Hallo Cosinus, super,dass Du Dich um mich kümmerst.:lach:
Habe mit GMER gekämpft :dummguck: und diesen log bekommen. Code:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-24 01:46:57
Windows 5.1.2600 Service Pack 3
Running: 3k61zrmp.exe; Driver: C:\DOKUME~1\RDBCE~1.DAN\LOKALE~1\Temp\pwldikoc.sys
---- System - GMER 1.0.15 ----
SSDT F8D84EA6 ZwCreateKey
SSDT F8D84E9C ZwCreateThread
SSDT F8D84EAB ZwDeleteKey
SSDT F8D84EB5 ZwDeleteValueKey
SSDT F8D84EBA ZwLoadKey
SSDT F8D84E88 ZwOpenProcess
SSDT F8D84E8D ZwOpenThread
SSDT F8D84EC4 ZwReplaceKey
SSDT F8D84EBF ZwRestoreKey
SSDT F8D84EB0 ZwSetValueKey
SSDT F8D84E97 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 24D 804E28B9 3 Bytes [4E, D8, F8] {DEC ESI; FDIVR ST, ST(0)}
.text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xB65CE000, 0x24A24, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xB6601000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xB6617000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xB6047000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xB6089000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xB60A4000, 0x8E, 0x42000040]
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Dokumente und Einstellungen\*mensch*\Eigene Dateien\Downloads\3k61zrmp.exe[204] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\*mensch*\Eigene Dateien\Downloads\3k61zrmp.exe[204] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Dokumente und Einstellungen\*mensch*\Eigene Dateien\Downloads\3k61zrmp.exe[204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Dokumente und Einstellungen\*mensch*\Eigene Dateien\Downloads\3k61zrmp.exe[204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Dokumente und Einstellungen\*mensch*\Eigene Dateien\Downloads\3k61zrmp.exe[204] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[208] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[208] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006C0001
.text C:\WINDOWS\System32\svchost.exe[208] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[380] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[380] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\System32\svchost.exe[380] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\wanmpsvc.exe[432] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\wanmpsvc.exe[432] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [23, 5F]
.text C:\WINDOWS\wanmpsvc.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00800001
.text C:\WINDOWS\wanmpsvc.exe[432] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[576] PSAPI.DLL!EnumProcesses 76BB3A76 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013A0001
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[620] PSAPI.DLL!EnumProcesses 76BB3A76 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Dit.exe[680] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Dit.exe[680] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\Dit.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
.text C:\WINDOWS\Dit.exe[680] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[736] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[736] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\SOUNDMAN.EXE[736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\WINDOWS\SOUNDMAN.EXE[736] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[816] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[816] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F90001
.text C:\WINDOWS\system32\svchost.exe[816] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[828] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[828] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[828] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001
.text C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe[828] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\WINDOWS\system32\svchost.exe[872] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[932] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\svchost.exe[932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03150001
.text C:\WINDOWS\System32\svchost.exe[932] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[932] PSAPI.DLL!EnumProcesses 76BB3A76 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wuauclt.exe[1036] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1036] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 028B0001
.text C:\WINDOWS\system32\wuauclt.exe[1036] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001
.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1148] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1148] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\WINDOWS\Explorer.EXE[1148] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1148] PSAPI.DLL!EnumProcesses 76BB3A76 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text C:\WINDOWS\System32\svchost.exe[1156] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1284] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXBCES.EXE[1284] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\LEXBCES.EXE[1284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02020001
.text C:\WINDOWS\system32\LEXBCES.EXE[1284] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[1308] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\LEXPPS.EXE[1308] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\LEXPPS.EXE[1308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01DC0001
.text C:\WINDOWS\system32\LEXPPS.EXE[1308] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1316] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1316] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01D40001
.text C:\WINDOWS\system32\spoolsv.exe[1316] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe[1592] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe[1592] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe[1592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001
.text C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe[1592] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\System32\svchost.exe[1660] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\drivers\CDAC11BA.EXE[1676] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\drivers\CDAC11BA.EXE[1676] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\drivers\CDAC11BA.EXE[1676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\WINDOWS\System32\drivers\CDAC11BA.EXE[1676] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[1688] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[1688] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [23, 5F]
