Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC friert ein / Virenbefall? /Rootkit? (https://www.trojaner-board.de/80441-pc-friert-virenbefall-rootkit.html)

Nightshade2x 15.12.2009 23:09
PC friert ein / Virenbefall? /Rootkit?
 
Hallo liebe Leute...
Nach Stunden des Suchens, lesens und "probierens" kapituliere ich nun und eröffne doch mal neues Thema.

Zur Situation: Gesten fing mein PC an nach einiger Zeit nach und nach einzufrieren. Dabei ging es langsam los mit leichtem "hinterherziehen" der Fenster, bis hin zu "Echos" der Fenster, welche nicht verschwanden und den gesammten Bereich ausfüllten in dem ich das Fenster verschob. Dann kam nach 0,5-2 Minuten der komplette Hänger und ich konnte nurnoch die Maus bewegen.

HijackThis-Log von ca 21.00Uhr:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:24, on 14.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Microsoft IntelliType Pro\itype.exe
D:\programme\HHVcdV7Sys\VC7Play.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\ADVANC~1\wh_exec.exe
D:\Programme\Java\jre6\bin\jusched.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
E:\steam\steam.exe
D:\Programme\Sandboxie\SbieCtrl.exe
d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
d:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
d:\PROGRA~1\AVG\AVG8\avgrsx.exe
d:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
d:\Programme\Sandboxie\SbieSvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\programme\HHVcdV7Sys\VC7SecS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/software/flash/fl4about
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [itype] "D:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [VC7Player] D:\programme\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "D:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] d:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SandboxieControl] "d:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {28E2EDF1-2383-4BA9-9A8C-980D1414B3B0} (ctrlNev1.ctrlNev) - http://www.neveron.com/ctrlNev1.CAB
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - D:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - d:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - d:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - D:\programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10716 bytes


Ein Scan mit AVG und einer älteren Version von Spybot S&D führten zu nichts da die Suchläufe nicht beendet wurden. Dann kamen heute die neuen Versuche im Abgesicherten Modus...

AVG-Log:

Code:
AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.387
Virus Database: Version 270.14.107/2564  2009-12-14

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\edb.log Locked file. Not tested.
C:\WINDOWS\system32\CatRoot2\tmp.edb Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.
E:\System Volume Information\ Locked file. Not tested.
F:\System Volume Information\ Locked file. Not tested.
G:\System Volume Information\ Locked file. Not tested.
H:\System Volume Information\ Locked file. Not tested.
I:\System Volume Information\ Locked file. Not tested.
J:\System Volume Information\ Locked file. Not tested.
K:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned    : 1134278
Found infections    :    0
Found PUPs          :    0
Healed infections  :    0
Healed PUPs        :    0
Warnings            :    0
------------------------------------------------------------
seit dem werkele ich mich im Abgesicherten Modus duch die Programme, da hier das einfrieren nur SEEEHR selten vorkommt:

CCleaner wurde Benutzt, RSIT auch:

RSIT-Log von 16.00Uhr:

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-12-15 15:56:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (35%) free of 26 GB
Total RAM: 3582 MB (88% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:22, on 15.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\RSIT.exe
D:\programme\Trend Micro\HijackThis\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/software/flash/fl4about
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [itype] "D:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [VC7Player] D:\programme\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] d:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SandboxieControl] "d:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\programme\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {28E2EDF1-2383-4BA9-9A8C-980D1414B3B0} (ctrlNev1.ctrlNev) - http://www.neveron.com/ctrlNev1.CAB
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - D:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - D:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - d:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - d:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - D:\programme\HHVcdV7Sys\VC7SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9681 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - d:\Programme\AVG\AVG8\avgssie.dll [2009-12-14 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - d:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - d:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - d:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - d:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - d:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GEST"=C:\Program Files\GIGABYTE\GEST\RUN.exe [2007-12-14 236040]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"itype"=D:\Programme\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]
"VC7Player"=D:\programme\HHVcdV7Sys\VC7Play.exe [2005-03-02 233472]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"ZoneAlarm Client"=d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-18 981384]
"WheelMouse"=C:\ADVANC~1\wh_exec.exe [2007-11-10 98304]
"SunJavaUpdateSched"=d:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-06-20 155648]
"AVG8_TRAY"=d:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-14 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-06-01 15360]
"Steam"=e:\steam\steam.exe [2009-11-03 1217808]
"SandboxieControl"=d:\Programme\Sandboxie\SbieCtrl.exe [2009-09-30 387584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2005-09-24 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agamiyayiyohuy]
C:\WINDOWS\Ahajamolimari.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
D:\Programme\AGEIA Technologies\bin\TrayIcon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2008-06-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
d:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-14 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"d:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm"="d:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm:Enabled:GameExe2"
"d:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe"="d:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b046bc8f-6adc-11de-b10f-001d7d024b14}]
shell\AutoRun\command - O:\Menu.exe


