ----D---- C:\ProgramData\Vodafone

2009-07-04 12:24:02 ----D---- C:\Program Files\Vodafone

2009-07-02 15:48:05 ----A---- C:\Windows\wininit.ini

2009-06-21 21:40:40 ----N---- C:\Windows\system32\pcleDVdc.dll

2009-06-21 21:40:39 ----N---- C:\Windows\system32\pcleDVcd.dll

2009-06-21 21:40:39 ----N---- C:\Windows\system32\pcleADV.dll

2009-06-21 21:40:37 ----N---- C:\Windows\system32\CSCnvrtX.dll

2009-06-21 21:40:37 ----N---- C:\Windows\system32\ACnvrtX.dll

2009-06-14 17:56:40 ----D---- C:\Windows\system32\WindowsPowerShell

2009-06-14 12:00:04 ----A---- C:\Windows\system32\EncDec.dll

2009-06-14 12:00:03 ----A---- C:\Windows\system32\psisdecd.dll

2009-06-11 13:53:42 ----D---- C:\Program Files\Western Digital Corporation

2009-06-10 09:18:17 ----A---- C:\Windows\system32\mshtml.dll

2009-06-10 09:18:16 ----A---- C:\Windows\system32\ieframe.dll

2009-06-10 09:18:15 ----A---- C:\Windows\system32\wininet.dll

2009-06-10 09:18:15 ----A---- C:\Windows\system32\urlmon.dll

2009-06-10 09:18:15 ----A---- C:\Windows\system32\iertutil.dll

2009-06-10 09:18:14 ----A---- C:\Windows\system32\jsproxy.dll

2009-06-10 09:18:14 ----A---- C:\Windows\system32\ieui.dll

2009-06-10 09:18:14 ----A---- C:\Windows\system32\iesetup.dll

2009-06-10 09:18:14 ----A---- C:\Windows\system32\iernonce.dll

2009-06-10 09:18:14 ----A---- C:\Windows\system32\iedkcs32.dll

2009-06-10 09:18:14 ----A---- C:\Windows\system32\ie4uinit.exe

2009-06-10 09:18:10 ----A---- C:\Windows\system32\localspl.dll

2009-06-10 09:18:03 ----A---- C:\Windows\system32\rpcrt4.dll
 

======List of files/folders modified in the last 1 months======
 

2009-07-09 21:49:15 ----D---- C:\Windows\Temp

2009-07-09 21:47:26 ----D---- C:\Windows\system32\catroot2

2009-07-09 21:46:54 ----D---- C:\ProgramData\VMware

2009-07-09 21:46:52 ----A---- C:\Windows\system32\LOCALSERVICE.INI

2009-07-09 21:46:45 ----A---- C:\Windows\system32\bscs.ini

2009-07-09 21:37:39 ----D---- C:\Windows\system32\de-DE

2009-07-09 21:37:39 ----D---- C:\Windows\System32

2009-07-09 21:37:38 ----D---- C:\Windows\system32\drivers

2009-07-09 21:17:48 ----D---- C:\Windows

2009-07-09 21:17:48 ----A---- C:\Windows\system.ini

2009-07-09 21:02:22 ----D---- C:\Windows\AppPatch

2009-07-09 21:02:19 ----D---- C:\Program Files\Common Files

2009-07-09 20:33:04 ----D---- C:\ProgramData\Spybot - Search & Destroy

2009-07-09 20:32:51 ----D---- C:\Windows\Debug

2009-07-09 20:32:47 ----D---- C:\Windows\Minidump

2009-07-09 19:22:26 ----D---- C:\Windows\ERDNT

2009-07-09 19:21:19 ----SHD---- C:\Windows\Installer

2009-07-09 18:59:19 ----D---- C:\Windows\Prefetch

2009-07-09 18:45:01 ----SHD---- C:\System Volume Information

2009-07-09 18:23:14 ----D---- C:\Windows\inf

2009-07-09 18:23:14 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-07-09 18:16:41 ----D---- C:\ProgramData\Kaspersky Lab

