Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Viren, Trojaner, Malware auf meinem PC. AntiVir findet, löscht und findet wieder. (https://www.trojaner-board.de/87894-viren-trojaner-malware-meinem-pc-antivir-findet-loescht-findet.html)

mammamia 08.07.2010 00:57
Viren, Trojaner, Malware auf meinem PC. AntiVir findet, löscht und findet wieder.
 
Ich hoffe, ich folge den Regeln des Boards. Zu gerne würde ich eure Hilfe in Anspruch nehmen. Seit ein paar Tagen mehren sich die Probleme mit bösartiger Software, doch ich weiß nicht recht, wie ich sie lösen kann.

Zunächst einmal die Beschreibung des Vorgefallenen: Ich habe in meiner Dummheit zwei Dateien heruntergeladen, die offenbar nicht ganz sauber waren. Anschließend begann nämlich erst, was ich jetzt berichten kann. Es öffneten sich wahllos und ohne Aufforderung Fenster des Internet Explorer und präsentierten Werbeseiten. Alle paar Minuten eine Neue. AntiVir fand Viren, Malware und Trojaner, die sich löschen ließen, in unregelmäßigen Abständen aber immer wieder gefunden wurden. Ein kompletter Scan durch AntiVir hat das Problem vorübergehend gelöst. Spätestens nach dem Neustart ging aber alles wieder von vorne los, nur die Werbeseiten öffneten sich nicht mehr. Ein Scan durch AntiVir löst meine Probleme offensichtlich nicht, weil die schon zuvor gefundenen Problem-Programme immer wieder aufs Neue zu entstehen scheinen. Da ist irgendwo ein Nest. :)

Im Detail:

Fehlermeldung nach dem Starten des Laptops:

„RunDLL
Fehler beim Laden von
C:\Users\Lars\AppData\Local\Temp\sshnas21.dll

Das angegebene Modul wurde nicht gefunden.“

Antivir findet (unter anderem):

„Erkennungsmuster des Wurmes WORM/Iksmas.hsz“ in „C:\Users\****\AppData\Local\Temp\970.exe“

„Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Bredolab.fkl“ in „C:\Users\****\AppData\Local\Temp\6901158.exe“

„Das Trojanische Pferd TR/Agent.HF.30 in „C:\Users\****\AppData\Local\Temp\733.exe“

Die zwei zuletzt genannten außerdem nochmal in „C:\Users\****\AppData\Local\Microsoft\Windows\ […]“


Die empfohlene Vorangehensweise:

1. Abgesehen von der ungenutzten Datei-Endung, die nicht zu löschen ist, weil AntiVir installiert ist, konnte CCleaner alle Fehler beheben.

2. Malwarebytes Anti-Malware gesteht „Bestimmte Objekte konnten nicht entfernt werden.“ Log-Datei:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4290

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.07.2010 01:17:08
mbam-log-2010-07-08 (01-17-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136201
Laufzeit: 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\UBC5AB1IDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\****\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



3. RSIT notiert folgendes, wenn ich es durch mein System jage:

(1) log.txt[I]
RSIT Logfile:
Code:
Logfile of random's system information tool 1.07 (written by random/random)
Run by **** at 2010-07-08 01:27:23
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 51 GB (52%) free of 98 GB
Total RAM: 3066 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:27:43, on 08.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lars\Desktop\RSIT.exe
C:\Program Files\trend micro\Lars.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-6710304-3433624121-992636011-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\coolhandMPP\MPPoker.exe (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7515 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{A39CB0E9-224B-49F3-A4EA-4874F36B50CC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-20 7625248]
"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-02-15 622592]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-07-19 65536]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=D:\Programme\Adobe\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-02 13789728]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=D:\Programme\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=D:\Programme\iTunes\iTunesHelper.exe [2010-04-28 142120]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2010-03-11 300400]
"Malwarebytes Anti-Malware (reboot)"=D:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"DAEMON Tools Lite"=D:\Programme\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e0724bc-1290-11df-89f6-806e6f6e6963}]
shell\AutoRun\command - E:\monsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8da2a376-17b7-11df-86a6-001f160b6d58}]
shell\AutoRun\command - G:\SETUP.EXE
shell\configure\command - G:\SETUP.EXE
shell\install\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac37f57d-51ec-11df-856d-001f160b6d58}]
shell\AutoRun\command - H:\PRVA\\\\\\\\\\STRANA.exe
shell\explore\command - H:\PRVA\\\\\\\\\\\\STRANA.exe
shell\open\command - H:\PRVA\\\\\\\\\\\\STRANA.exe