.text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[1688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01DC0001
.text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[1688] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0049F8A0 C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
.text C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe[1688] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F1F0F5A
.text C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe[1760] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe[1760] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe[1760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001
.text C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe[1760] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1860] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\svchost.exe[1860] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1888] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Java\jre6\bin\jqs.exe[1888] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Programme\Java\jre6\bin\jqs.exe[1888] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CF0001
.text C:\Programme\Java\jre6\bin\jqs.exe[1888] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1888] psapi.dll!EnumProcesses 76BB3A76 6 Bytes JMP 5F0A0F5A
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[1964] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[1964] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[1964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[1964] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1972] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1972] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006C0001
.text C:\WINDOWS\System32\svchost.exe[1972] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[2060] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2060] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001
.text C:\WINDOWS\system32\ctfmon.exe[2060] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2068] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2068] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [26, 5F]
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2068] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F1F0F5A
.text C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2068] PSAPI.DLL!EnumProcesses 76BB3A76 6 Bytes JMP 5F220F5A
.text C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe[2076] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe[2076] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe[2076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01260001
.text C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe[2076] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\DitExp.exe[2236] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\DitExp.exe[2236] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\DitExp.exe[2236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\WINDOWS\DitExp.exe[2236] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtTerminateProcess 7C91DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3884] ntdll.dll!NtTerminateProcess + 4 7C91DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[3884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00690001
.text C:\WINDOWS\System32\alg.exe[3884] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[3884] kernel32.dll!Process32Next 7C8650C8 6 Bytes JMP 5F070F5A
---- Devices - GMER 1.0.15 ----
Device \Driver\NdisTapi \Device\NdisTapi DFSYS.SYS (T-Online Dialerschutz Kernelmode Hook/T-Systems Enterprise Services GmbH)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process C:\Programme\T-Online\Dialerschutz-Software\Defender.exe (*** hidden *** ) 1636
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4200 series@ChangeID 179796
---- EOF - GMER 1.0.15 ----
Dies ist das RSITlog Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by *mensch* at 2010-02-23 17:59:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 28 GB (49%) free of 57 GB
Total RAM: 511 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:56, on 23.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Dit.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\*mensch*\Eigene Dateien\Downloads\RSIT(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Dokumente und Einstellungen\*mensch*\Eigene Dateien\Persönlich\SicherheitPrüfen\*mensch*.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\Defender.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DataSync Outlook] "C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe" -S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {EC5CE933-9CC1-45E4-912F-EBD7AC85BEA7} - http://www.medionshop.de/ (file missing) (HKCU)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138531881140
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37480.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O22 - SharedTaskScheduler: boob - {01b55afa-f451-474b-9e91-c35b24d02641} - (no file)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Programme\BullGuard Ltd\BullGuard Backup\support\bgrasvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: T-Online Dialerschutz Dienst (DFSVC) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9612 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-10 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Programme\pdfforge Toolbar\SearchSettings.dll [2009-07-29 1153024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-10 279664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dit"=C:\WINDOWS\Dit.exe [2002-08-28 73728]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-03-20 315392]
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [2000-03-08 36864]
"T-Online Dialerschutz-Software"=C:\Programme\T-Online\Dialerschutz-Software\Defender.exe [2009-04-09 1398064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-01-20 47104]
"SearchSettings"=C:\Programme\pdfforge Toolbar\SearchSettings.exe [2009-07-29 1024512]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-24 68856]
"DataSync Outlook"=C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe [2009-12-07 720896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-24 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Sparbuch heute.lnk]
