Trojaner-Board - Google öffnet keine Links / Log gepostet

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Google öffnet keine Links / Log gepostet (https://www.trojaner-board.de/59585-google-oeffnet-keine-links-log-gepostet.html)

The Sandman

10.09.2008 10:15

Google öffnet keine Links / Log gepostet

Ich habe das Problem wie andere hier auch, dass wenn ich einen Link nach einer Google Suche anklicke er mich auf bediddle oder andere Werbeseiten umleitet. Ich kenne mich nicht sonderlich aus, habe aber hier gelesen das man das HijackThis Programm runterladen soll und sein Log posten soll. Links lassen sich von diesem Biard hier z.b. nur noch mit Internet Explorer und nicht mit Mozilla öffnen ...

Kann mir jemand " in Laiensprache " helfen ?

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:46:15, on 10.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programme\ICQ6Toolbar\ICQ Service.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\snmp.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Programme\Winamp\winampa.exe

C:\USBStorage\USBDetector.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\Programme\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\system32\hphmon04.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe

C:\WINDOWS\system32\drivers\svchost.exe

C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Programme\Alice\signup\AliceCnn.exe

C:\Programme\Mozilla Firefox\firefox.exe

c:\programme\antivir personaledition classic\avcenter.exe

C:\Programme\AntiVir PersonalEdition Classic\avscan.exe

C:\PROGRA~1\FlashGet\flashget.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfmusik.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll (file missing)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BEC9AD-5623-4615-B0F7-432E1CFEA640}: NameServer = 62.109.123.197 213.191.74.19

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
 

--

End of file - 12515 bytes

myrtille

10.09.2008 14:20

Hi,

arbeite bitte die Anleitung zu Malwarebytes ab und lasse alle Funde löschen. Poste den Bericht anschließend hier.

lg myrtille

The Sandman

10.09.2008 14:46

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1136
Windows 5.1.2600 Service Pack 2

10.09.2008 15:40:57
mbam-log-2008-09-10 (15-40-57).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 193361
Laufzeit: 2 hour(s), 5 minute(s), 5 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.

myrtille

10.09.2008 14:48

Hi,

starte deinen Rechner bitte neu und erstelle anschließend ein Log mit RSIT. Es werden 2 Dateien erstellt (log.txt und info.txt). Poste den Inhalt beider Dateien hier.

lg myrtille

The Sandman

10.09.2008 15:13

log Teil 1

Code:

Logfile of random's system information tool (written by random/random)

Run by XXX at 2008-09-10 16:00:57

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 19 GB (25%) free of 76 GB

Total RAM: 2047 MB (73% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:01:02, on 10.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programme\ICQ6Toolbar\ICQ Service.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\snmp.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Programme\Winamp\winampa.exe

C:\USBStorage\USBDetector.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\Programme\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe

C:\Programme\Alice\Signup\AliceCnn.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Dokumente und Einstellungen\XXX\Desktop\RSIT.exe

C:\Programme\Trend Micro\HijackThis\XXX.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfmusik.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll (file missing)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BEC9AD-5623-4615-B0F7-432E1CFEA640}: NameServer = 62.109.123.197 213.191.74.19

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
 

--

End of file - 12320 bytes
 

Scheduled tasks folder
 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 

Registry dump
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

FGCatchUrl - C:\PROGRA~1\FlashGet\jccatch.dll [2007-06-28 94308]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}]

Skype Control Class - C:\WINDOWS\system32\SkypeComm.dll []
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

FlashGet GetFlash Class - C:\Programme\FlashGet\getflash.dll [2007-05-18 163840]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

{4180A6C9-26D0-4A15-A2CD-A24E3178E386} - T1 - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll [2005-10-11 988672]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"=C:\Programme\Winamp\winampa.exe [2004-12-20 33792]

"USBDetector"=C:\USBStorage\USBDetector.exe [2003-04-01 53248]

"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2006-11-23 180269]

"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

"Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2007-06-29 286720]

"nwiz"=C:\WINDOWS\system32\nwiz.exe [2005-07-08 1519616]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-08 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656]

"nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240]

"HPHUPD04"=C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-11-22 49152]

"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]

"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]

"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]

"Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]

"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

"NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe []

"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]

"LightScribe Control Panel"=C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

C:\PROGRA~1\FlashGet\flashget.exe [2007-07-23 1994800]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

C:\Programme\ICQ6\ICQ.exe [2008-05-18 172280]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

C:\Programme\ICQLite\ICQLite.exe -minimize []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
 

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"

"C:\Programme\Java\jre1.5.0_05\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_05\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"

"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"

"C:\Programme\g3torrent\g3torrent.exe"="C:\Programme\g3torrent\g3torrent.exe:*:Enabled:g3torrent"

"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Programme\Java\jre1.5.0_06\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"

"C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe"="C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe:*:Enabled:Mediator"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe:*:Enabled:TM Engine"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe:*:Enabled:LEXAPI server"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe:*:Enabled:Text processing"

"C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"

"C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

"C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint"

"C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe"="C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe:*:Enabled:SynacastPE"

"C:\Programme\PPLive\PPLive.exe"="C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive"

"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast"