======List of files/folders created in the last 1 months======

2010-07-08 01:27:23 ----D---- C:\rsit
2010-07-08 01:27:23 ----D---- C:\Program Files\trend micro
2010-07-08 00:55:45 ----D---- C:\Users\****\AppData\Roaming\Malwarebytes
2010-07-08 00:55:36 ----D---- C:\ProgramData\Malwarebytes
2010-06-22 22:35:19 ----D---- C:\Windows\system32\WindowsPowerShell
2010-06-22 22:32:49 ----A---- C:\Windows\system32\winrsmgr.dll
2010-06-22 22:32:29 ----A---- C:\Windows\system32\wsmprovhost.exe
2010-06-22 22:32:29 ----A---- C:\Windows\system32\winrshost.exe
2010-06-22 22:32:29 ----A---- C:\Windows\system32\winrs.exe
2010-06-22 22:32:25 ----A---- C:\Windows\system32\wsmplpxy.dll
2010-06-22 22:32:25 ----A---- C:\Windows\system32\winrssrv.dll
2010-06-22 22:32:22 ----A---- C:\Windows\system32\wevtfwd.dll
2010-06-22 22:32:22 ----A---- C:\Windows\system32\wecutil.exe
2010-06-22 22:32:22 ----A---- C:\Windows\system32\wecapi.dll
2010-06-22 22:32:21 ----A---- C:\Windows\system32\WsmRes.dll
2010-06-22 22:32:21 ----A---- C:\Windows\system32\wecsvc.dll
2010-06-22 22:32:21 ----A---- C:\Windows\system32\pwrshplugin.dll
2010-06-22 22:32:12 ----A---- C:\Windows\system32\winrm.vbs
2010-06-22 22:32:10 ----A---- C:\Windows\system32\WsmWmiPl.dll
2010-06-22 22:32:10 ----A---- C:\Windows\system32\WsmAuto.dll
2010-06-22 22:32:10 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-06-22 22:32:10 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2010-06-22 22:32:10 ----A---- C:\Windows\system32\winrscmd.dll
2010-06-22 22:32:09 ----A---- C:\Windows\system32\WsmSvc.dll
2010-06-22 22:22:43 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-22 22:22:43 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-22 22:22:43 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-22 22:22:43 ----A---- C:\Windows\system32\mscoree.dll
2010-06-22 22:22:43 ----A---- C:\Windows\system32\dfshim.dll
2010-06-22 22:22:14 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-22 22:22:14 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-17 03:18:43 ----D---- C:\Users\Lars\AppData\Roaming\dvdcss
2010-06-15 23:50:05 ----A---- C:\Windows\system32\javaws.exe
2010-06-15 23:50:05 ----A---- C:\Windows\system32\javaw.exe
2010-06-15 23:50:05 ----A---- C:\Windows\system32\java.exe
2010-06-15 23:50:05 ----A---- C:\Windows\system32\deployJava1.dll
2010-06-10 18:46:19 ----D---- C:\Windows\Minidump
2010-06-09 21:47:17 ----A---- C:\Windows\system32\mshtml.dll
2010-06-09 21:47:16 ----A---- C:\Windows\system32\wininet.dll
2010-06-09 21:47:16 ----A---- C:\Windows\system32\urlmon.dll
2010-06-09 21:47:15 ----A---- C:\Windows\system32\mshtmled.dll
2010-06-09 21:47:15 ----A---- C:\Windows\system32\ieui.dll
2010-06-09 21:47:15 ----A---- C:\Windows\system32\iepeers.dll
2010-06-09 21:47:15 ----A---- C:\Windows\system32\ieframe.dll
2010-06-09 21:47:15 ----A---- C:\Windows\system32\ieencode.dll
2010-06-09 21:47:14 ----A---- C:\Windows\system32\ieapfltr.dll
2010-06-09 21:46:27 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-09 21:46:25 ----A---- C:\Windows\system32\atmlib.dll
2010-06-09 21:46:25 ----A---- C:\Windows\system32\atmfd.dll

======List of files/folders modified in the last 1 months======

2010-07-08 01:27:30 ----D---- C:\Windows\Temp
2010-07-08 01:27:23 ----RD---- C:\Program Files
2010-07-08 01:20:52 ----D---- C:\Windows
2010-07-08 01:20:44 ----D---- C:\Windows\system32\drivers
2010-07-08 01:20:44 ----D---- C:\Windows\Registration
2010-07-08 01:17:08 ----D---- C:\Windows\Tasks
2010-07-08 00:55:36 ----HD---- C:\ProgramData
2010-07-08 00:48:20 ----D---- C:\Windows\Debug
2010-07-08 00:34:27 ----D---- C:\Users\****\AppData\Roaming\Skype
2010-07-08 00:33:54 ----D---- C:\Users\****\AppData\Roaming\skypePM
2010-07-06 21:12:03 ----D---- C:\Windows\system32\Tasks
2010-07-06 13:47:21 ----SHD---- C:\System Volume Information
2010-07-05 16:45:54 ----D---- C:\Windows\Prefetch
2010-07-03 14:55:22 ----D---- C:\Windows\system32\catroot2
2010-07-03 11:47:53 ----D---- C:\Windows\System32
2010-07-03 11:47:53 ----D---- C:\Windows\inf
2010-07-03 11:47:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-03 00:37:45 ----SHD---- C:\Windows\Installer
2010-06-29 13:08:29 ----D---- C:\Windows\system32\catroot
2010-06-27 03:37:56 ----D---- C:\Users\****\AppData\Roaming\vlc
2010-06-22 23:30:09 ----D---- C:\Windows\rescache
2010-06-22 23:15:08 ----D---- C:\Windows\Microsoft.NET
2010-06-22 23:15:03 ----RSD---- C:\Windows\assembly
2010-06-22 22:53:36 ----D---- C:\Windows\AppPatch
2010-06-22 22:36:49 ----D---- C:\Windows\winsxs
2010-06-22 22:35:23 ----D---- C:\Windows\system32\de-DE
2010-06-22 22:35:23 ----D---- C:\Windows\PolicyDefinitions
2010-06-22 22:31:32 ----D---- C:\Windows\ehome
2010-06-22 22:24:15 ----D---- C:\Windows\system32\en-US
2010-06-22 22:24:11 ----D---- C:\Program Files\Microsoft.NET
2010-06-22 13:57:03 ----D---- C:\Windows\system32\LogFiles
2010-06-16 22:42:52 ----SD---- C:\Users\****\AppData\Roaming\Microsoft
2010-06-15 23:49:59 ----D---- C:\Program Files\Java
2010-06-15 00:05:18 ----D---- C:\Users\****\AppData\Roaming\Microgaming
2010-06-13 12:50:03 ----D---- C:\Windows\system32\WDI
2010-06-10 18:46:39 ----D---- C:\Users\****\AppData\Roaming\Apple Computer
2010-06-10 15:00:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-09 21:55:22 ----D---- C:\Program Files\Windows Mail
2010-06-09 21:48:28 ----D---- C:\Windows\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2009-08-23 308859]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-11-16 131984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-20 2664032]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-01 9786752]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-04 261152]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S3 arbmbuhd;arbmbuhd; C:\Windows\system32\drivers\arbmbuhd.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 Brother XP spl Service;BrSplService; C:\Windows\system32\brsvc01a.exe [2002-04-12 57344]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2009-08-23 1528624]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 815104]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-02 211488]
R2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 466944]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; D:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-21 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-04-16 332720]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
--- --- ---