2009-07-09 18:13:08 ----D---- C:\Users\Admin\AppData\Roaming\VMware

2009-07-06 15:19:47 ----D---- C:\Program Files

2009-07-05 23:54:11 ----D---- C:\Users\Admin\AppData\Roaming\Skype

2009-07-05 20:12:20 ----D---- C:\Users\Admin\AppData\Roaming\skypePM

2009-07-04 18:09:38 ----D---- C:\Users\Admin\AppData\Roaming\FileZilla

2009-07-04 12:29:52 ----D---- C:\Windows\ModemLogs

2009-07-04 12:27:15 ----HD---- C:\Config.Msi

2009-07-04 12:27:15 ----D---- C:\ProgramData

2009-07-04 12:26:28 ----D---- C:\Windows\system32\catroot

2009-07-04 12:24:07 ----SD---- C:\Windows\Downloaded Program Files

2009-07-04 12:24:02 ----D---- C:\Program Files\Common Files\InstallShield

2009-07-02 17:29:22 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-07-02 08:12:51 ----D---- C:\Program Files\Mozilla Firefox

2009-07-01 08:02:27 ----D---- C:\Windows\Tasks

2009-07-01 08:02:04 ----D---- C:\Windows\system32\Tasks

2009-06-29 09:35:42 ----D---- C:\Program Files\Google

2009-06-28 14:13:27 ----D---- C:\Backup

2009-06-26 21:38:00 ----D---- C:\Program Files\FileZilla Client

2009-06-25 08:13:48 ----D---- C:\Users\Admin\AppData\Roaming\Free Download Manager

2009-06-24 08:25:00 ----D---- C:\Windows\winsxs

2009-06-24 08:24:59 ----D---- C:\Program Files\Internet Explorer

2009-06-24 07:54:45 ----D---- C:\Program Files\Mozilla Thunderbird

2009-06-18 17:50:39 ----D---- C:\Users\Admin\AppData\Roaming\Audacity

2009-06-15 10:07:04 ----D---- C:\Windows\rescache

2009-06-15 10:05:38 ----D---- C:\Windows\Microsoft.NET

2009-06-15 10:04:42 ----RSD---- C:\Windows\assembly

2009-06-14 23:05:27 ----D---- C:\Windows\ehome

2009-06-14 17:58:55 ----D---- C:\ProgramData\Microsoft Help

2009-06-10 15:35:46 ----D---- C:\Windows\system32\migration

shirocko

09.07.2009 21:30

log.txt ende:

Code:

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]

R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\dslmnlwf.sys [2007-08-01 16448]

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2007-10-31 110096]

R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-07-17 147984]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]

R1 ndasfat;NDAS FAT; \??\C:\Windows\system32\DRIVERS\ndasfat.sys [2007-06-29 372584]

R1 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-03-29 25344]

R2 hcmon;VMware hcmon; \??\C:\Windows\system32\Drivers\hcmon.sys [2008-05-09 22016]

R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-03-21 44416]

R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-05-09 23296]

R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-05-09 15744]

R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2008-05-09 9216]

R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-05-09 97152]

R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [2007-05-01 18480]

R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-09-20 99648]

R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]

R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]

R3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-11-14 2016920]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]

R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]

R3 ndasbus;NDAS Bus Driver; C:\Windows\system32\DRIVERS\ndasbus.sys [2007-06-29 75880]

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-02-05 247808]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 8230496]

R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-10-11 47360]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]

R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]

R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088]

R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]

R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]

R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-05-09 9600]

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]

S3 catchme;catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys []

S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]

S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver; C:\Windows\System32\Drivers\dsltestSp5.sys [2007-09-12 26816]

S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver; C:\Windows\system32\DRIVERS\DLKRT32.sys [2007-01-24 70144]

S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]

S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]

S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]

S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]

S3 ndasscsi;NDAS SCSI Miniport Driver; C:\Windows\system32\DRIVERS\ndasscsi.sys [2007-06-29 187368]

S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]

S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-01-18 131000]

S3 winusb;WinUsb-Treiber; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-18 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-08-31 427288]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]

R2 AVP;Kaspersky Security Suite CBE; C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]

R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 1155180]

R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

R2 MySQL;MySQL; c:\mysql\bin\mysqld-nt MySQL []

R2 ndassvc;NDAS Service; C:\Program Files\NDAS\System\ndassvc.exe [2007-06-29 236520]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-10-19 262247]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SQLBrowser;SQL Server-Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]