======List of files/folders created in the last 1 months======

2009-12-15 15:56:16 ----D---- C:\rsit
2009-12-15 15:41:05 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Fuel Industries
2009-12-15 13:09:08 ----D---- d:\Programme\CCleaner
2009-12-14 15:26:07 ----HD---- C:\$AVG8.VAULT$
2009-12-14 14:47:08 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-14 14:46:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
2009-12-14 14:46:38 ----D---- d:\Programme\AVG
2009-12-14 14:46:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg8
2009-12-14 13:26:24 ----SHD---- C:\WINDOWS\CSC
2009-11-30 13:50:06 ----D---- d:\Programme\Freelancer Mod Manager
2009-11-23 21:24:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-23 21:24:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-23 21:24:15 ----A---- C:\WINDOWS\system32\java.exe
2009-11-18 02:18:03 ----A---- C:\WINDOWS\DIIUnin.exe

======List of files/folders modified in the last 1 months======

2009-12-15 15:52:19 ----D---- C:\WINDOWS\Internet Logs
2009-12-15 15:50:42 ----D---- C:\WINDOWS
2009-12-15 15:49:38 ----D---- C:\WINDOWS\Temp
2009-12-15 15:48:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-15 14:58:30 ----D---- d:\Programme\Mozilla Firefox
2009-12-15 13:21:27 ----D---- d:\Programme\Malwarebytes' Anti-Malware
2009-12-15 13:21:25 ----D---- C:\WINDOWS\system32\drivers
2009-12-15 13:10:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-12-15 13:09:55 ----D---- C:\WINDOWS\Minidump
2009-12-15 13:09:55 ----D---- C:\WINDOWS\Debug
2009-12-15 07:35:54 ----D---- C:\WINDOWS\system32
2009-12-14 21:46:18 ----D---- d:\Programme\Mozilla Thunderbird
2009-12-14 19:25:33 ----A---- C:\WINDOWS\BlendSettings.ini
2009-12-14 15:06:30 ----A---- C:\WINDOWS\win.ini
2009-12-14 14:23:21 ----D---- C:\WINDOWS\Prefetch
2009-12-14 13:12:51 ----A---- C:\WINDOWS\Sandboxie.ini
2009-12-14 12:29:37 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\.purple
2009-12-14 12:15:49 ----D---- C:\WINDOWS\system32\config
2009-12-14 11:23:51 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2009-12-14 10:26:55 ----D---- C:\Dokumente und Einstellungen
2009-12-13 20:34:18 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Hamachi
2009-12-13 19:00:49 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\teamspeak2
2009-12-11 10:34:09 ----AD---- d:\Programme\JDownloader 0.6.193
2009-12-09 22:45:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-09 00:49:40 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss
2009-12-07 17:18:50 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
2009-12-03 14:32:42 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
2009-12-02 16:17:48 ----HD---- d:\Programme\InstallShield Installation Information
2009-12-02 11:26:20 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-11-30 09:43:03 ----SH---- C:\boot.ini
2009-11-30 09:43:03 ----A---- C:\WINDOWS\system.ini
2009-11-23 21:24:19 ----SHD---- C:\WINDOWS\Installer
2009-11-23 21:24:00 ----D---- d:\Programme\Java
2009-11-23 21:23:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-23 21:01:04 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
2009-11-21 23:46:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soulseek
2009-11-18 02:22:05 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-11-16 19:55:17 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-14 108552]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-18 353672]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-21 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-26 6784]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-14 335752]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-14 27784]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-06-01 40192]
S1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-18 281760]
S2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
S2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-18 25888]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2006-06-01 88448]
S2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-06-01 63232]
S2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-06-01 55936]
S3 ALSysIO;ALSysIO; \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ALSysIO.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 Lnttuse2gub;Lnttuse2gub; C:\WINDOWS\system32\drivers\Lnttuse2gub.sys []
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
S3 SbieDrv;SbieDrv; \??\d:\Programme\Sandboxie\SbieDrv.sys []
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-18 2402184]
S2 avg8wd;AVG Free8 WatchDog; d:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-12-14 298776]
S2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE []
S2 ekrn;ESET Service; D:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 gusvc;Google Software Updater; D:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe []
S2 JavaQuickStarterService;Java Quick Starter; d:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004]
S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-28 66872]
S2 SbieSvc;Sandboxie Service; d:\Programme\Sandboxie\SbieSvc.exe [2009-09-30 65024]
S2 StarWindService;StarWind iSCSI Service; C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
S2 VC7SecS;Virtual CD v7 Management Service; D:\programme\HHVcdV7Sys\VC7SecS.exe [2005-03-02 102400]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-20 72704]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; D:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2008-06-20 68096]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-06-01 89136]
S3 TUWinStylerThemeSvc;TuneUp WinStyler Theme Service; C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe [2005-08-24 118272]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-05-10 829440]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-06-01 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
fortsetzung---------------->

Nightshade2x 15.12.2009 23:10
und RSIT Info:

Code:
info.txt logfile of random's system information tool 1.06 2009-12-15 15:56:22