(2) info.txt

[I]info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.06 2010-07-08 01:27:44

======Uninstall list======

-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Azurewave Wireless LAN-->C:\Program Files\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe"  -runfromtemp -l0x0007 Brunin03.dll -removeonly
CCleaner-->"D:\Programme\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.06.0110-->MsiExec.exe /X{08B785C1-3893-4154-B53B-F5D341D0AAAA}
Citrix Online Plug-in - Web-->C:\ProgramData\Citrix\Citrix Online Plug-in - Web\TrolleyExpress.exe /uninstall /cleanup
Citrix Online Plug-in (DV)-->MsiExec.exe /I{8144262B-25B4-44F6-8204-FCC8EF50179F}
Citrix Online Plug-in (HDX)-->MsiExec.exe /I{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}
Citrix Online Plug-in (USB)-->MsiExec.exe /I{6F8EAC65-314D-4D86-9557-BC9312AACCB0}
Citrix Online Plug-in (Web)-->MsiExec.exe /I{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}
Cool Hand Poker-->C:\MicroGaming\Poker\coolhandMPP\install.exe -uninstall
Counter-Strike: Source-->"D:\Programme\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"D:\Programme\Steam\steam.exe" steam://uninstall/10
DivX Codec-->D:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->D:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
GoeMobile - Cisco VPN Client 5.0.06.0110-->C:\Program Files\Cisco Systems\VPN Client\goemobile\Goemobile_uninst.exe
Holdem Manager-->"D:\Programme\Holdem Manager\UninstallHoldemManager.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel PROSet Wireless-->Intel PROSet Wireless
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
K-Lite Mega Codec Pack 5.8.3-->"D:\Programme\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6)-->D:\Programme\Mozilla\uninstall\helper.exe
No23 Recorder-->MsiExec.exe /X{22B0E143-2B0B-435B-9F56-136A3D16065F}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PokerStars-->"D:\Eigene Dateien\Poker\Alles\PokerstarsNew\PokerStarsUninstall.exe" /u:PokerStars
PokerStrategy.com Equilator-->"C:\Program Files\InstallShield Installation Information\{045A9539-37B6-464D-94F9-E4ADFA856903}\setup.exe" -runfromtemp -l0x0409  -removeonly
PokerStrategy.com Equilator-->MsiExec.exe /I{045A9539-37B6-464D-94F9-E4ADFA856903}
PostgreSQL 8.4-->C:\Program Files\PostgreSQL\8.4\uninstall-postgresql.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.0.5-->D:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Intel (NETw5v32) net  (04/27/2008 12.0.0.73)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst32.exe /u C:\Windows\system32\DRVSTORE\netw5v32_CA3CC4AC2C4CECBEA38C31B2AD0494382FBDC4B1\netw5v32.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->D:\Programme\WinRar\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: ****-PC
Event Code: 4383
Message: Windows-Wartung hat das Update 979306-1166_neutral_PACKAGE aus Paket KB979306 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 32500
Source Name: Microsoft-Windows-Servicing
Time Written: 20100301083910.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****-PC
Event Code: 4383
Message: Windows-Wartung hat das Update 979306-1165_neutral_PACKAGE aus Paket KB979306 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 32499
Source Name: Microsoft-Windows-Servicing
Time Written: 20100301083910.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****-PC
Event Code: 4383
Message: Windows-Wartung hat das Update 979306-1164_neutral_PACKAGE aus Paket KB979306 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 32498
Source Name: Microsoft-Windows-Servicing
Time Written: 20100301083910.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****-PC
Event Code: 4383
Message: Windows-Wartung hat das Update 979306-1163_neutral_PACKAGE aus Paket KB979306 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 32497
Source Name: Microsoft-Windows-Servicing
Time Written: 20100301083910.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****-PC
Event Code: 4383
Message: Windows-Wartung hat das Update 979306-1162_neutral_PACKAGE aus Paket KB979306 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 32496
Source Name: Microsoft-Windows-Servicing
Time Written: 20100301083910.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: 26L2233B1-13
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20100205195759.000000-000
Event Type: Informationen
User:

Computer Name: WIN-S1SM9G5BLPK
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 4
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100205195756.000000-000
Event Type: Informationen
User:

Computer Name: WIN-S1SM9G5BLPK
Event Code: 900
Message: Der Softwarelizenzierungsdienst wird gestartet.

Record Number: 3
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100205195756.000000-000
Event Type: Informationen
User:

Computer Name: WIN-S1SM9G5BLPK
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet. 


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100205195755.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 26L2233B1-13
Event Code: 2
Message: Der Zertifikatdiensteclient wurde angehalten.
Record Number: 1
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20080121025830.046400-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: 26L2233B1-13
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                26L2233B1-13$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Zielserver:
        Zielservername:        localhost
        Weitere Informationen:        localhost

Prozessinformationen:
        Prozess-ID:                0x1f4
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Netzwerkadresse:        -
        Port:                        -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100205195727.692146-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

        Anzahl von Elementen:        0
        Richtlinienkennung:        0x60934
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100205195723.058916-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-0-0
        Kontoname:                -
        Kontodomäne:                -
        Anmelde-ID:                0x0

Anmeldetyp:                        0

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x4
        Prozessname:               

Netzwerkinformationen:
        Arbeitsstationsname:        -
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                -
        Authentifizierungspaket:        -
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100205195721.966909-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100205195721.966909-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 26L2233B1-13
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-7
        Kontoname:                ANONYMOUS LOGON
        Kontodomäne:                NT AUTHORITY
        Anmelde-ID:                0x1f2f0

Anmeldetyp:                        3

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080121025830.171200-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\DivX Shared\;D:\Programme\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
--- --- ---