"C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE"="C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel"

"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts"

"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"

"C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SopCast\adv\SopAdver.exe"="C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver"

"C:\Programme\MaxTV Online\maxtv.exe"="C:\Programme\MaxTV Online\maxtv.exe:*:Enabled:maxtv"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Programme\FlashGet\flashget.exe"="C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget"

"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"

"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

shell\AutoRun\command - H:\wd_windows_tools\setup.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

shell\AutoRun\command - I:\AutoRun\AutoRun.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b097d30c-4caf-11dc-8b29-00040e3dc4b5}]

shell\AutoRun\command - H:\wd_windows_tools\setup.exe

The Sandman

10.09.2008 15:14

log Teil 2

Code:

List of files/folders created in the last three months
 

2008-09-10 16:00:57 ----D---- C:\rsit

2008-09-10 13:32:48 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes

2008-09-10 13:32:44 ----D---- C:\Programme\Malwarebytes' Anti-Malware

2008-09-10 13:32:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-09-10 11:45:28 ----D---- C:\Programme\Trend Micro

2008-09-09 21:16:21 ----A---- C:\WINDOWS\system32\tdsspopup.dll

2008-08-20 01:31:43 ----D---- C:\Programme\Free M4a to MP3 Converter

2008-07-22 13:48:49 ----A---- C:\WINDOWS\NeroDigital.ini

2008-07-21 17:57:02 ----D---- C:\Programme\Gemeinsame Dateien\SureThing Shared

2008-07-21 17:56:57 ----D---- C:\Programme\SureThing CD Labeler 5

2008-07-21 17:43:07 ----D---- C:\Programme\LightScribe

2008-07-21 15:11:06 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Nero

2008-07-21 15:10:45 ----A---- C:\WINDOWS\system32\MsiExec.exe.log

2008-07-21 15:09:11 ----D---- C:\Programme\Nero

2008-07-21 15:09:11 ----D---- C:\Programme\Gemeinsame Dateien\Nero

2008-07-21 15:09:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero

2008-07-21 12:27:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe

2008-07-21 12:23:33 ----D---- C:\Programme\Gemeinsame Dateien\LightScribe

2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Ulead Systems

2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

2008-07-19 21:01:04 ----D---- C:\WINDOWS\Noslip

2008-07-10 14:42:10 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Teleca

2008-07-10 14:40:29 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Sony Ericsson

2008-07-10 14:40:18 ----D---- C:\Programme\Gemeinsame Dateien\Sony Ericsson Shared

2008-07-10 14:40:16 ----D---- C:\Programme\Gemeinsame Dateien\Teleca Shared

2008-07-10 14:40:15 ----D---- C:\Programme\Sony Ericsson

2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca

2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson

2008-07-10 14:33:29 ----D---- C:\Programme\Sony

2008-07-08 23:35:09 ----D---- C:\Programme\Allok Video to 3GP Converter

2008-07-08 23:35:09 ----A---- C:\WINDOWS\system32\AVEQ.dll

2008-07-04 13:24:14 ----D---- C:\Programme\ICQ6Toolbar

2008-07-04 13:24:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

2008-07-04 13:20:14 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\ICQ

2008-07-04 13:19:43 ----D---- C:\Programme\ICQ6

2008-06-24 21:02:33 ----D---- C:\Programme\Audiograbber

2008-06-24 16:06:56 ----A---- C:\WINDOWS\UNNeroMediaHome.exe
 

List of drivers
 

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-11-05 82380]

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-17 45376]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-05-25 5632]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]

R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]

R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

R3 AVMUNET;AVM FRITZ! Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-03-11 16384]

R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-26 47360]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]

S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]

S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 275200]

S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 DIGIRPS;Digi PortServer-Treiber; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-18 42880]

S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]

S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]

S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]

S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276]

S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]

S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]

S3 dtscsi;dtscsi; C:\WINDOWS\system32\System32\Drivers\dtscsi.sys []

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 huadio;huadio; \??\c:\huadio.tmp []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNMp50.sys []

S3 PDNSp50;PDNSp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNSp50.sys []

S3 pfsvgae;pfsvgae; \??\C:\DOKUME~1\DOMINI~1\LOKALE~1\Temp\pfsvgae.sys []

S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]

S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfnth.sys []

S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfntr.sys []

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WMIBIOS;%WMIBIOS.ServiceName%; C:\WINDOWS\System32\Drivers\wmibios.sys [2002-10-15 18272]

S3 WMIINFO;WMIINFO Driver; C:\WINDOWS\System32\Drivers\wmiinfo.sys [2002-05-13 21184]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
 

List of services
 

R2 AntiVirScheduler;AntiVir Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865]

R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-08-15 149761]

R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543]

R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2008-06-09 73728]

R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]

R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653]

R2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313]

R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-30 66872]

R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2004-08-04 32768]

S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-11-19 69632]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-23 654848]

S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]

S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]

S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]

S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]

S3 stllssvr;stllssvr; C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe [2007-06-14 74656]