======Uninstall list======

            -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max 6-->MsiExec.exe /I{29744C5A-47C9-4ea5-A8F9-B0D093121471}
ACDSee 8-->MsiExec.exe /I{AA2E6BFE-4351-481C-A720-47CB3506570B}
Adobe Acrobat 7.0.5 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe After Effects 6.5-->MsiExec.exe /I{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0407-1E257A25E34D}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Wheel Mouse 6.0.0.002-->C:\ADVANC~1\uninst.exe
AGEIA GAME System Software 2.8.0-->MsiExec.exe /I{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}
Ahriman's Prophecy-->C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
AirRivalsDe 1.0.0.28-->"d:\Programme\Gameforge4D\AirRivalsDe\unins000.exe"
Alpha Prime-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{30B1CF12-BD0C-4D6E-A506-C0A33BCA3BCF}\setup.exe" -l0x7
Apophysis 2.0-->"d:\Programme\Apophysis 2.0\uninstall.exe"
Arithmogriph-->MsiExec.exe /X{5A299BE4-7511-45DB-A221-BFB2C482470D}
Audiograbber 1.83 SE-->MsiExec.exe /X{18742725-FAAF-4FF5-AA21-88A5814BC9CE}
Autorun Eater v2.3-->"d:\Programme\Autorun Eater\unins000.exe"
AVG Free 8.5-->d:\Programme\AVG\AVG8\setup.exe /UNINSTALL
Battle Beans-->MsiExec.exe /I{A3EB045B-C536-4F7D-AC30-6A9233F4B674}
Battle for Wesnoth 1.4.5-->"e:\minigames\Wesnoth 1.4.5\unins000.exe"
Blood Bowl 1.0.1.7-->"e:\Cyanide\Blood Bowl\unins000.exe"
Build-a-lot - Town of the Year Deluxe-->"e:\minigames\Zylom Games\Build-a-lot - Town of the Year Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Build-a-lot Deluxe-->"e:\minigames\Zylom Games\Build-a-lot Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Cars Hook International-->"D:\programme\InstallShield Installation Information\{62D64F27-745D-49C0-A308-B08DFF16ECA0}\setup.exe" -removeonly -runfromtemp -l0x0015
CDex extraction audio-->"C:\Programme\CDex_150\uninstall.exe"
character studio 4.2-->MsiExec.exe /I{AFEDE7CA-FEB8-401e-9352-DE7489FAA7AA}
CloneDVD2-->"C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
Command & Conquer Generals-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Condition Zero Deleted Scenes-->"E:\Steam\steam.exe" steam://uninstall/100
Condition Zero-->"E:\Steam\steam.exe" steam://uninstall/80
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike: Source-->"E:\steam\steam.exe" steam://uninstall/240
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Curator Defense-->MsiExec.exe /I{7A8358BC-78B6-404B-9792-F344A6AB59C9}
Dawn Of Magic 2-->"D:\programme\InstallShield Installation Information\{B725D249-58A9-4579-809E-B9767F363B99}\setup.exe" -runfromtemp -l0x0007 -removeonly
Defense Grid: The Awakening-->"E:\Steam\steam.exe" steam://uninstall/18500
Deutschopoly-->MsiExec.exe /X{5223594C-5BF7-4776-AFED-6ABB164ECE3B}
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Die Gilde Gold-Edition-->E:\JoWooD\DIEGIL~1\UNWISE.EXE E:\JoWooD\DIEGIL~1\INSTALL.LOG
DivX Converter-->C:\Programme\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
Dynamic Energy Saver B7.1214.3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}\setup.exe" -l0x9  -removeonly
Empire Earth II-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" -l0x7  -removeonly
Empire Earth-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Programme\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EVEREST Home Edition v2.20-->"d:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Fable - The Lost Chapters-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
FLV Player 2.0, build 24-->d:\Programme\FLV Player\uninst.exe
Flyingcode NFO-Viewer 1.0-->C:\Programme\NFO-Viewer\unins000.exe
Galactic Civilizations II-->E:\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE E:\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
Garden Defense Deluxe-->"e:\minigames\Zylom Games\Garden Defense Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Gemeinsam genutzte Internet-Komponenten von Westwood-->C:\Westwood\Internet\UnstllAP.EXE
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x7  -removeonly
GTK+ Runtime 2.14.7 rev a (nur entfernen)-->C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe
Half-Life 2: Episode One-->"E:\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"E:\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast-->"E:\Steam\steam.exe" steam://uninstall/340
Half-Life 2-->"E:\Steam\steam.exe" steam://uninstall/220
Hamachi 1.0.3.0-->D:\programme\Hamachi\uninstall.exe
HD Tune 2.55-->"d:\Programme\HD Tune\unins000.exe"
HDD Health v3.3 Beta-->"d:\Programme\HDD Health\unins000.exe"
HeavyMetal Plus-->C:\WINDOWS\iun507.exe d:\BT\HeavyMetal\irunin.ini
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "D:\programme\Hero Editor\ST6UNST.LOG" 
Hide and Seek version 1.0-->"e:\minigames\Hide and Seek\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"D:\programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoffmann + Associates Applications-->C:\WINDOWS\H+a\Uninstal.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe"
http.SIGN Client Library-->MsiExec.exe /I{931AED42-841F-426E-AD65-62AD8C29418A}
I of the Enemy Ril'Cerat 2.25-->C:\WINDOWS\iun6002.exe "e:\minigames\I of the Enemy Ril'Cerat\irunin.ini"
ICQ6.5-->"D:\programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL-2 Sturmovik 1946-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1031
Intel A/V Codecs V2.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
Interpol - The Trail of Dr. Chaos Deluxe-->"e:\minigames\Zylom Games\Interpol - The Trail of Dr. Chaos Deluxe\GameInstlr.exe" --uninstall UnInstall.log
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JGoodies JDiskReport 1.3.1-->"d:\Programme\JGoodies\JDiskReport 1.3.1\uninstall.exe"
Kane and Lynch: Dead Men-->MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Klomanager-->e:\minigames\Klomanager\Sxuninst.exe
LDraw Parts Library 2009-02-->"d:\LDraw\unins000.exe"
Lost Planet: Extreme Condition-->"E:\Steam\steam.exe" steam://uninstall/6510
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\setup.exe" -l0x7 UNINSTALL
MAGIX music studio 2003 deLuxe-->D:\MAGIX\ms2003_deLuxe\ms2003_deLuxe\unwise.exe D:\MAGIX\ms2003_deLuxe\ms2003_deLuxe\INSTALL.LOG
Malwarebytes' Anti-Malware-->"d:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Master of Orion 3-->E:\MOO3\MASTER~1\UNWISE.EXE E:\MOO3\MASTER~1\INSTALL.LOG
Master of Orion II-->C:\WINDOWS\uninst.exe -fC:\MPS\Orion2\DeIsL1.isu
MechWarrior 4 Mercenaries-->"e:\Microsoft Games\MechWarrior Mercenaries\UNINSTAL.EXE" /runtemp /addremove
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "d:\Programme\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x7