R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]

R2 SynoDrService;SynoDrService; C:\Program Files\Synology Data Replicator  3\SynoDrService.exe [2007-08-06 557056]

R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]

R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2008-12-10 185640]

R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-08-31 498872]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2006-10-19 282709]

R2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2006-10-19 122971]

R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Server\vmware-authd.exe [2008-05-09 151643]

R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]

R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-05-09 106496]

R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104]

R2 vmserverdWin32;VMware Registration Service; C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-05-09 1650781]

R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-05-09 135168]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R3 TDslMgrService;DSL-Manager; C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe [2007-11-26 294912]

S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54; C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-02 133104]

S2 PCLEPCI;PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [2005-02-09 14165]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-02 72704]

S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {de_DE} ; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]

S3 Apache2.2;Apache2.2; C:\apache\bin\httpd.exe [2008-06-13 24635]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-24 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-02 1029456]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]

S4 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2007-12-25 586240]

S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-08 3004416]
 

-----------------EOF-----------------

sry dass es so viel ist, aber die 3 logdateien sind nunmal so lang und ich kann hier nur 25000 zeichen posten

ciao shirocko

john.doe

10.07.2009 20:32

1.) Start => Ausführen => combofix /u => OK

2.) Lade dir ein neues Combofix auf den Desktop => Mausklick rechts auf Combofix => Ausführen als Administrator => Log posten (oder bei einem Filehoster hochladen und Link posten).

ciao, andreas

shirocko

10.07.2009 22:01

hi hier die neue log teil1:

Code:

ComboFix 09-07-08.07 - Admin 10.07.2009 22:03.3 - NTFSx86

Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1031.18.2046.974 [GMT 2:00]

ausgeführt von:: c:\users\Admin\Desktop\confixi.exe

AV: Kaspersky Security Suite CBE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Security Suite CBE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Kaspersky Security Suite CBE *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\TEMP\logishrd\LVPrcInj01.dll
 

.

(((((((((((((((((((((((   Dateien erstellt von 2009-06-10 bis 2009-07-10  ))))))))))))))))))))))))))))))

.
 

2009-07-10 20:21 . 2009-07-10 20:29        --------        d-----w-        c:\users\Admin\AppData\Local\temp

2009-07-09 19:49 . 2009-07-09 19:50        --------        d-----w-        C:\rsit

2009-07-06 13:19 . 2009-07-06 13:19        --------        d-----w-        c:\program files\Trend Micro

2009-07-05 09:57 . 2009-02-12 09:41        973312        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

2009-07-04 10:35 . 2009-07-04 10:35        90112        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

2009-07-04 10:35 . 2009-07-04 10:35        307200        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe

2009-07-04 10:35 . 2009-07-04 10:35        172032        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe

2009-07-04 10:27 . 2009-07-04 10:27        --------        d-----w-        c:\users\Admin\AppData\Roaming\Vodafone

2009-07-04 10:27 . 2009-07-04 10:27        --------        d-----w-        c:\programdata\InstallShield

2009-07-04 10:25 . 2008-03-17 09:05        101632        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys

2009-07-04 10:24 . 2009-07-04 10:24        --------        d-----w-        c:\programdata\Vodafone

2009-07-04 10:24 . 2009-07-04 10:24        --------        d-----w-        c:\program files\Vodafone

2009-07-03 15:21 . 2009-07-03 15:21        --------        d-----w-        c:\users\Admin\AppData\Local\{D53238E8-3427-491E-A57E-097FA966AAC1}

2009-07-02 12:49 . 2009-07-02 12:49        1029456        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\AAWService.exe

2009-07-02 12:49 . 2009-07-02 12:49        314712        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\threatwork.exe

2009-07-02 12:49 . 2009-07-02 12:49        25440        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\savapibridge.dll

2009-07-02 12:49 . 2009-07-02 12:49        169312        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\lavamessage.dll

2009-07-02 12:49 . 2009-07-02 12:49        348496        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\lavalicense.dll

2009-07-02 12:49 . 2009-07-02 12:49        298336        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\UpdateManager.dll

2009-07-02 12:48 . 2009-07-02 12:48        84832        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\ShellExt.dll