S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
 

-----------------EOF-----------------

The Sandman

10.09.2008 15:15

info

Code:

info.txt logfile of random's system information tool 2008-09-10 16:01:04
 

Uninstall list
 

            -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ace DivX Player-->"C:\Programme\GustoSoft\Ace DivX Player\Uninstall.exe"

Adobe Acrobat 7.0.9 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}

Adobe Reader 6.0.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A00000000001}

Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}

Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

AFPL Ghostscript 8.51-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.51\uninstal.txt"

AFPL Ghostscript Fonts-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"

AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}

Alice-Installationsdateien entfernen-->C:\Programme\Gemeinsame Dateien\Alice\uninst.exe

Allok Video to 3GP Converter 2.7.2-->"C:\Programme\Allok Video to 3GP Converter\unins000.exe"

Amadis AVI/DIVX/WMV/MPEG/MOV/SWF/FLV/MKV/RM/RMVB Video Converte-->"C:\Programme\Amadis Software\Amadis Video Converter\unins000.exe"

AOL Meine Fotos Bildschirmschoner-->C:\Programme\Gemeinsame Dateien\AOL\Screensaver\uninst_ygpss.exe

Apex AVI Converter 6.27-->"C:\Programme\Apex\Apex AVI Converter\unins000.exe"

Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

Audiograbber 1.83 SE -->"C:\Programme\Audiograbber\Uninstall.exe"

AudioRecorder-->C:\AudioSuite\AudioRecorder\UninstalAR.exe

Avira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

BioShock Demo-->C:\Programme\InstallShield Installation Information\{36BBA884-C697-48B6-B496-5F329215E249}\setup.exe -runfromtemp -l0x0007 -removeonly

BlackSite: Area 51-->C:\Programme\InstallShield Installation Information\{8236D2E9-2528-4C5C-ABA3-E0B8B657A297}\Setup.exe -runfromtemp -l0x0007 -removeonly

CDRWIN 6.1-->MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}

CloneDVD 4.1.0.23-->"C:\Programme\CloneDVD\unins000.exe"

Combined Community Codec Pack 2007-07-22-->"C:\Programme\Combined Community Codec Pack\unins000.exe"

CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}

Crysis(R) SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}

Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}

Disc2Phone-->MsiExec.exe /X{925936AC-9C9A-4897-874B-60961AAB6D52}

DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER

DVD Shrink 3.2-->"C:\Programme\DVD Shrink\unins000.exe"

DVDFab Platinum 4.0.5.5 Ghosthunter release-->"C:\Programme\DVDFab Platinum 4\unins000.exe"

DVD-lab PRO 2.0-->"C:\Programme\DVDlabPro2\unins000.exe"

EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}

EuroPoker (remove only)-->"C:\Programme\EuroPoker\uninstall.exe"

FEAR-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9  /zU -removeonly

FFdshow [2006-08-21 | rev 2546]-->"C:\Programme\ffdshow\unins000.exe"

FIFA 08 Demo-->MsiExec.exe /X{7D1928D2-26FA-45FA-A4DD-A876D7293818}

Firebird SQL Server (D)-->C:\MAGIX\Common\Database\uninstall.exe

FlashGet 1.9.2.1028-->C:\Programme\FlashGet\uninst.exe

FLV Player 1.3.3-->"C:\Programme\FLVPlayer\uninstall.exe"

Free M4a to MP3 Converter 6.0-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe"

HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

HP Photo and Imaging 2.0 - Photosmart Printer Series-->MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}

HP Speicher-Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}

ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe

ICQ6-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

ImageConverter Plus 7.1-->"C:\Programme\ImageConverter Plus\unins000.exe"

ImageConverter-->"C:\Programme\TotalImageConverter\unins000.exe"

IsoBuster 1.7-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"

J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

jetAudio Basic VX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9  -removeonly

K-Lite Codec Pack 2.49 Full-->"C:\Programme\K-Lite Codec Pack\unins000.exe"

Langenscheidt T1 6.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{57EB87EF-23DF-4A76-9B90-FD7B53E1C6CE}\Setup.exe" -l0x7 UNINSTALL

Learn2 Player (Uninstall Only)-->C:\Programme\Learn2.com\StRunner\stuninst.exe

LightScribe Applications-->MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}

LightScribe System Software  1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}

LimeWire 4.12.11-->"C:\Programme\LimeWire\uninstall.exe"

MAGIX Foto Manager-->C:\MAGIX\Foto_Manager\instslct.exe

MAGIX Media Manager 2004 silver-->C:\MAGIX\Media_Manager_2004\instslct.exe

MAGIX mp3 maker centurion-->C:\MAGIX\mp3_maker_centurion\instslct.exe

MAGIX Music Manager-->C:\MAGIX\Music_Manager\instslct.exe

MAGIX Online Druck Service-->C:\PROGRA~1\MAGIXO~1\\UNWISE.EXE C:\PROGRA~1\MAGIXO~1\\INSTALL.LOG

Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"

MasterSplitter Program-->C:\Program Files\MasterSplitter\uninstal.exe

MaxTV Online-->"C:\WINDOWS\MaxTV Online\uninstall.exe" "/U:C:\Programme\MaxTV Online\Uninstall\uninstall.xml"