Memento Mori-->E:\Memento Mori\Memento Mori\Uninstall.exe
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Baseline Security Analyzer 1.2.1-->MsiExec.exe /I{DF15059E-A356-47B2-B14B-6380ED32AB68}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft XNA Framework Redistributable 1.0 Refresh-->MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
mIRC-->d:\Programme\mIRC\uninstall.exe _?=d:\Programme\mIRC
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (1.5)-->C:\Programme\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (de)"
Mozilla Firefox (3.0.15)-->D:\programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->D:\programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{42347B75-9660-2DA4-63FD-D35E344E1031}
No-IP.com DUC (remove only)-->"d:\Programme\No-IP\DUC20.exe" -uninstall
Norton PartitionMagic 8.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
One Moon-->MsiExec.exe /I{F8A0C3B5-5DDC-41E7-BE00-576D52E44B8C}
OpenAL-->"d:\Programme\OpenAL\oalinst.exe" /U
Overlord-->D:\programme\InstallShield Installation Information\{259A8A5E-2886-4BED-9EF1-D5485282CCC3}\Setup.exe -runfromtemp -l0x0007 -removeonly
Peggle Deluxe 1.0-->d:\Programme\PopCap Games\Peggle Deluxe\PopUninstall.exe "d:\Programme\PopCap Games\Peggle Deluxe\Install.log"
Peggle Extreme-->"E:\Steam\steam.exe" steam://uninstall/3483
Pepakura Viewer 3-->"d:\Programme\tamasoftware\pepakura3en\viewer\epuninst.exe" /s
Pidgin-->d:\Programme\Pidgin\pidgin-uninst.exe
Portal-->"E:\Steam\steam.exe" steam://uninstall/400
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
Prey-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x7  -removeonly
Privoxy (remove only)-->"d:\Programme\Privoxy\privoxy_uninstall.exe"
Prototype(TM)-->D:\programme\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.5.1-->MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1031
RAR Password Cracker 4.12-->d:\Programme\RAR Password Cracker\uninstall.exe
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->D:\programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x7  -removeonly
Registry System Wizard-->"d:\Programme\Registry System Wizard\unins000.exe"
ResizerXT v1.2-->C:\WINDOWS\st6unst.exe -n "D:\programme\ResizerXT\ST6UNST.LOG" 
RichTyping 1.35-->"d:\Programme\Adobe\After Effects 6.5\Support Files\Plug-Ins\Filters\Panopticum\unins000.exe"
SafeCast Shared Components-->C:\Programme\Gemeinsame Dateien\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Sam and Max 104: Abe Lincoln Must Die-->"E:\Steam\steam.exe" steam://uninstall/8230
Sandboxie 3.40-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Serious Sam The First Encounter-->"C:\Program Files\Serious Sam The First Encounter\Uninstall\uninstall.exe" "/U:E:\Serious Sam 1\Uninstall\uninstall.xml"
Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Soldat 1.4.2-->"e:\minigames\Soldat\unins000.exe"
SoulSeek 157 NS 13c-->"d:\Programme\SoulseekNS\uninstall.exe"
SPORE™ Labor Basisversion-->"D:\programme\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0007 -removeonly
Spybot - Search & Destroy 1.4-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"d:\Programme\Spybot - Search & Destroy\unins000.exe"
Starships Unlimited Divided Galaxies v2.1-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{E8A45707-9A63-4291-8710-0BF65C7B5641}\setup.exe" -l0x7
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SweetIM for Messenger 2.7-->MsiExec.exe /X{EC87E256-B0A4-4A41-8682-AB57FF21196D}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
Team Fortress 2-->"E:\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->d:\Programme\Teamspeak2_RC2\unins000.exe
The Alawar Compendium-->"D:\programme\InstallShield Installation Information\{45015AFD-A792-4F10-83F6-7990B7A9C35F}\setup.exe" -runfromtemp -l0x0009 -removeonly
THE Rename 2.1.6-->"d:\Programme\THE Rename\unins000.exe"
TrackMania Nations Forever-->"E:\Steam\steam.exe" steam://uninstall/11020
TrackMania Sunrise Extreme 1.5.1-->"e:\TrackMania Sunrise\unins000.exe"
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
TVgenial-->C:\Programme\TVgenial\Uninstall.exe
Twin Sector-->"e:\Headup Games\Twin Sector\unins000.exe"
UltraEdit-32-->"C:\Programme\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Programme\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
Universe at War: Earth Assault-->"E:\Steam\steam.exe" steam://uninstall/10430
Unreal Tournament 3 (LG)-->MsiExec.exe /X{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
version 3.3 (Secure Network)-->"d:\Programme\NETSCAN PRO 3.3\unins000.exe"
Virtual CD v7 Smart Reader-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\programme\InstallShield Installation Information\{913CE8FB-DCE1-4B22-8475-558880DCB59C}\SVCD7.exe" -l0x7  -removeonly
VLC media player 1.0.1-->d:\Programme\VideoLAN\VLC\uninstall.exe
WarRock-->D:\programme\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Water 1.03. for Adobe After Effects-->"d:\Programme\Adobe\After Effects 6.5\Support Files\Plug-ins\Panopticum\unins000.exe"
WebCopier 5.1-->"d:\Programme\WebCopier\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP-Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
WinUHA 2.0 RC1 (2005.02.27)-->d:\Programme\WinUHA\unins000.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Xfire (remove only)-->"d:\Programme\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XviD 1.1 final uninstall-->"C:\Programme\XviD\unins000.exe"
Zodiac Tower Deluxe-->"e:\Zylom Games\Zodiac Tower Deluxe\GameInstlr.exe" --uninstall UnInstall.log
ZoneAlarm Pro-->d:\Programme\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O17 - HKLM\System\CS1\Services\Tcpip\..\{437C801E-192C-4B80-8A78-3B2A8657BB23}: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O17 - HKLM\System\CCS\Services\Tcpip\..\{437C801E-192C-4B80-8A78-3B2A8657BB23}: NameServer = 85.255.116.73,85.255.112.150 [2009-01-12]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-03-28]
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe [2009-03-28]
O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe [2009-03-28]
O4 - HKLM\..\Run: [Agamiyayiyohuy] rundll32.exe "C:\WINDOWS\Ahajamolimari.dll",e [2009-03-28]
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-03-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-03-28]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-28]
O4 - HKLM\..\Run: [Agamiyayiyohuy] rundll32.exe "C:\WINDOWS\Ahajamolimari.dll",e [2009-03-28]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, [2009-03-28]
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe [2009-03-28]
O4 - HKLM\..\Run: [Agamiyayiyohuy] rundll32.exe "C:\WINDOWS\Ahajamolimari.dll",e [2009-04-19]