2009-07-02 12:48 . 2009-07-02 12:48        1630560        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Resources.dll

2009-07-02 12:48 . 2009-07-02 12:48        40288        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\PrivacyClean.dll

2009-07-02 12:48 . 2009-07-02 12:48        246128        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\RPAPI.dll

2009-07-02 12:48 . 2009-07-02 12:48        85352        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe

2009-07-02 12:48 . 2009-07-02 12:48        664424        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\CEAPI.dll

2009-07-02 12:48 . 2009-07-02 12:48        563064        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe

2009-07-02 12:48 . 2009-07-02 12:48        566632        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe

2009-07-02 12:48 . 2009-07-02 12:48        2352968        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Ad-Aware.exe

2009-07-02 12:48 . 2009-07-02 12:48        629072        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\AAWWSC.exe

2009-07-02 12:48 . 2009-07-02 12:48        520024        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\AAWTray.exe

2009-06-21 19:40 . 2006-12-20 12:23        114688        ------w-        c:\windows\system32\pcleDVdc.dll

2009-06-21 19:40 . 2006-12-20 12:23        90112        ------w-        c:\windows\system32\pcleDVcd.dll

2009-06-21 19:40 . 2006-12-20 12:23        90112        ------w-        c:\windows\system32\pcleADV.dll

2009-06-21 19:40 . 2006-12-20 12:23        90112        ------w-        c:\windows\system32\ACnvrtX.dll

2009-06-21 19:40 . 2006-12-20 12:23        876544        ------w-        c:\windows\system32\CSCnvrtX.dll

2009-06-14 10:00 . 2009-04-30 12:37        428544        ----a-w-        c:\windows\system32\EncDec.dll

2009-06-14 10:00 . 2009-04-30 12:37        293376        ----a-w-        c:\windows\system32\psisdecd.dll

2009-06-11 11:53 . 2009-06-11 11:53        --------        d-----w-        c:\program files\Western Digital Corporation
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-10 20:26 . 2008-07-17 16:29        1530023968        --sha-w-        c:\windows\system32\drivers\fidbox.dat

2009-07-10 20:24 . 2008-01-11 15:07        --------        d-----w-        c:\programdata\VMware

2009-07-10 20:22 . 2008-07-17 16:29        20495396        --sha-w-        c:\windows\system32\drivers\fidbox.idx

2009-07-10 19:54 . 2007-12-25 01:38        --------        d-----w-        c:\programdata\Kaspersky Lab

2009-07-10 19:49 . 2008-07-01 19:03        169936        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\FlashGot.exe

2009-07-09 18:33 . 2008-02-03 23:54        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2009-07-09 16:23 . 2006-11-02 15:48        737124        ----a-w-        c:\windows\system32\perfh007.dat

2009-07-09 16:23 . 2006-11-02 15:48        166582        ----a-w-        c:\windows\system32\perfc007.dat

2009-07-09 16:13 . 2008-01-11 15:11        --------        d-----w-        c:\users\Admin\AppData\Roaming\VMware

2009-07-05 21:54 . 2007-12-25 12:20        --------        d-----w-        c:\users\Admin\AppData\Roaming\Skype

2009-07-05 18:12 . 2008-09-30 15:27        56        ---ha-w-        c:\programdata\ezsidmv.dat

2009-07-05 18:12 . 2007-12-25 12:21        --------        d-----w-        c:\users\Admin\AppData\Roaming\skypePM

2009-07-04 16:09 . 2007-12-26 22:08        --------        d-----w-        c:\users\Admin\AppData\Roaming\FileZilla

2009-07-04 10:24 . 2007-12-25 01:23        --------        d-----w-        c:\program files\Common Files\InstallShield

2009-07-02 15:29 . 2008-02-03 23:54        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2009-06-29 07:35 . 2007-12-26 22:00        --------        d-----w-        c:\program files\Google

2009-06-26 19:38 . 2009-06-06 18:44        --------        d-----w-        c:\program files\FileZilla Client

2009-06-25 06:13 . 2008-04-28 12:51        --------        d-----w-        c:\users\Admin\AppData\Roaming\Free Download Manager

2009-06-24 05:54 . 2007-12-25 13:38        --------        d-----w-        c:\program files\Mozilla Thunderbird