Medal of Honor Airborne Demo-->MsiExec.exe /X{25F28E36-FDBB-11DB-8314-0800200C9A66}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Miranda IM-->C:\Programme\Miranda IM\uninstall.exe

MKV TO AVI CONVERTER version 3.1-->"C:\Programme\MKVTOAVI\unins000.exe"

Mozilla Firefox (3.0.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP

Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NewLive All Media To Mp3 Converter 5.3-->"C:\Programme\NewLive All Media To Mp3 Converter\unins000.exe"

NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1031 

Opera-->C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log

PartyPokerNet-->"C:\Programme\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Programme\PartyGaming.Net\PartyPokerNet\install.log"

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

Pdf995-->C:\Programme\pdf995\setup.exe uninstall

Photosmart 130,230,7150,7345,7350,7550 (nur entfernen)-->C:\Programme\HP Photosmart 11\Printer\hphuni04.exe

PokerStars.net-->C:\Programme\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"

PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall

PPLive 1.2.35-->C:\Programme\PPLive\uninst.exe

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

Real Alternative 1.45-->"C:\Programme\Real Alternative\unins000.exe"

RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x7  -removeonly

Satellite TV for PC Elite 4.8.8.0 -->C:\WINDOWS\uninstall\Satellite TV for PC Elite\setup.exe

Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}

Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}

Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall

Sony Ericsson PC Suite-->MsiExec.exe /I{D59AC9E9-FFAE-471B-B1FF-4B311D23417A}

SopCast 0.9.8-->C:\Programme\SopCast\uninst.exe

SureThing CD Labeler LightScribe 5.0.581.0-->"C:\Programme\SureThing CD Labeler 5\unins000.exe"

SWiSH Max2-->C:\WINDOWS\unvise32.exe C:\Programme\SWiSH Max2\uninstal.log

Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}

TubeBox!-->MsiExec.exe /I{FD637CD9-B3F7-4F3C-BF07-5991A82FE2CC}

TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG

TVUPlayer 2.3.3.2-->C:\Programme\TVUPlayer\uninst.exe

Ulead GIF Animator 5 ESD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" 

Ultra DVD Creator 1.7.9-->"C:\Programme\Ultra DVD Creator\unins000.exe"

Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

USB Storage Driver-->DelUIDrv.exe

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VideoLAN VLC media player 0.8.5-->C:\Programme\VideoLAN\VLC\uninstall.exe

Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Vodei Multimedia Processor 2.00-->C:\Programme\Vodei\uninst.exe

Winamp (remove only)-->"C:\Programme\Winamp\UninstWA.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Junglebook Compatiblity Fix-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{659660d0-edb3-4afb-be92-7ea22a0cae65}.sdb"

Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP-Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP-Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

Windows XP-Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x7  -removeonly

WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe

x264 Revision 567 x264.nl (remove only)-->"C:\Programme\x264\x264-uninstall.exe"

XVid;-)-->C:\Programme\XVid;-)\Uninstall.exe

YouTube FLV to AVI easy converter 2.1.3-->"C:\Programme\Easiestutils\YouTube FLV to AVI easy converter\unins000.exe"
 

Security center information
 

AV: AntiVir PersonalEdition Classic Virenschutz (disabled)

AV: AntiVir PersonalEdition Classic Virenschutz (disabled)

AV: AntiVir PersonalEdition Classic Virenschutz

AV: AntiVir PersonalEdition Classic Virenschutz

AV: AntiVir PersonalEdition Classic Virenschutz (disabled)

AV: Avira AntiVir PersonalEdition

AV: AntiVir PersonalEdition Classic Virenschutz

AV: AntiVir PersonalEdition Classic Virenschutz (disabled)

FW: NVIDIA Firewall (disabled)
 

Environment variables
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ImageConverter Plus;;C:\Programme\Samsung\Samsung PC Studio 3\;C:\Programme\Gemeinsame Dateien\Teleca Shared

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=2701

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"MAYA_SCRIPT_PATH"=

"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip

"QTJAVA"=C:\Programme\Java\jre1.6.0_02\lib\ext\QTJava.zip
 

-----------------EOF-----------------

myrtille

10.09.2008 15:26

Hi,
mache bitte folgendes:
Anleitung Avenger (by swandog46) Lade dir das Tool Avenger und speichere es auf dem Desktop:

Doppelklick auf das Avenger-Symbol http://saved.im/mzi3ntr4adf5/trert.jpg

Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code:

 drivers to disable: 

TDSSserv.sys

drivers to delete:

tdssserv.sys

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys

http://saved.im/mzi3ndg3nta0/aven.jpg

Schliesse nun alle Programme und Browser-Fenster

Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet

Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Wie gehts dem Rechner?

lg myrtille

The Sandman

10.09.2008 15:36

Code:

Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com
 

Platform:  Windows XP
 

*******************
 

Script file opened successfully.

Script file read successfully.
 

Backups directory opened successfully at C:\Avenger
 

*******************
 

Beginning to process script file:
 

Rootkit scan active.

No rootkits found!
 
 

Error:  could not open driver "TDSSserv.sys"

Disablement of driver "TDSSserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 
 

Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\tdssserv.sys" not found!

Deletion of driver "tdssserv.sys" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

  --> the object does not exist
 

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys" deleted successfully.