======Hosts File======

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com

======Security center information======

AV: AVG Anti-Virus Free
AV: ESET NOD32 Antivirus 4.0 (outdated)
FW: ZoneAlarm Pro Firewall (disabled)

======System event log======

Computer Name: NIGHTSHADE
Event Code: 10
Message: Die digitale Audiowiedergabe wird von diesem Laufwerk nicht unterstützt.

Record Number: 5
Source Name: redbook
Time Written: 20091214123432.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 4
Source Name: EventLog
Time Written: 20091214123416.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 3
Source Name: EventLog
Time Written: 20091214123416.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 7036
Message: Dienst "ESET Service" befindet sich jetzt im Status "Ausgeführt".

Record Number: 2
Source Name: Service Control Manager
Time Written: 20091214121916.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 7031
Message: Der Dienst "ESET Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Starten Sie den Dienst neu..

Record Number: 1
Source Name: Service Control Manager
Time Written: 20091214121914.000000+060
Event Type: Fehler
User:

=====Application event log=====

Computer Name: NIGHTSHADE
Event Code: 101
Message: wuauclt (3880) Das Datenbankmodul wurde beendet.

Record Number: 5
Source Name: ESENT
Time Written: 20091214124053.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 103
Message: wuaueng.dll (3880) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.

Record Number: 4
Source Name: ESENT
Time Written: 20091214124053.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 102
Message: wuaueng.dll (3880) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).

Record Number: 3
Source Name: ESENT
Time Written: 20091214123550.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 100
Message: wuauclt (3880) Das Datenbankmodul 5.01.2600.2780 ist gestartet.