2009-06-18 15:50 . 2008-04-03 13:57        --------        d-----w-        c:\users\Admin\AppData\Roaming\Audacity

2009-06-14 15:58 . 2007-12-27 00:00        --------        d-----w-        c:\programdata\Microsoft Help

2009-06-06 15:23 . 2007-12-26 18:53        --------        d-----w-        c:\users\Admin\AppData\Roaming\Apple Computer

2009-06-06 12:38 . 2008-07-10 17:51        --------        d-----w-        c:\program files\iTunes

2009-06-06 12:37 . 2009-06-06 12:37        --------        d-----w-        c:\program files\iPod

2009-06-06 12:37 . 2007-12-26 18:49        --------        d-----w-        c:\program files\Common Files\Apple

2009-06-06 12:33 . 2008-01-11 12:19        --------        d-----w-        c:\program files\QuickTime Alternative

2009-06-06 12:20 . 2009-06-06 12:20        75048        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

2009-06-01 14:11 . 2009-05-11 20:22        1        ----a-w-        c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2009-06-01 11:57 . 2009-06-01 11:57        15688        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\lsdelete.exe

2009-05-21 14:28 . 2008-07-17 16:36        94643        ----a-w-        c:\windows\system32\drivers\klick.dat

2009-05-21 14:28 . 2008-07-17 16:36        105395        ----a-w-        c:\windows\system32\drivers\klin.dat

2009-05-19 16:31 . 2007-12-25 01:18        130424        ----a-w-        c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-19 16:11 . 2008-01-07 18:20        --------        d-----w-        c:\program files\Microsoft Works

2009-05-18 16:55 . 2009-05-18 16:54        --------        d-----w-        c:\users\Admin\AppData\Roaming\AllDup

2009-05-18 16:53 . 2009-05-18 16:53        --------        d-----w-        c:\program files\AllDup

2009-05-17 14:37 . 2009-05-17 14:37        64160        ----a-w-        c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys

2009-05-13 06:24 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2009-05-09 05:50 . 2009-06-10 07:18        915456        ----a-w-        c:\windows\system32\wininet.dll

2009-05-09 05:34 . 2009-06-10 07:18        71680        ----a-w-        c:\windows\system32\iesetup.dll

2009-05-08 15:11 . 2009-05-08 16:51        44018        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\regprot.exe

2009-05-08 15:11 . 2009-05-08 16:51        16896        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\UAC.dll

2009-05-06 12:23 . 2009-05-07 16:28        372736        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

2009-04-29 18:42 . 2009-05-08 16:51        110592        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\prism\components\prism.dll

2009-04-29 18:42 . 2009-05-08 16:51        110592        ----a-w-        c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll

2009-04-23 12:43 . 2009-06-10 07:18        784896        ----a-w-        c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 07:18        636928        ----a-w-        c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-10 07:18        2033152        ----a-w-        c:\windows\system32\win32k.sys

2007-12-26 19:50 . 2007-12-26 19:50        0        --sh--w-        c:\windows\S1589D1C6.tmp

2006-05-03 09:06 . 2008-07-08 12:39        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47 . 2008-07-08 12:39        31232        --sh--r-        c:\windows\System32\msfDX.dll

2008-03-16 12:30 . 2008-07-08 12:39        216064        --sh--r-        c:\windows\System32\nbDX.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-08-31 2622232]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-08-31 140568]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-11 805392]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\r3hook.dll c:\progra~1\KASPER~1\KASPER~2\adialhk.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk

backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk

backup=c:\windows\pss\PDFCreator.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrekStor NDAS-Geräte-Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TrekStor NDAS-Geräte-Manager.lnk

backup=c:\windows\pss\TrekStor NDAS-Geräte-Manager.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk]

path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk

backup=c:\windows\pss\DSL-Manager.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]

path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnk.Startup

backupExtension=.Startup
 

[HKLM\~\startupfolder\C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

shirocko

10.07.2009 22:02

log teil 2:

Code:



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{384D0300-1065-447A-9618-2984903D5C4E}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{5A0011D9-3CEE-4D11-B2F0-29652C363E6D}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

"{74F73FD2-BD8E-49A5-BBAF-D3A37D9453C1}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{8C507270-C3A8-426A-BFC9-9A705B35BD57}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager

"{80C9846C-3DD3-4B9C-9EC8-9729AA35B0D8}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{2F1B2A9C-4DA2-4725-8B38-C785838B8748}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio

"{502A2EFE-9E64-4071-AD8D-B85B01198B17}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{DD43B665-C72F-4300-A6C9-E9CA0DC49033}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile

"{0B1BE74D-6416-4293-8119-455BD46B2072}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi

"{DA89F97C-61CA-467F-A73E-C25A0A15398E}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi

"{0D8D08ED-897F-405C-BD36-69F8AFD1C77C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{98DA941D-798E-4954-9F2D-C879DF2949B0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{5278D635-3ABE-478E-9289-D6967FEAA157}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{0652B8C7-A8A2-406A-B986-A7D8A574EDC9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A596140F-B429-4A6A-B3BF-D3DA04CD3C8E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{1205D43A-9244-4932-90C9-ABEB976C8974}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{7A767EC9-135A-4C21-9BD9-E195385839A3}"= UDP:3703:Adobe Version Cue CS3 Server

"{412C56DD-1D26-4ABD-A7BE-50D035A76CF4}"= UDP:3704:Adobe Version Cue CS3 Server

"{EF370A4D-2E5E-42E5-8CC6-C61E4EA71E25}"= UDP:50900:Adobe Version Cue CS3 Server

"{0A95615A-DDF8-4D65-9C80-1650AD3F7A94}"= UDP:50901:Adobe Version Cue CS3 Server

"{508F5558-0297-4EE5-8E02-3DE546A14AA1}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{F1DCCD97-6002-43E4-8566-3BE3B269D3CD}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{BD76C6BF-564C-48EA-8C8B-DC1A47A2C31C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6A2D95B5-4433-428C-A771-8AFEA2E29B62}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance

"{E78BCDD2-4F54-4970-989E-44BBD4D6F227}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance

"{AC347381-6E34-42E8-AFE7-40F0B8504154}"= UDP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program

"{7ED5374E-2742-4A8C-8167-F3089AC1617F}"= TCP:c:\program files\Home Cinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program

"{30D25247-E27E-4CEF-B886-4E6B095AF513}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{321E005B-C01F-4BD3-92EB-46CEDF1C0F3C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{75790D75-C0AC-4DF1-A4A8-E0C5D785B577}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{39155FAB-CBBC-43E5-8A71-57DC64EA6C5C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{B462A909-998B-4904-BD6C-346DFD0D2DBA}g:\\setup.exe"= UDP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE

"UDP Query User{58FFB052-D9F9-4CF9-AA47-D05D11659239}g:\\setup.exe"= TCP:G:\setup.exe:Installationsprogramm für Kaspersky Security Suite CBE

"TCP Query User{9265FC8E-A492-4B2A-8B55-3A51496A748C}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009

"UDP Query User{F6A7CFCA-32CA-4CD1-BD15-A9893C72A87D}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\german\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe:Installationsprogramm für Kaspersky Internet Security 2009

"{92449402-1EEF-4E31-808D-28BB95A6D951}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0

"{3F64D3B3-9B33-4BF9-B3BF-A2D9F9126E14}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{62CB650F-0AFF-47BB-A528-84B88EA73B38}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{76935FFF-F657-49D5-BB00-6825BBB1161F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{FFC4C218-8E04-49A7-8CC6-B74DC951835E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
 

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [20.05.2008 03:58 39472]

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [19.01.2009 14:57 64160]

R0 lfsfilt;Lean File Sharing;c:\windows\System32\drivers\lfsfilt.sys [11.06.2008 16:59 254440]

R0 lpx;LPX Protocol;c:\windows\System32\drivers\lpx.sys [29.06.2007 17:32 62056]

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\System32\drivers\xfilt.sys [18.10.2006 18:39 17920]

R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\System32\drivers\dslmnlwf.sys [06.01.2008 15:35 16448]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [16.10.2007 12:05 20496]

R1 ndasfat;NDAS FAT;c:\windows\System32\drivers\ndasfat.sys [11.06.2008 16:59 372584]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [15.05.2008 12:07 61424]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [30.04.2008 01:15 1153368]