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys" deleted successfully.
 

Completed script processing.
 

*******************
 

Finished!  Terminate.

myrtille

10.09.2008 15:44

Hi,

das sieht soweit eigentlich alles ganz gut aus. :) Wie gehts deinem Rechner?
Erstell bitte nochmal ein neues Log mit RSIT (log.txt sollte ausreichen.)

lg myrtille

The Sandman

10.09.2008 15:48

log Teil1

Code:

Logfile of random's system information tool (written by random/random)

Run by XXX at 2008-09-10 16:44:54

Microsoft Windows XP Home Edition Service Pack 2

System drive C: has 19 GB (25%) free of 76 GB

Total RAM: 2047 MB (76% free)
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:44:59, on 10.09.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programme\ICQ6Toolbar\ICQ Service.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\snmp.exe

C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programme\Winamp\winampa.exe

C:\USBStorage\USBDetector.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\Programme\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe

C:\WINDOWS\system32\hphmon04.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe

C:\Programme\Alice\Signup\AliceCnn.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Dokumente und Einstellungen\XXX\Eigene Dateien\VIREN\RSIT.exe

C:\Programme\Trend Micro\HijackThis\XXX.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfmusik.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://alice.aol.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll (file missing)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?

O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{A0BEC9AD-5623-4615-B0F7-432E1CFEA640}: NameServer = 62.109.123.197 213.191.74.19

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
 

--

End of file - 12366 bytes
 

Scheduled tasks folder
 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 

Registry dump
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

FGCatchUrl - C:\PROGRA~1\FlashGet\jccatch.dll [2007-06-28 94308]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}]

Skype Control Class - C:\WINDOWS\system32\SkypeComm.dll []
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

FlashGet GetFlash Class - C:\Programme\FlashGet\getflash.dll [2007-05-18 163840]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

{4180A6C9-26D0-4A15-A2CD-A24E3178E386} - T1 - C:\PROGRA~1\LANGEN~1\Engine\mte\StdAlone\T1IE.dll [2005-10-11 988672]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"WinampAgent"=C:\Programme\Winamp\winampa.exe [2004-12-20 33792]

"USBDetector"=C:\USBStorage\USBDetector.exe [2003-04-01 53248]

"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2006-11-23 180269]

"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

"Share-to-Web Namespace Daemon"=C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2007-06-29 286720]

"nwiz"=C:\WINDOWS\system32\nwiz.exe [2005-07-08 1519616]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-08 86016]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656]

"nTrayFw"=C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe [2004-10-05 266240]

"HPHUPD04"=C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [2002-11-22 49152]

"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]

"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]

"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]

"Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]

"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

"NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe []

"updateMgr"=C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]

"LightScribe Control Panel"=C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]

C:\PROGRA~1\FlashGet\flashget.exe [2007-07-23 1994800]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

C:\Programme\ICQ6\ICQ.exe [2008-08-24 173304]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]

C:\Programme\ICQLite\ICQLite.exe -minimize []
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
 

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"

"C:\Programme\Java\jre1.5.0_05\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_05\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"

"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"

"C:\Programme\g3torrent\g3torrent.exe"="C:\Programme\g3torrent\g3torrent.exe:*:Enabled:g3torrent"

"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL"

"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Programme\Java\jre1.5.0_06\bin\javaw.exe"="C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"

"C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe"="C:\Programme\MatchWare\Mediator 8.0 Exp\medi8or.exe:*:Enabled:Mediator"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\tmengine.exe:*:Enabled:TM Engine"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\lexAPI.exe:*:Enabled:LEXAPI server"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone"

"C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe"="C:\Programme\Langenscheidt T1 6_0\Engine\mte\bin\engine.exe:*:Enabled:Text processing"

"C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"

"C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

"C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE"="C:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE:*:Enabled:Microsoft Office PowerPoint"

"C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe"="C:\Programme\Gemeinsame Dateien\Synacast\SynaLive\PE.exe:*:Enabled:SynacastPE"

"C:\Programme\PPLive\PPLive.exe"="C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive"

"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast"

"C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE"="C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel"

"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\Programme\TVAnts\Tvants.exe"="C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts"

"C:\Programme\TVUPlayer\TVUPlayer.exe"="C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"

"C:\Dokumente und Einstellungen\Dominik Rudloff\Anwendungsdaten\SopCast\adv\SopAdver.exe"="C:\Dokumente und Einstellungen\Dominik Rudloff\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopAdver"

"C:\Programme\MaxTV Online\maxtv.exe"="C:\Programme\MaxTV Online\maxtv.exe:*:Enabled:maxtv"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Programme\FlashGet\flashget.exe"="C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget"

"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"

"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

shell\AutoRun\command - H:\wd_windows_tools\setup.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

shell\AutoRun\command - I:\AutoRun\AutoRun.exe

The Sandman

10.09.2008 15:50

log Teil2

Code:

List of files/folders created in the last three months
 

2008-09-10 16:33:39 ----D---- C:\Avenger

2008-09-10 16:33:39 ----A---- C:\avenger.txt

2008-09-10 16:00:57 ----D---- C:\rsit

2008-09-10 13:32:48 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes

2008-09-10 13:32:44 ----D---- C:\Programme\Malwarebytes' Anti-Malware

2008-09-10 13:32:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2008-09-10 11:45:28 ----D---- C:\Programme\Trend Micro

2008-09-09 21:16:21 ----A---- C:\WINDOWS\system32\tdsspopup.dll

2008-08-20 01:31:43 ----D---- C:\Programme\Free M4a to MP3 Converter

2008-07-22 13:48:49 ----A---- C:\WINDOWS\NeroDigital.ini

2008-07-21 17:57:02 ----D---- C:\Programme\Gemeinsame Dateien\SureThing Shared

2008-07-21 17:56:57 ----D---- C:\Programme\SureThing CD Labeler 5

2008-07-21 17:43:07 ----D---- C:\Programme\LightScribe

2008-07-21 15:11:06 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Nero

2008-07-21 15:10:45 ----A---- C:\WINDOWS\system32\MsiExec.exe.log

2008-07-21 15:09:11 ----D---- C:\Programme\Nero

2008-07-21 15:09:11 ----D---- C:\Programme\Gemeinsame Dateien\Nero

2008-07-21 15:09:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero

2008-07-21 12:27:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe

2008-07-21 12:23:33 ----D---- C:\Programme\Gemeinsame Dateien\LightScribe

2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Ulead Systems

2008-07-19 21:01:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems

2008-07-19 21:01:04 ----D---- C:\WINDOWS\Noslip

2008-07-10 14:42:10 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Teleca

2008-07-10 14:40:29 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Sony Ericsson

2008-07-10 14:40:18 ----D---- C:\Programme\Gemeinsame Dateien\Sony Ericsson Shared

2008-07-10 14:40:16 ----D---- C:\Programme\Gemeinsame Dateien\Teleca Shared

2008-07-10 14:40:15 ----D---- C:\Programme\Sony Ericsson

2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca

2008-07-10 14:39:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson

2008-07-10 14:33:29 ----D---- C:\Programme\Sony

2008-07-08 23:35:09 ----D---- C:\Programme\Allok Video to 3GP Converter

2008-07-08 23:35:09 ----A---- C:\WINDOWS\system32\AVEQ.dll

2008-07-04 13:24:14 ----D---- C:\Programme\ICQ6Toolbar

2008-07-04 13:24:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

2008-07-04 13:20:14 ----D---- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\ICQ

2008-07-04 13:19:43 ----D---- C:\Programme\ICQ6

2008-06-24 21:02:33 ----D---- C:\Programme\Audiograbber

2008-06-24 16:06:56 ----A---- C:\WINDOWS\UNNeroMediaHome.exe
 

List of drivers
 

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-11-05 82380]

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2008-07-17 45376]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-05-25 5632]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []

R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]

R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]

R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]

R3 AVMUNET;AVM FRITZ! Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2004-03-11 16384]

R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]

R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-10-05 33280]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-10-05 12928]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-26 47360]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]

S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]

S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 275200]

S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]

S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 DIGIRPS;Digi PortServer-Treiber; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-18 42880]

S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]

S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]

S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]

S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276]

S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]

S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]

S3 dtscsi;dtscsi; C:\WINDOWS\system32\System32\Drivers\dtscsi.sys []

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 huadio;huadio; \??\c:\huadio.tmp []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 PDNMp50;PDNMp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNMp50.sys []

S3 PDNSp50;PDNSp50 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\PDNSp50.sys []

S3 pfsvgae;pfsvgae; \??\C:\DOKUME~1\DOMINI~1\LOKALE~1\Temp\pfsvgae.sys []

S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]

S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]

S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]

S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]

S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]

S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfnth.sys []

S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\system32\System32\Drivers\vulfntr.sys []

S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

S3 WMIBIOS;%WMIBIOS.ServiceName%; C:\WINDOWS\System32\Drivers\wmibios.sys [2002-10-15 18272]

S3 WMIINFO;WMIINFO Driver; C:\WINDOWS\System32\Drivers\wmiinfo.sys [2002-05-13 21184]

S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
 

List of services
 

R2 AntiVirScheduler;AntiVir Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865]

R2 AntiVirService;AntiVir PersonalEdition Classic Service; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-08-15 149761]

R2 app_filter;app_filter; C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-10-05 126976]

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 ForcewareWebInterface;Forceware Web Interface; C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-08-10 20543]

R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2008-06-09 73728]

R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]

R2 nSvcIp;ForceWare IP service; C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe [2004-10-05 110653]

R2 nSvcLog;ForceWare user log service; C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe [2004-10-05 53313]

R2 NVSvc;WinFast(R) Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-30 66872]

R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2004-08-04 32768]

S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-11-19 69632]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\MAGIX\Common\Database\bin\fbserver.exe [2005-08-10 1527900]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-23 654848]

S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]

S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]

S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]

S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]

S3 stllssvr;stllssvr; C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe [2007-06-14 74656]

S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
 

-----------------EOF-----------------

Meinem Rechner geht es wieder bestens ! 1000 Dank an dich !:aplaus:

myrtille

10.09.2008 15:54

Hi,

da sind noch reste zu sehen. Die müssen noch weg. :)