Record Number: 2
Source Name: ESENT
Time Written: 20091214123550.000000+060
Event Type: Informationen
User:

Computer Name: NIGHTSHADE
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1
Source Name: SecurityCenter
Time Written: 20091214123504.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Perl\site\bin;C:\Perl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\IDM Computer Solutions\UltraEdit-32;C:\Programme\Gemeinsame Dateien\Autodesk Shared\;d:\Programme\backburner 2\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
"tvdumpflags"=8
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
Malwarebytes A-M insgesammt 6x gestartet (die ersten 3x Stürzte MBAM beim bereinigen mit der "Standard-Windows-Fehlermeldung" ab) Dann löschte ich (aus Gnatz) die dort angegebenen Dateien händisch und im LOG wurden sie als "gelöscht" ausgegeben:

MBAM-Log von 17.00:

Code:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3289
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

15.12.2009 17:05:42
mbam-log-2009-12-15 (17-05-42).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Durchsuchte Objekte: 738813
Laufzeit: 43 minute(s), 6 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 10
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K129BOL5\eHcbf34a77V03f01530002R6aba994c102T80d63c9cQ000002c0900807F0020000aJ11000601l0007K83713c4e316P000500070[1] (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP352\A0409294.dll (Malware.Packer) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434734.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434788.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434790.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434794.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434801.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0434803.exe (Rogue.Crusader) -> Quarantined and deleted successfully.
G:\Prog Images\Vegas Video\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0435106.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0435108.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0435116.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
Danach liess ich MBAM noch 2 mal Scannen, das erste mal ohne Meldungen, doch gleich danach:

MBAM-Log von 20.00Uhr

Code:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3289
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13

15.12.2009 20:01:48
mbam-log-2009-12-15 (20-01-48).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 849455
Laufzeit: 1 hour(s), 22 minute(s), 54 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
G:\System Volume Information\_restore{47DA6AC2-30E2-4395-93ED-D8AEF492A19A}\RP353\A0437283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
.

Als ich dann doch endlich einen Thread fand der meinem Problem nahe kam Scannte ich mein System mit GMER und bekam folgendes ergebnis:

GMER-Log von 21.30:
Code:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-15 21:34:21
Windows 5.1.2600 Service Pack 2
Running: n3pp43o8.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fxtyyaob.sys


---- System - GMER 1.0.15 ----

SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwClose [0xF75BCC58]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwConnectPort [0xB82BCFC0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwCreateFile [0xB82B9C80]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwCreateKey [0xB82D4170]
SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwCreatePagingFile [0xF75B0C70]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwCreatePort [0xB82BD580]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwCreateProcess [0xB82D1900]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwCreateProcessEx [0xB82D1B10]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwCreateSection [0xB82D5B10]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwCreateWaitablePort [0xB82BD670]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwDeleteFile [0xB82BA210]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwDeleteKey [0xB82D49F0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwDeleteValueKey [0xB82D47A0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwDuplicateObject [0xB82D1280]
SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwEnumerateKey [0xF75B14FE]
SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwEnumerateValueKey [0xF75BCD50]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwLoadDriver [0xB82B68C0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwLoadKey [0xB82D4F10]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwLoadKey2 [0xB82D4F90]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwMapViewOfSection [0xB82D5D90]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwOpenFile [0xB82BA070]
SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwOpenKey [0xF75BCBD4]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwOpenProcess [0xB82D3180]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwOpenThread [0xB82D2F40]
SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwQueryKey [0xF75B151E]
SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwQueryValueKey [0xF75BCCA6]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwRenameKey [0xB82D56F0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwReplaceKey [0xB82D5150]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwRequestWaitReplyPort [0xB82BCBE0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwRestoreKey [0xB82D5540]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwSecureConnectPort [0xB82BD190]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwSetInformationFile [0xB82BA440]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwSetSystemInformation [0xB82B66A0]
SSDT            Vax347b.sys (Plug and Play BIOS Extension/ )                                                                ZwSetSystemPowerState [0xF75BC4F0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwSetValueKey [0xB82D44E0]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwSystemDebugControl [0xB82D2200]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwTerminateProcess [0xB82D2080]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)          ZwUnloadDriver [0xB82B6AF0]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!ZwYieldExecution + 12A                                                                          804E4964 2 Bytes  [70, 0C] {JO 0xe}
.text          ntoskrnl.exe!ZwYieldExecution + 12D                                                                          804E4967 13 Bytes  [F7, 80, D5, 2B, B8, 00, 19, ...]
.text          ntoskrnl.exe!ZwYieldExecution + 1FA                                                                          804E4A34 12 Bytes  [C0, 68, 2B, B8, 10, 4F, 2D, ...] {SHR BYTE [EAX+0x2b], 0xb8; ADC [EDI+0x2d], CL; MOV EAX, 0xb82d4f90}

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CryptDestroyKey                                                    77DBA544 7 Bytes  JMP 00D9299A
.text          C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CryptDecrypt                                                      77DBA7B1 7 Bytes  JMP 00D9294A
.text          C:\WINDOWS\Explorer.EXE[144] ADVAPI32.dll!CryptEncrypt                                                      77DC1558 7 Bytes  JMP 00D9290E
.text          C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!send                                                                71A1428A 5 Bytes  JMP 00D9277E
.text          C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!WSARecv                                                              71A14318 5 Bytes  JMP 00D92870
.text          C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!recv                                                                71A1615A 5 Bytes  JMP 00D927B6
.text          C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!WSASend                                                              71A16233 5 Bytes  JMP 00D927EE
.text          C:\WINDOWS\Explorer.EXE[144] WS2_32.dll!closesocket                                                          71A19639 5 Bytes  JMP 00D928F2
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] ADVAPI32.dll!CryptDestroyKey                                    77DBA544 7 Bytes  JMP 012E299A
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] ADVAPI32.dll!CryptDecrypt                                      77DBA7B1 7 Bytes  JMP 012E294A
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] ADVAPI32.dll!CryptEncrypt                                      77DC1558 7 Bytes  JMP 012E290E
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!send                                                71A1428A 5 Bytes  JMP 012E277E
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!WSARecv                                              71A14318 5 Bytes  JMP 012E2870
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!recv                                                71A1615A 5 Bytes  JMP 012E27B6
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!WSASend                                              71A16233 5 Bytes  JMP 012E27EE
.text          C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1156] WS2_32.dll!closesocket                                          71A19639 5 Bytes  JMP 012E28F2