Ich hoffe, ich habe nun nichts falsch gemacht. Vielleicht reichen die bereitgestellten Informationen schon aus, um das Problem zu lösen. Weil ich nicht kompetent genug bin, bin ich da ganz auf euch angewiesen. Für Hilfe jeder Art möchte ich mich trotzdem schon einmal im Voraus bedanken:

Vielen Dank!

kira 08.07.2010 06:57
Hallo und Herzlich Willkommen! :)

Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Sicherheitskonzept v. SETI@home/Punkt 1.
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst:
- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:

1.
lade Dir HijackThis 2.0.2 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

6.
Lade und installiere das Tool RootRepeal herunter
  • setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
  • "Stealth Objects" -> "Scan"-> Save Report"...
  • "Hidden Services" -> "Scan"-> Save Report"...
  • speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein log schreibst du:[code]
hier kommt dein logfile rein
→ dahinter:[/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow

mammamia 08.07.2010 10:40
Danke dir, für die ausführliche Beschreibung der folgenden Analyseschritte. Ich will gleich beginnen, alles nacheinander abzuarbeiten. Zuvor noch ein paar grundlegende Informationen, die du vielleicht wissen musst.

CCleaner und Malwarebytes AntiMalware habe ich nicht über den von euch zur Verfügung gestellten Link heruntergeladen, sondern von chip*de bezogen. Der Download, auf den ihr hier verlinkt, funktionierte bei mir gestern Nacht nicht. Ich denke, das bereitet aber keinerlei Probleme und will deshalb gleich die Ergebnisse präsentieren:

(1) HijackThis 2.0.2

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:05, on 08.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\mobsync.exe
D:\Programme\Mozilla\firefox.exe
D:\Programme\Mozilla\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programme\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-6710304-3433624121-992636011-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Cool Hand Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\coolhandMPP\MPPoker.exe (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Programme\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7491 bytes
(2) Alle bisher versteckten Dateien werden nun angezeigt. Die entsprechenden Einstellungen habe ich, wie von dir empfohlen, geändert.

(3) HJTScanList

Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6002]
 
 
C:

      C:\hiberfil.sys ---------   
      C:\pagefile.sys ---------   
  08.07.2010 01:27    C:\rsit --------- 0 
  08.07.2010 01:27    C:\Program Files --------- 12288 
  08.07.2010 01:20    C:\Windows --------- 20480 
  08.07.2010 00:55    C:\ProgramData --------- 8192 
  06.07.2010 13:47    C:\System Volume Information --------- 24576 
  18.05.2010 01:00    C:\HMArchive --------- 0 
  10.05.2010 10:58    C:\Users --------- 4096 
  13.04.2010 20:40    C:\MicroGaming --------- 0 
  20.02.2010 18:08    C:\Boot --------- 4096 
  12.02.2010 11:21    C:\MSOCache --------- 0 
  10.02.2010 19:01    C:\Brother --------- 0 
  07.02.2010 22:43    C:\Intel --------- 0 
  05.02.2010 22:12    C:\$Recycle.Bin --------- 0 
  05.02.2010 22:10    C:\Programme --------- 0 
  05.02.2010 22:10    C:\Dokumente und Einstellungen --------- 0 
  11.04.2009 08:36    C:\bootmgr --------- 333257 
  21.01.2008 04:32    C:\PerfLogs --------- 0 
  02.11.2006 15:02    C:\Documents and Settings --------- 0 
  18.09.2006 23:43    C:\config.sys --------- 10 
  18.09.2006 23:43    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\Windows

  08.07.2010 10:54    C:\Windows\WindowsUpdate.log --------- 2096557 
  08.07.2010 10:51    C:\Windows\bootstat.dat --------- 67584 
  08.07.2010 01:20    C:\Windows\PFRO.log --------- 590 
  18.05.2010 02:02    C:\Windows\HMHud.INI --------- 0 
  09.05.2010 19:53    C:\Windows\VPNInstall.MIF --------- 1594 
  08.05.2010 22:36    C:\Windows\win.ini --------- 243 
  13.04.2010 20:42    C:\Windows\pp.enc --------- 59 
  14.03.2010 20:00    C:\Windows\avisplitter.ini --------- 38 
  19.02.2010 17:41    C:\Windows\BRWMARK.INI --------- 469 
  10.02.2010 19:04    C:\Windows\BRPP2KA.INI --------- 27 
  10.02.2010 19:02    C:\Windows\Brfaxrx.ini --------- 66 
  10.02.2010 19:02    C:\Windows\brpcfx.ini --------- 84 
  10.02.2010 19:02    C:\Windows\Brpfx04a.ini --------- 212 
  24.06.2009 10:43    C:\Windows\RtlExUpd.dll --------- 831488 
  11.04.2009 08:27    C:\Windows\explorer.exe --------- 2926592 
  14.02.2008 14:07    C:\Windows\Updates.txt --------- 10 
  21.01.2008 04:43    C:\Windows\WindowsShell.Manifest --------- 749 
  21.01.2008 04:24    C:\Windows\regedit.exe --------- 134656 
  21.01.2008 04:24    C:\Windows\bfsvc.exe --------- 58880 
  21.01.2008 04:24    C:\Windows\fveupdate.exe --------- 13312 
  21.01.2008 04:24    C:\Windows\HelpPane.exe --------- 498176 
  21.01.2008 04:23    C:\Windows\notepad.exe --------- 151040 
  02.11.2006 14:35    C:\Windows\WMSysPr9.prx --------- 316640 
  02.11.2006 14:34    C:\Windows\twunk_16.exe --------- 49680 
  02.11.2006 14:34    C:\Windows\twain_32.dll --------- 50688 
  02.11.2006 14:34    C:\Windows\twunk_32.exe --------- 31232 
  02.11.2006 14:34    C:\Windows\twain.dll --------- 94784 
  02.11.2006 11:45    C:\Windows\winhlp32.exe --------- 9216 
  02.11.2006 11:45    C:\Windows\hh.exe --------- 14848 
  02.11.2006 09:46    C:\Windows\mib.bin --------- 43131 
  19.09.2006 13:41    C:\Windows\HomePremium.xml --------- 8328 
  18.09.2006 23:46    C:\Windows\system.ini --------- 219 
  18.09.2006 23:43    C:\Windows\_default.pif --------- 707 
  18.09.2006 23:43    C:\Windows\winhelp.exe --------- 256192 
  18.09.2006 23:30    C:\Windows\msdfmap.ini --------- 1405 
  10.12.2004 17:35    C:\Windows\brunin03.dll --------- 147456 
  28.11.2003 19:57    C:\Windows\brdfxspd.dat --------- 0 
  15.11.2001 02:00    C:\Windows\CVRPAGE.bmp --------- 6224 
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------