Anleitung Avenger (by swandog46) Lade dir das Tool Avenger und speichere es auf dem Desktop:

Doppelklick auf das Avenger-Symbol http://saved.im/mzi3ntr4adf5/trert.jpg

Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code:

 files to delete:

C:\WINDOWS\system32\tdsspopup.dll

http://saved.im/mzi3ndg3nta0/aven.jpg

Schliesse nun alle Programme und Browser-Fenster

Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet

Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Sowie einige Scans auf Dateien, Prozesse und Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
nichts am Rechner getan werden
nach jedem Scan der Rechner neu gestartet werden

Gmer scannen lassen

Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
Starte gmer.exe. Alle anderen Programme sollen geschlossen sein.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
Füge das Log aus der Zwischenablage in deine Antwort hier ein.

RootkitRevealer scannen lassen

Lade RootkitRevealer runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programme\rootkitrevealer.
Starte in diesem Ordner RootkitRevealer.exe. Alle anderen Programme schließen.
Starte durch Klick auf "Scan".
Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern.

lg myrtille

The Sandman

10.09.2008 17:51

avenger

Code:

Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com
 

Platform:  Windows XP
 

*******************
 

Script file opened successfully.

Script file read successfully.
 

Backups directory opened successfully at C:\Avenger
 

*******************
 

Beginning to process script file:
 

Rootkit scan active.

No rootkits found!
 

File "C:\WINDOWS\system32\tdsspopup.dll" deleted successfully.
 

Completed script processing.
 

*******************
 

Finished!  Terminate.

gmer

Code:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-09-10 17:20:43

Windows 5.1.2600 Service Pack 2
 
 

---- System - GMER 1.0.14 ----
 

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwClose [0xBA6A2028]                                                                               <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwCreateKey [0xBA6A1FE0]                                                                           <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwCreatePagingFile [0xBA695B00]                                                                    <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwEnumerateKey [0xBA6965DC]                                                                        <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwEnumerateValueKey [0xBA6A2120]                                                                   <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwOpenFile [0xBA695B40]                                                                            <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwOpenKey [0xBA6A1FA4]                                                                             <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwQueryKey [0xBA6965FC]                                                                            <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwQueryValueKey [0xBA6A2076]                                                                       <-- ROOTKIT !!!

SSDT            a347bus.sys (Plug and Play BIOS Extension/ )                                                                 ZwSetSystemPowerState [0xBA6A1550]                                                                 <-- ROOTKIT !!!

SSDT            sptd.sys                                                                                                     ZwSetValueKey [0xBA6DA0EC]
 

---- Kernel code sections - GMER 1.0.14 ----
 

?               C:\WINDOWS\system32\drivers\sptd.sys                                                                         Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

?               C:\WINDOWS\System32\Drivers\SPTD8813.SYS                                                                     Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 

---- Kernel IAT/EAT - GMER 1.0.14 ----
 

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                           [BA6D5AD2] sptd.sys

IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                   [BA6D5C0E] sptd.sys

IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                          [BA6D5B96] sptd.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                  [BA6D676C] sptd.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                          [BA6D6642] sptd.sys

IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                           [BA6F8056] sptd.sys
 

---- Devices - GMER 1.0.14 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                       89E46788
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                       avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
 

Device          \FileSystem\Fastfat \FatCdrom                                                                                89C484B0

Device          \FileSystem\Fastfat \FatCdrom                                                                                89A24338

Device          \Driver\NetBT \Device\NetBT_Tcpip_{A2D02913-8E35-4FB1-BE5B-1D6CBAD095EF}                                     89C0DE48

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                       89E20350

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                       89E20350

Device          \Driver\Cdrom \Device\CdRom0                                                                                 89AD3248

Device          \FileSystem\Rdbss \Device\FsWrap                                                                             89A800E8

Device          \FileSystem\Rdbss \Device\FsWrap                                                                             89CF0150

Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                       89E20350

Device          \Driver\Cdrom \Device\CdRom2                                                                                 89AD3248

Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                       89E20350

Device          \Driver\USBSTOR \Device\00000074                                                                             89BA6278

Device          \Driver\Ftdisk \Device\HarddiskVolume5                                                                       89E20350

Device          \Driver\Cdrom \Device\CdRom3                                                                                 89AD3248

Device          \Driver\nvatabus \Device\00000068                                                                            89AD0658

Device          \Driver\USBSTOR \Device\00000076                                                                             89BA6278

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                      89C0DE48

Device          \Driver\USBSTOR \Device\00000077                                                                             89BA6278

Device          \Driver\USBSTOR \Device\00000079                                                                             89BA6278

Device          \Driver\NetBT \Device\NetbiosSmb                                                                             89C0DE48

Device          \FileSystem\Srv \Device\LanmanServer                                                                         890DC238

Device          \Driver\Disk \Device\Harddisk0\DR0                                                                           89E469C0

Device          \Driver\NetBT \Device\NetBT_Tcpip_{655FFFE1-939D-4AF3-A824-81F81B05B9CD}                                     89C0DE48

Device          \Driver\nvatabus \Device\0000006a                                                                            89AD0658