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                    [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                          [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                        [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                  [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                    [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                      [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                            [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                          [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                      [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                          [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                          [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                    [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                            [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                            [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                        [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile]                                              [B82DAB30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                      [B82C1B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                    [B82BFE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                          [B82C2260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                          [B82C1930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile]                                                [B82BA980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile]                                      [B82BA8D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile]                                              [B82BAA80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT            \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile]                                              [B82BA5E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                      8A475030
Device          \FileSystem\Fastfat \FatCdrom                                                                                898DF848
Device          \Driver\Tcpip \Device\Ip                                                                                    vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\ACPI \Device\00000060                                                                                89A6E258
Device          \Driver\ACPI \Device\00000061                                                                                89A6E258
Device          \Driver\ACPI \Device\00000055                                                                                89A6E258
Device          \Driver\Tcpip \Device\Tcp                                                                                    vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\ACPI \Device\00000062                                                                                89A6E258
Device          \Driver\ACPI \Device\00000063                                                                                89A6E258
Device          \Driver\ACPI \Device\00000064                                                                                89A6E258
Device          \Driver\Cdrom \Device\CdRom0                                                                                8A2415B8
Device          \FileSystem\Rdbss \Device\FsWrap                                                                            89CDAD30
Device          \Driver\ACPI \Device\00000065                                                                                89A6E258
Device          \Driver\ACPI \Device\00000059                                                                                89A6E258
Device          \Driver\Cdrom \Device\CdRom1                                                                                8A2415B8
Device          \Driver\ACPI \Device\00000073                                                                                89A6E258
Device          \Driver\ACPI \Device\00000066                                                                                89A6E258
Device          \Driver\ACPI \Device\00000080                                                                                89A6E258
Device          \Driver\ACPI \Device\00000067                                                                                89A6E258
Device          \Driver\ACPI \Device\00000081                                                                                89A6E258
Device          \Driver\ACPI \Device\00000082                                                                                89A6E258
Device          \Driver\ACPI \Device\00000076                                                                                89A6E258
Device          \Driver\ACPI \Device\00000083                                                                                89A6E258
Device          \FileSystem\Srv \Device\LanmanServer                                                                        898DABA0
Device          \Driver\Tcpip \Device\Udp                                                                                    vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\Tcpip \Device\RawIp                                                                                  vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\ACPI \Device\0000006b                                                                                89A6E258
Device          \Driver\ACPI \Device\0000005f                                                                                89A6E258
Device          \Driver\ACPI \Device\0000006c                                                                                89A6E258
Device          \Driver\ACPI \Device\0000007a                                                                                89A6E258
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                            89CD27C0
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                            vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device          \Driver\ACPI \Device\0000007b                                                                                89A6E258
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                  89CD27C0
Device          \Driver\ACPI \Device\0000007c                                                                                89A6E258
Device          \FileSystem\Npfs \Device\NamedPipe                                                                          8A275B98
Device          \Driver\ACPI \Device\0000007d                                                                                89A6E258
Device          \FileSystem\Msfs \Device\Mailslot                                                                            89EB2DF0
Device          \Driver\Vax347s \Device\Scsi\Vax347s1                                                                        8A3300C8
Device          \Driver\JRAID \Device\Scsi\JRAID1Port5Path0Target0Lun0                                                      8A241AE0
Device          \Driver\JRAID \Device\Scsi\JRAID1                                                                            8A241AE0
Device          \Driver\Vax347s \Device\Scsi\Vax347s1Port4Path0Target0Lun0                                                  8A3300C8
Device          \FileSystem\Fastfat \Fat                                                                                    898DF848
Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                          89EAEEF8
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                            89EAEEF8
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                89EAEEF8
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                            89EAEEF8
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                            89EAEEF8
Device          \FileSystem\Cdfs \Cdfs                                                                                      89CD0180