 
C:\Windows\System32

 08.07.2010 11:18    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3712 
 08.07.2010 11:18    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3712 
 08.07.2010 01:20    C:\Windows\system32\drivers --------- 65536 
 06.07.2010 21:12    C:\Windows\system32\Tasks --------- 4096 
 03.07.2010 14:55    C:\Windows\system32\catroot2 --------- 4096 
 03.07.2010 11:47    C:\Windows\system32\perfh009.dat --------- 595996 
 03.07.2010 11:47    C:\Windows\system32\perfc009.dat --------- 104070 
 03.07.2010 11:47    C:\Windows\system32\perfh007.dat --------- 628742 
 03.07.2010 11:47    C:\Windows\system32\perfc007.dat --------- 126454 
 03.07.2010 11:47    C:\Windows\system32\PerfStringBackup.INI --------- 1445310 
 29.06.2010 13:08    C:\Windows\system32\catroot --------- 4096 
 22.06.2010 22:35    C:\Windows\system32\de-DE --------- 196608 
 22.06.2010 22:35    C:\Windows\system32\WindowsPowerShell --------- 0 
 22.06.2010 22:24    C:\Windows\system32\en-US --------- 4096 
 22.06.2010 13:57    C:\Windows\system32\LogFiles --------- 0 
 15.06.2010 23:49    C:\Windows\system32\jupdate-1.6.0_20-b02.log --------- 3217 
 13.06.2010 12:50    C:\Windows\system32\WDI --------- 4096 
 09.06.2010 21:58    C:\Windows\system32\FNTCACHE.DAT --------- 1733096 
 09.06.2010 21:48    C:\Windows\system32\wbem --------- 65536 
 28.05.2010 21:37    C:\Windows\system32\mrt.exe --------- 32472008 
 26.05.2010 19:06    C:\Windows\system32\atmlib.dll --------- 34304 
 26.05.2010 16:47    C:\Windows\system32\atmfd.dll --------- 289792 
 21.05.2010 14:14    C:\Windows\system32\MpSigStub.exe --------- 221568 
 04.05.2010 21:15    C:\Windows\system32\wininet.dll --------- 834048 
 04.05.2010 21:15    C:\Windows\system32\urlmon.dll --------- 1176064 
 04.05.2010 21:12    C:\Windows\system32\mshtmled.dll --------- 477184 
 04.05.2010 21:12    C:\Windows\system32\mshtml.dll --------- 3602944 
 04.05.2010 21:10    C:\Windows\system32\ieui.dll --------- 180736 
 04.05.2010 21:10    C:\Windows\system32\iepeers.dll --------- 193024 
 04.05.2010 21:10    C:\Windows\system32\ieframe.dll --------- 6080000 
 04.05.2010 21:10    C:\Windows\system32\ieapfltr.dll --------- 380928 
 04.05.2010 20:37    C:\Windows\system32\ieencode.dll --------- 78336 
 01.05.2010 16:13    C:\Windows\system32\win32k.sys --------- 2037248 
 23.04.2010 16:13    C:\Windows\system32\tzres.dll --------- 2048 
 16.04.2010 18:43    C:\Windows\system32\Apphlpdm.dll --------- 28672 
 16.04.2010 16:39    C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 
 12.04.2010 17:29    C:\Windows\system32\javaws.exe --------- 153376 
 12.04.2010 17:29    C:\Windows\system32\javaw.exe --------- 145184 
 12.04.2010 17:29    C:\Windows\system32\java.exe --------- 145184 
 12.04.2010 17:29    C:\Windows\system32\deployJava1.dll --------- 411368 
 08.04.2010 13:20    C:\Windows\system32\dns-sd.exe --------- 107808 
 08.04.2010 13:20    C:\Windows\system32\dnssd.dll --------- 91424 
 06.04.2010 14:20    C:\Windows\system32\jupdate-1.6.0_19-b04.log --------- 4626 
 05.04.2010 19:01    C:\Windows\system32\asycfilt.dll --------- 67072 
 01.04.2010 02:15    C:\Windows\system32\pt-BR --------- 0 
 01.04.2010 02:15    C:\Windows\system32\it-IT --------- 0 
 01.04.2010 02:15    C:\Windows\system32\bg-BG --------- 0 
 01.04.2010 02:15    C:\Windows\system32\he-IL --------- 0 
 01.04.2010 02:15    C:\Windows\system32\pt-PT --------- 0 
 01.04.2010 02:15    C:\Windows\system32\pl-PL --------- 0 
 01.04.2010 02:15    C:\Windows\system32\uk-UA --------- 0 
 01.04.2010 02:15    C:\Windows\system32\ko-KR --------- 0 
 01.04.2010 02:15    C:\Windows\system32\hu-HU --------- 0 
 01.04.2010 02:15    C:\Windows\system32\hr-HR --------- 0 
 01.04.2010 02:15    C:\Windows\system32\zh-HK --------- 0 
 01.04.2010 02:15    C:\Windows\system32\sl-SI --------- 0 
 01.04.2010 02:15    C:\Windows\system32\el-GR --------- 0 
 01.04.2010 02:15    C:\Windows\system32\nl-NL --------- 0 
 01.04.2010 02:15    C:\Windows\system32\fr-FR --------- 0 
 01.04.2010 02:15    C:\Windows\system32\fi-FI --------- 0 
 01.04.2010 02:15    C:\Windows\system32\sr-Latn-CS --------- 0 
 01.04.2010 02:15    C:\Windows\system32\tr-TR --------- 0 
 01.04.2010 02:15    C:\Windows\system32\th-TH --------- 0 
 01.04.2010 02:15    C:\Windows\system32\sv-SE --------- 0 
 01.04.2010 02:15    C:\Windows\system32\es-ES --------- 0 
 01.04.2010 02:15    C:\Windows\system32\lv-LV --------- 0 
 01.04.2010 02:15    C:\Windows\system32\lt-LT --------- 0 
 01.04.2010 02:15    C:\Windows\system32\zh-TW --------- 0 
 01.04.2010 02:15    C:\Windows\system32\sk-SK --------- 0 
 01.04.2010 02:15    C:\Windows\system32\et-EE --------- 0 
 01.04.2010 02:15    C:\Windows\system32\cs-CZ --------- 0 
 01.04.2010 02:15    C:\Windows\system32\zh-CN --------- 0 
 01.04.2010 02:15    C:\Windows\system32\ja-JP --------- 0 
 01.04.2010 02:15    C:\Windows\system32\ar-SA --------- 0 
 01.04.2010 02:15    C:\Windows\system32\ro-RO --------- 0 
 01.04.2010 02:15    C:\Windows\system32\ru-RU --------- 0 
 01.04.2010 02:15    C:\Windows\system32\nb-NO --------- 0 
 01.04.2010 02:15    C:\Windows\system32\da-DK --------- 0 
 18.03.2010 14:03    C:\Windows\system32\wrap_oal.dll --------- 413696 
 18.03.2010 14:03    C:\Windows\system32\OpenAL32.dll --------- 110592 
 18.03.2010 13:16    C:\Windows\system32\msvcr100_clr0400.dll --------- 771424 
 17.03.2010 21:53    C:\Windows\system32\QuickTime.qts --------- 69632 
 17.03.2010 21:53    C:\Windows\system32\QuickTimeVR.qtx --------- 94208 
 14.03.2010 20:00    C:\Windows\system32\pndx5016.dll --------- 6656 
 14.03.2010 20:00    C:\Windows\system32\pncrt.dll --------- 278528 
 14.03.2010 20:00    C:\Windows\system32\pndx5032.dll --------- 5632 
 14.03.2010 20:00    C:\Windows\system32\rmoc3260.dll --------- 185920 
 12.03.2010 20:31    C:\Windows\system32\AGEIA --------- 0 
 04.03.2010 19:33    C:\Windows\system32\vbscript.dll --------- 430080 
 23.02.2010 19:30    C:\Windows\system32\NDF --------- 0 
 21.02.2010 01:06    C:\Windows\system32\nshhttp.dll --------- 24064 
 21.02.2010 01:05    C:\Windows\system32\httpapi.dll --------- 30720 
 19.02.2010 18:24    C:\Windows\system32\ca-ES --------- 0 
 19.02.2010 18:24    C:\Windows\system32\XPSViewer --------- 0 
 19.02.2010 18:24    C:\Windows\system32\oobe --------- 4096 
 19.02.2010 18:24    C:\Windows\system32\migration --------- 4096 
 19.02.2010 18:24    C:\Windows\system32\eu-ES --------- 0 
 19.02.2010 18:24    C:\Windows\system32\AdvancedInstallers --------- 0 
 19.02.2010 18:24    C:\Windows\system32\setup --------- 0 
 19.02.2010 18:24    C:\Windows\system32\SLUI --------- 0 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 08.07.2010 10:51    C:\Windows\Tasks\SA.DAT --------- 6 
 08.07.2010 02:09    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32534 
 07.07.2010 13:00    C:\Windows\Tasks\User_Feed_Synchronization-{A39CB0E9-224B-49F3-A4EA-4874F36B50CC}.job --------- 416 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\Lars\AppData\Local\Temp