Device          \Driver\Disk \Device\Harddisk1\DR1                                                                           89E469C0

Device          \Driver\nvatabus \Device\0000006b                                                                            89AD0658

Device          \Driver\Disk \Device\Harddisk2\DR6                                                                           89E469C0

Device          \Driver\nvatabus \Device\NvAta0                                                                              89AD0658

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                            890CE0E8

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                            89C3BC40

Device          \Driver\nvatabus \Device\NvAta1                                                                              89AD0658

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                  890CE0E8

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                  89C3BC40

Device          \Driver\nvatabus \Device\NvAta2                                                                              89AD0658

Device          \FileSystem\Npfs \Device\NamedPipe                                                                           89AE02D0

Device          \FileSystem\Npfs \Device\NamedPipe                                                                           89C43FB0

Device          \Driver\Ftdisk \Device\FtControl                                                                             89E20350

Device          \FileSystem\Msfs \Device\Mailslot                                                                            89AE5B08

Device          \FileSystem\Msfs \Device\Mailslot                                                                            89B923D0

Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target1Lun0                                                 8957F690

Device          \Driver\a347scsi \Device\Scsi\a347scsi1                                                                      8957F690

Device          \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0                                                 8957F690

Device          \FileSystem\Fastfat \Fat                                                                                     89C484B0

Device          \FileSystem\Fastfat \Fat                                                                                     89A24338
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                     avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
 

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                           89BE3928

Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                            89BE3928

Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                89BE3928

Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                             89BE3928

Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                            89BE3928

Device          \FileSystem\Cdfs \Cdfs                                                                                       89AE50E8

Device          \FileSystem\Cdfs \Cdfs                                                                                       89BAA5A0
 

---- Services - GMER 1.0.14 ----
 

Service         system32\drivers\TDSSserv.sys (*** hidden *** )                                                              [SYSTEM] TDSSserv                                                                                  <-- ROOTKIT !!!
 

---- Registry - GMER 1.0.14 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40                                                

Reg             HKLM\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41                                                

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e@000a28aaedf7                     0xF3 0x2A 0x22 0x56 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e@001247160873                     0xA7 0x6C 0x76 0xB2 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a63362e@001df61070bd                     0xE7 0xCA 0x98 0x9A ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0                                                           1322431882

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                           821245233

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                           1571437667

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                           1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                             

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                          0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                       0xBA 0x7C 0xBB 0x01 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start                                                        1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type                                                         1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath                                                    \systemroot\system32\drivers\TDSSserv.sys

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e                                      

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e@000a28aaedf7                         0xF3 0x2A 0x22 0x56 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e@001247160873                         0xA7 0x6C 0x76 0xB2 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a63362e@001df61070bd                         0xE7 0xCA 0x98 0x9A ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                 

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                              0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                           0xBA 0x7C 0xBB 0x01 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\TDSSserv@start                                                            1

Reg             HKLM\SYSTEM\ControlSet002\Services\TDSSserv@type                                                             1

Reg             HKLM\SYSTEM\ControlSet002\Services\TDSSserv@imagepath                                                        \systemroot\system32\drivers\TDSSserv.sys

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName  Alcohol 120%

Reg             HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName                        Alcohol 120%
 

---- EOF - GMER 1.0.14 ----

Den Rootkit Revealer habe ich installiert und 1,5h scannen lassen und er zeigte dann nur noch links unten " cleaning up " an un es tat sich nichts mehr ... ???

myrtille

10.09.2008 17:59

Hi,

da ist RootkitRevealer wohl irgendwo hängen geblieben. Das gmer log sieht allerdings gut aus.

Hast du noch Probleme?

lg myrtille

The Sandman

10.09.2008 18:01

Ich bemerke keine Probleme im Moment ! Ich kann den Rootkit Revealer ja nochmal ausprobieren und wenn er funktioniert, nochmal hier was posten. Wäre es ratsam vielleicht noch mal den "Malwarebytes' Anti-Malware" laufen zu lassen ?

myrtille

10.09.2008 18:05

Hi,

Zitat:

Wäre es ratsam vielleicht noch mal den "Malwarebytes' Anti-Malware" laufen zu lassen ?

ja das wäre ratsam. :) Es ist mit sicherheit auch in Zukunft nicht falsch das Programm gelegentlich scannen zu lassen. (Update vorher nicht vergessen. ;) )

Wenn RootkitRevealer nicht läuft, dann kannst du es alternativ noch mit Blacklight.

lg myertille

The Sandman

10.09.2008 18:08

Also nochmal vielen Dank an dich ! Hast mir den Tag gerettet :D ! :dankeschoen::dankeschoen::dankeschoen:

dirk41

14.01.2009 16:22

Hallo.. ich glaube, dass ich exakt das selbe Problem habe, wie der sandmann...

kann mir da irgendwer helfen? Habe bereits versucht nach den Schritten die beschrieben worden sind, vorzugehen, weiß aber nicht, wo ich Malwarebytes herbekommen soll, da der Link nicht mehr funktioniert...

bitte um Hilfe

danke, danke

dirk41

Alle Zeitangaben in WEZ +1. Es ist jetzt 10:01 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131