---- Services - GMER 1.0.15 ----

Service        C:\WINDOWS\system32\DRIVERS\vdrv7000.sys (*** hidden *** )                                                  [SYSTEM] vdrv7000                                                                                                          <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40                                               
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ujdew                                          0x20 0x02 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej40                                          0xE5 0xE8 0xAE 0x52 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej41                                          0x43 0xE8 0xAE 0x52 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej42                                          0x43 0xE8 0xAE 0x52 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej43                                          0x43 0xE8 0xAE 0x52 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej44                                          0x43 0xE8 0xAE 0x52 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@ServiceBinary                                                C:\WINDOWS\system32\drivers\VDRV7000.SYS
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Group                                                        SCSI Miniport
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@ImagePath                                                    system32\DRIVERS\vdrv7000.sys
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@ErrorControl                                                1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Start                                                        1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Type                                                        1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000@Tag                                                          64
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum                                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum@0                                                      ROOT\SCSIADAPTER\0000
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum@Count                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\Enum@NextInstance                                            1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\parameters                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\parameters\pnpinterface                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\parameters\pnpinterface@1                                    1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\security                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\vdrv7000\security@Security                                            0x01 0x00 0x14 0x80 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000@ServiceBinary                                                    C:\WINDOWS\system32\drivers\VDRV7000.SYS
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Group                                                            SCSI Miniport
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000@ImagePath                                                        system32\DRIVERS\vdrv7000.sys
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000@ErrorControl                                                    1
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Start                                                            1
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Type                                                            1
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000@Tag                                                              64
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum (not active ControlSet)                                   
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum@0                                                          ROOT\SCSIADAPTER\0000
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum@Count                                                      1
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\Enum@NextInstance                                                1
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\parameters (not active ControlSet)                             
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\parameters\pnpinterface (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\parameters\pnpinterface@1                                        1
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\security (not active ControlSet)                               
Reg            HKLM\SYSTEM\ControlSet002\Services\vdrv7000\security@Security                                                0x01 0x00 0x14 0x80 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName  Alcohol 120%
Reg            HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName                        Alcohol 120%

---- EOF - GMER 1.0.15 ----

Seit dem dümpele ich hier im abgesicherten modus rum und freue mich dass der PC nur noch hakt (verzögerungen der Programme von 0,5 bis 1 Minute).

Ich hab die Logs noch nicht Studiert, also zur sicherheit mal die groben technischen Daten:

Windows XP Por, SP2
IntelCore2Duo E8400 @3,00GHz
4GBRam
Mainbord grade unbekannt

PS: Hab grade festgestellt dass ich nun auch noch nen "Redirecter" oder wie die Teile heissen habe (angeklickte Links werden auf andere Seiten umgeleitet)

Bis soweit erstmal, mir platzt der Schädel ;)
Und schonmal danke für die Hilfe...

Gruss Nightsahade

Nightshade2x 16.12.2009 08:38
Hallo nochmal.

Leider hatte ich vergessen zu erwähnen, dass auch ich den Benutzer "HelpAssistant" in dem Ordner "C:\Dokumente und Einstellungen\" und auch in der Benutzerverwaltung habe (neben dem deutschen "Hilfeassistent" welcher deaktiviert ist) welcher sich wie in einem anderem Thread http://www.trojaner-board.de/80373-w...-probleme.html nicht löschen oder deaktivieren lässt. Auch konnte ich kurzzeitif (im Abgesicherten Modus den Task "Administrator.exe" feststellen) Wenn es geht würde ich gern ein komplettes Plätten von HDD0 vermeiden, Neuaufsetzen ist weniger das problem...

Gruss Nightshade

Moritz009 16.12.2009 15:10
hi,

Zitat:
G:\Prog Images\Vegas Video\keygen.exe
Tut Mir leid, aber das disqualifiziert dich!

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen Support.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

Nightshade2x 16.12.2009 15:29
Hi.

Bevor ich mein System neu aufsetze hätte ich zumindest gerne noch die Frage beantwortet ob eine "normale" Standard-Installation incl Formatierung von C: ausreicht oder ob weiterreichende Maßnahmen anzuwenden sind (z.B. löschen der Partitionen o.Ä.), denn wenn ein normales Neuaufsetzen das Problem nicht beseitigt währe es ja sinnfrei...

Gruss Nightshade

PS: Den Keygen hab ich nicht "ausgeführt" da bekannt ist das solche Programme nichts gutes bringen, den hab ich wohl "im Bundle" mitkopiert ohne auf den genauen Inhalt der Ordner zu achten da Video-Bearbeitund nicht mein Ding ist.

cosinus 17.12.2009 15:17
Ich empfehle alle wichtigen privaten Daten zu sichern (keine ausführbaren Dateien, nur Dokumente, Musik usw.) und dann komplett und "vernünftig" neu aufzusetzen. Wenn alles Relevante gesichert ist auf einem ext. Medium kannst/solltest Du ruhig im Windows-Setup alle Partitionen auf der internen (System)Platte löschen und zumindest eine für Windows erstellen.

Ich weiß nicht wie Du das handelst, ich mags lieber wenn ich eine Partition fürs System (Windows) hab und eine zweite Partition für Daten. Dir stehts aber frei, Du kannst auch mehrere Partitionen einrichten oder C: den gesamten Platz der Platte zuweisen.

Nightshade2x 17.12.2009 15:33
Dank dir für die Schnelle Reaktion/Antwort. Falls es deiner Meinung nach ausreicht "nur" die Partitionen zu löschen soll es für mich auch mehr als in ordung sein. oder ist es bei vorhandenem Rootkit (GMER warnte mich VOR und NACH dem Scan vor installierten Rootkits) nötig weitere Dinge zu beachten?

(Wenn die Antwort lautet "Partitionen löschen reicht aus" kann das Thema von mir aus geschlossen werden)


PS: Und nochmals danke (an euch alle), ihr habt mir bei der Rettung schon einiger PCs sehr geholfen, weil andere diese Viren/Würmer auch schon hatten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19