 08.07.2010 11:20    C:\Users\++++\AppData\Local\Temp\Lars.bmp --------- 31832 
 08.07.2010 11:18    C:\Users\++++\AppData\Local\Temp\plugtmp --------- 4096 
 08.07.2010 11:16    C:\Users\++++\AppData\Local\Temp\flaB0F8.tmp --------- 16364505 
 08.07.2010 10:56    C:\Users\++++\AppData\Local\Temp\jusched.log --------- 976 
 08.07.2010 10:51    C:\Users\++++\AppData\Local\Temp\WPDNSE --------- 0 
 08.07.2010 10:51    C:\Users\++++\AppData\Local\Temp\AdobeARM.log --------- 1870 
 08.07.2010 01:11    C:\Users\++++\AppData\Local\Temp\516.exe --------- 133632 
 08.07.2010 00:48    C:\Users\++++\AppData\Local\Temp\Low --------- 0 
 08.07.2010 00:39    C:\Users\++++\AppData\Local\Temp\Jcqk_vgn.htm.part --------- 0 
 08.07.2010 00:34    C:\Users\++++\AppData\Local\Temp\125.exe --------- 133632 
 07.07.2010 14:04    C:\Users\++++\AppData\Local\Temp\wmplog01.sqm --------- 1394 
 07.07.2010 14:03    C:\Users\++++\AppData\Local\Temp\wmplog00.sqm --------- 1394 
 07.07.2010 13:05    C:\Users\++++\AppData\Local\Temp\762.exe --------- 133632 
 07.07.2010 12:59    C:\Users\++++\AppData\Local\Temp\886.exe --------- 133632 
----------------------------------------