C:\PROGRA~1\WISO\SP2109~1\MEINSP~1.EXE [2009-06-12 1140008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^*mensch*^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LiveUpdate"=3
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
boob - {01b55afa-f451-474b-9e91-c35b24d02641}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BgLiveSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BgMainSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programme\T-Online\T-Online_Software_5\Browser\browser.exe"="C:\Programme\T-Online\T-Online_Software_5\Browser\browser.exe:*:Enabled:T-Online Browser 5.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Dokumente und Einstellungen\*mensch*\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hemmings200902-win32.zip\hemmings200902-win32.exe"="C:\Dokumente und Einstellungen\*mensch*\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hemmings200902-win32.zip\hemmings200902-win32.exe:*:Enabled:Hemmings - February 2009"
"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe"="C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server"
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe"="C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-20 17:05:19 ----D---- C:\rsit
2010-02-10 18:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 18:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 18:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 18:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 18:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 18:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 18:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 18:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 18:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-04 15:07:55 ----D---- C:\Dokumente und Einstellungen\*mensch*\Anwendungsdaten\Thunderbird
2010-02-03 17:34:20 ----D---- C:\Programme\Deutsche Telekom
2010-02-01 11:16:25 ----D---- C:\Dokumente und Einstellungen\*mensch*\Anwendungsdaten\DataSync Outlook
======List of files/folders modified in the last 1 months======
2010-02-23 17:59:41 ----D---- C:\WINDOWS\Prefetch
2010-02-23 17:36:53 ----D---- C:\WINDOWS\Temp
2010-02-23 17:28:27 ----D---- C:\Programme\Mozilla Firefox
2010-02-23 15:47:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-23 15:46:55 ----D---- C:\WINDOWS\system32\drivers
2010-02-23 15:45:31 ----A---- C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt
2010-02-23 09:17:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-22 09:12:34 ----D---- C:\WINDOWS\system32
2010-02-21 14:58:15 ----SHD---- C:\WINDOWS\Installer
2010-02-21 14:58:15 ----HD---- C:\Config.Msi
2010-02-21 14:58:14 ----AD---- C:\Programme
2010-02-14 13:29:18 ----RASH---- C:\boot.ini
2010-02-14 13:29:18 ----A---- C:\WINDOWS\win.ini
2010-02-14 13:29:18 ----A---- C:\WINDOWS\system.ini
2010-02-14 12:41:07 ----HDC---- C:\WINDOWS\$NtUninstallQ815021$
2010-02-14 12:38:31 ----D---- C:\WINDOWS
2010-02-11 18:40:49 ----D---- C:\WINDOWS\Debug
2010-02-11 10:36:08 ----SD---- C:\WINDOWS\Tasks
2010-02-10 18:07:47 ----D---- C:\Programme\Google
2010-02-10 18:04:11 ----HD---- C:\WINDOWS\inf
2010-02-10 18:04:06 ----DC---- C:\WINDOWS\system32\dllcache
2010-02-10 18:03:21 ----A---- C:\WINDOWS\imsins.BAK
2010-02-10 18:03:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-03 17:34:25 ----HD---- C:\Programme\InstallShield Installation Information
2010-02-01 17:18:43 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2010-02-01 17:18:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2010-02-01 17:07:15 ----SHD---- C:\System Volume Information
2010-02-01 17:04:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
2010-02-01 17:02:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2010-02-01 11:26:22 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-30 22:51:53 ----D---- C:\WINDOWS\Minidump
2010-01-30 18:30:55 ----D---- C:\WINDOWS\system32\Restore
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver]; \??\C:\WINDOWS\system32\drivers\Sleen16.sys []
R1 SSHDRV61;SSHDRV61; \??\C:\WINDOWS\System32\drivers\SSHDRV61.sys []
R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2003-02-03 13824]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-01-28 697084]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-03-20 576896]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2003-02-03 102400]
R3 DFSYS;T-Online Dialerschutz Hooking Treiber; \??\C:\Programme\T-Online\Dialerschutz-Software\DFSYS.SYS []
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568]
R3 Intels51;Creatix V.9X DSP Data Fax Modem; C:\WINDOWS\System32\DRIVERS\ctxs51.sys [2003-05-22 670203]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-07-31 28276]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-20 9856]
R3 SipIMNDI;T-Online Dialerschutz VoIP Service; C:\WINDOWS\system32\DRIVERS\SipIMNDI.sys [2007-01-29 22856]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-04-23 33588]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 61883;61883-Einheitsgerät; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC-Gerät; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 k600bus;Sony Ericsson 600i driver (WDM); C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 77072]
S3 MA8630C;MA8630C; C:\WINDOWS\system32\DRIVERS\MA8630C.sys [2004-09-14 23248]
S3 MA8630M;MA8630M; C:\WINDOWS\system32\DRIVERS\MA8630M.sys [2005-01-25 25428]
S3 MA8630U;MA8630U; C:\WINDOWS\system32\DRIVERS\MA8630U.sys [2007-06-29 53202]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 BgLiveSvc;BullGuard LiveUpdate; C:\Programme\BullGuard Ltd\BullGuard Backup\BullGuardUpdate.exe [2009-04-06 300368]
R2 BgMainSvc;BullGuard Main Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2004-03-08 54784]
R2 ClipInc001;ClipInc 001; C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [2009-05-27 2230024]
R2 DFSVC;T-Online Dialerschutz Dienst; C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe [2009-09-18 184320]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2000-03-08 278016]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-04-23 65536]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BGRaSvc;BGRaSvc; C:\Programme\BullGuard Ltd\BullGuard Backup\support\bgrasvc.exe [2009-12-14 79184]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-12 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe []
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-01-06 1181328]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe []
-----------------EOF-----------------
Bin gespannt was Du findest.
colroda |