R2 SynoDrService;SynoDrService;c:\program files\Synology Data Replicator  3\SynoDrService.exe [06.08.2007 20:36 557056]

R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [29.08.2008 08:29 185640]

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10.12.2008 10:49 185640]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [14.06.2008 15:02 282709]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [14.06.2008 15:02 122971]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [04.07.2008 12:52 14336]

R2 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [09.05.2008 21:05 1650781]

R3 ndasbus;NDAS Bus Driver;c:\windows\System32\drivers\ndasbus.sys [29.06.2007 17:32 75880]

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [05.02.2007 10:26 247808]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [03.04.2007 11:43 1131136]

R3 TDslMgrService;DSL-Manager;c:\program files\T-Online\DSL-Manager\DslMgrSvc.exe [05.04.2008 13:23 294912]

R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [07.01.2008 10:37 25088]

R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [25.12.2007 15:30 13976]

S2 gupdate1c9e39a101dcf54;gupdate1c9e39a101dcf54;c:\program files\Google\Update\GoogleUpdate.exe [02.06.2009 17:51 133104]

S3 Apache2.2;Apache2.2;c:\apache\bin\httpd.exe [13.06.2008 04:05 24635]

S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\System32\drivers\DslTestSp5.sys [28.02.2008 19:12 26816]

S3 EthDriver;D-Link DGE-528T Vista 32-bit Driver;c:\windows\System32\drivers\DLKRT32.sys [30.09.2008 00:02 70144]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456]

S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [06.01.2008 15:34 17536]

S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\System32\drivers\ndasscsi.sys [29.06.2007 17:32 187368]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\System32\drivers\s816bus.sys [04.04.2008 15:17 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\System32\drivers\s816mdfl.sys [04.04.2008 15:17 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\System32\drivers\s816mdm.sys [04.04.2008 15:17 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s816mgmt.sys [04.04.2008 15:19 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\System32\drivers\s816nd5.sys [04.04.2008 15:18 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\System32\drivers\s816obex.sys [04.04.2008 15:19 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\System32\drivers\s816unic.sys [04.04.2008 15:20 97704]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Inhalt des "geplante Tasks" Ordners
 

2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 12:48]
 

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
 

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 15:51]
 

2009-07-10 c:\windows\Tasks\User_Feed_Synchronization-{F1DE92C9-40E6-4C13-B057-1C1AD2DF7FFE}.job

- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.t-online.de/

uInternet Settings,ProxyOverride = *.local

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\

FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de

FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=

FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\refractor@developer.mozilla.org\components\prism.dll

FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll

FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - plugin: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbvzml8l.Standard-Benutzer\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-10 22:26

Windows 6.0.6001 Service Pack 1 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]

"ImagePath"="c:\mysql\bin\mysqld-nt MySQL"
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-952325796-3084994041-2608643616-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DC93F53-B7D7-866F-77D6-76A33C78FACA}*]

"gaakomjbdaejdn"=hex:63,61,64,67,6b,6d,00,77
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'lsass.exe'(1172)

c:\windows\system32\relog_ap.dll
 

- - - - - - - > 'Explorer.exe'(11776)

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\T-Online\DSL-Manager\Deskband.dll

c:\windows\system32\BsLangInDepRes.dll

c:\windows\system32\Bs2Res.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe

c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Logishrd\LVCOMSER\LVComSer.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\mysql\bin\mysqld-nt.exe

c:\program files\NDAS\System\ndassvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\System32\IoctlSvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\program files\VMware\VMware Server\vmware-authd.exe

c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

c:\windows\System32\vmnat.exe

c:\windows\System32\VSSVC.exe

c:\progra~1\COMMON~1\X10\Common\X10nets.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\vmnetdhcp.exe

c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe

c:\windows\System32\conime.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2009-07-10 22:46 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2009-07-10 20:46

ComboFix2.txt  2009-07-09 19:37
 

Vor Suchlauf: 8.441.098.240 Bytes frei

Nach Suchlauf: 8.288.772.096 Bytes frei
 

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,44

456        --- E O F ---        2009-06-30 06:02

Alle Zeitangaben in WEZ +1. Es ist jetzt 14:20 Uhr.

Seite 1 von 4

Letzte »

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19