 
C:\Program Files

 08.07.2010 01:27    C:\Program Files\trend micro --------- 0 
 22.06.2010 22:24    C:\Program Files\Microsoft.NET --------- 0 
 15.06.2010 23:49    C:\Program Files\Java --------- 0 
 10.06.2010 15:00    C:\Program Files\InstallShield Installation Information --------- 4096 
 09.06.2010 21:55    C:\Program Files\Windows Mail --------- 4096 
 28.05.2010 17:33    C:\Program Files\Citrix --------- 0 
 10.05.2010 22:33    C:\Program Files\iPod --------- 0 
 10.05.2010 22:31    C:\Program Files\Bonjour --------- 4096 
 10.05.2010 11:14    C:\Program Files\PSQLINSTALL --------- 0 
 10.05.2010 10:59    C:\Program Files\hminstalllog.txt --------- 66794 
 10.05.2010 10:57    C:\Program Files\PostgreSQL --------- 0 
 09.05.2010 19:52    C:\Program Files\Common Files --------- 4096 
 09.05.2010 19:52    C:\Program Files\Cisco Systems --------- 0 
 21.04.2010 15:03    C:\Program Files\Adobe --------- 0 
 01.04.2010 02:15    C:\Program Files\Windows Portable Devices --------- 0 
 25.03.2010 21:52    C:\Program Files\DivX --------- 0 
 18.03.2010 14:03    C:\Program Files\OpenAL --------- 0 
 15.03.2010 14:23    C:\Program Files\Movie Maker --------- 4096 
 12.03.2010 20:31    C:\Program Files\AGEIA Technologies --------- 8192 
 19.02.2010 18:25    C:\Program Files\Windows Calendar --------- 0 
 19.02.2010 18:24    C:\Program Files\Windows Sidebar --------- 4096 
 19.02.2010 18:24    C:\Program Files\Internet Explorer --------- 4096 
 19.02.2010 18:24    C:\Program Files\Windows Media Player --------- 4096 
 19.02.2010 18:24    C:\Program Files\Windows Collaboration --------- 4096 
 19.02.2010 18:24    C:\Program Files\Windows Journal --------- 4096 
 19.02.2010 18:24    C:\Program Files\Windows Photo Gallery --------- 4096 
 19.02.2010 18:24    C:\Program Files\Windows Defender --------- 4096 
 12.02.2010 11:33    C:\Program Files\Microsoft Works --------- 4096 
 12.02.2010 11:28    C:\Program Files\MSBuild --------- 0 
 12.02.2010 11:28    C:\Program Files\Microsoft Office --------- 4096 
 12.02.2010 11:28    C:\Program Files\Microsoft Visual Studio --------- 0 
 12.02.2010 11:24    C:\Program Files\Microsoft Visual Studio 8 --------- 0 
 10.02.2010 19:01    C:\Program Files\Brother --------- 0 
 09.02.2010 15:56    C:\Program Files\Skype --------- 0 
 09.02.2010 15:42    C:\Program Files\Apple Software Update --------- 4096 
 08.02.2010 23:19    C:\Program Files\Realtek --------- 0 
 08.02.2010 23:16    C:\Program Files\Cisco --------- 0 
 08.02.2010 23:16    C:\Program Files\Intel --------- 0 
 07.02.2010 22:52    C:\Program Files\Temp --------- 0 
 07.02.2010 22:49    C:\Program Files\RALINK --------- 0 
 07.02.2010 22:48    C:\Program Files\DIFX --------- 0 
 05.02.2010 22:10    C:\Program Files\Windows NT --------- 4096 
 05.02.2010 22:10    C:\Program Files\Gemeinsame Dateien --------- 0 
 21.01.2008 04:43    C:\Program Files\desktop.ini --------- 174 
 02.11.2006 15:01    C:\Program Files\Uninstall Information --------- 0 
 02.11.2006 14:37    C:\Program Files\Microsoft Games --------- 4096 
 02.11.2006 14:37    C:\Program Files\Reference Assemblies --------- 0 
----------------------------------------

 
C:\ProgramData\..

++++   
postgres   
Public   
Default   
desktop.ini   
Default User   
All Users   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost
::1            localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0        3.676 K
smss.exe                      452 Services                  0          736 K
csrss.exe                      548 Services                  0        6.408 K
wininit.exe                    600 Services                  0        3.936 K
csrss.exe                      612 Console                    1        24.400 K
services.exe                  644 Services                  0        6.736 K
lsass.exe                      656 Services                  0        8.172 K
lsm.exe                        664 Services                  0        3.992 K
svchost.exe                    796 Services                  0        6.336 K
nvvsvc.exe                    868 Services                  0        3.592 K
svchost.exe                    896 Services                  0        6.908 K
svchost.exe                    932 Services                  0        42.500 K
svchost.exe                    992 Services                  0        12.468 K
svchost.exe                  1020 Services                  0        72.932 K
svchost.exe                  1052 Services                  0        48.652 K
audiodg.exe                  1112 Services                  0        18.904 K
SLsvc.exe                    1152 Services                  0        12.408 K
svchost.exe                  1184 Services                  0        11.748 K
winlogon.exe                  1316 Console                    1        5.716 K
svchost.exe                  1384 Services                  0        14.156 K
wlanext.exe                  1500 Services                  0        14.724 K
brsvc01a.exe                  1536 Services                  0        2.488 K
brss01a.exe                  1552 Services                  0        2.528 K
spoolsv.exe                  1604 Services                  0        12.352 K
sched.exe                    1656 Services                  0        1.596 K
svchost.exe                  1668 Services                  0        15.656 K
nvvsvc.exe                    1908 Console                    1        6.980 K
dwm.exe                        792 Console                    1        3.708 K
taskeng.exe                    940 Console                    1        11.912 K
explorer.exe                  616 Console                    1        50.656 K
taskeng.exe                  2108 Services                  0        5.544 K
avguard.exe                  2252 Services                  0        14.000 K
AppleMobileDeviceService.    2280 Services                  0        3.756 K
MSASCui.exe                  2288 Console                    1        8.948 K
mDNSResponder.exe            2304 Services                  0        4.924 K
RtHDVCpl.exe                  2312 Console                    1        11.456 K
cvpnd.exe                    2336 Services                  0        6.800 K
avgnt.exe                    2344 Console                    1        2.312 K
GrooveMonitor.exe            2376 Console                    1        7.136 K
EvtEng.exe                    2404 Services                  0        15.872 K
svchost.exe                  2620 Services                  0        5.144 K
jusched.exe                  2644 Console                    1        3.580 K
pg_ctl.exe                    2820 Services                  0        6.364 K
iTunesHelper.exe              2860 Console                    1        11.860 K
concentr.exe                  2868 Console                    1        5.712 K
sidebar.exe                  2920 Console                    1        33.880 K
DTLite.exe                    3000 Console                    1        9.204 K
RegSrvc.exe                  3132 Services                  0        4.172 K
postgres.exe                  3152 Services                  0        9.532 K
svchost.exe                  3168 Services                  0        8.456 K
svchost.exe                  3224 Services                  0        1.984 K
SearchIndexer.exe            3244 Services                  0        18.680 K
postgres.exe                  3476 Services                  0        7.048 K
postgres.exe                  3488 Services                  0        6.804 K
postgres.exe                  3496 Services                  0        7.220 K
postgres.exe                  3504 Services                  0        6.540 K
WUDFHost.exe                  3548 Services                  0        4.824 K
wfcrun32.exe                  3572 Console                    1        7.844 K
mobsync.exe                  2616 Console                    1        6.460 K
WmiPrvSE.exe                  464 Services                  0        5.804 K
iPodService.exe              2652 Services                  0        5.192 K
firefox.exe                  3852 Console                    1      109.776 K
plugin-container.exe          556 Console                    1        73.420 K
cmd.exe                      1168 Console                    1        2.996 K
conime.exe                    304 Console                    1        3.340 K
SearchFilterHost.exe          3188 Services                  0        5.096 K
tasklist.exe                  1856 Console                    1        4.664 K
WmiPrvSE.exe                  3200 Services                  0        5.624 K

 
***** Ende des Scans 08.07.2010 um 11:27:40,05 ***
(4) CCleaner

Code:
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        17.03.2010                10.0.45.2
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        15.06.2010                10.1.53.64
Adobe Photoshop CS3        Adobe Systems Incorporated        20.04.2010                10.0
Adobe Reader 9.3.3 - Deutsch        Adobe Systems Incorporated        02.07.2010        245,5MB        9.3.3
Apple Application Support        Apple Inc.        05.04.2010        39,7MB        1.2.1
Apple Mobile Device Support        Apple Inc.        09.05.2010        19,7MB        3.0.1.3
Apple Software Update        Apple Inc.        08.02.2010        2,16MB        2.1.1.116
Avira AntiVir Personal - Free Antivirus        Avira GmbH        07.02.2010        76,4MB       
Azurewave Wireless LAN        RaLink        06.02.2010        1,93MB        1.00.0000
Bonjour        Apple Inc.        09.05.2010        0,76MB        2.0.1.2
Brother MFL-Pro Suite        Brother Industries, Ltd.        09.02.2010        4,92MB        1.00
CCleaner        Piriform        07.07.2010        2,85MB        2.33
Cisco Systems VPN Client 5.0.06.0110        Cisco Systems, Inc.        08.05.2010        12,3MB        5.0.6
Citrix Online Plug-in - Web        Citrix Systems, Inc.        27.05.2010        14,5MB        12.0.0.6410
Cool Hand Poker                12.04.2010        26,5MB        1.0.0.1863
Counter-Strike        Valve        16.03.2010        33,8MB       
Counter-Strike: Source        Valve        19.03.2010        140,4MB       
DivX Codec        DivX, Inc.        16.02.2010        1,57MB        6.9.1
DivX Converter        DivX, Inc.        16.02.2010        45,3MB        7.1.0
DivX Player        DivX, Inc.        16.02.2010        8,43MB        7.2.0
DivX Plus DirectShow Filters        DivX, Inc.        16.02.2010        1,58MB       
DivX Plus Web Player        DivX,Inc.        16.02.2010        8,77MB        2.0.0
DivX-Setup        DivX, Inc.        24.03.2010        1,77MB        1.0.0.450
Dragon Age: Origins        Electronic Arts, Inc.        11.03.2010        18.617,6MB        1.00
GoeMobile - Cisco VPN Client 5.0.06.0110        GoeMobile        08.05.2010        25,5MB        5.0.06.0110
HijackThis 2.0.2        TrendMicro        07.07.2010        0,39MB        2.0.2
Holdem Manager                09.05.2010        90,4MB       
Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        07.02.2010        78,3MB        12.00.0004
iTunes        Apple Inc.        09.05.2010        160,0MB        9.1.1.12
Java(TM) 6 Update 20        Sun Microsystems, Inc.        14.03.2010        95,0MB        6.0.200
K-Lite Mega Codec Pack 5.8.3                24.03.2010        49,6MB        5.8.3
Malwarebytes' Anti-Malware        Malwarebytes Corporation        07.07.2010        3,90MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        12.02.2010        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        09.02.2010        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        21.06.2010        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        21.06.2010        24,5MB        4.0.30319
Microsoft Office Enterprise 2007        Microsoft Corporation        11.02.2010        624,1MB        12.0.6425.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        17.02.2010        0,41MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        07.02.2010        0,58MB        9.0.30729
Mozilla Firefox (3.6)        Mozilla        07.02.2010        27,9MB        3.6 (de)
Mozilla Firefox (3.6.6)        Mozilla        27.06.2010        33,6MB        3.6.6 (de)
No23 Recorder        No23        15.06.2010        2,44MB        2.1.0.3
NVIDIA Drivers        NVIDIA Corporation        06.02.2010        2.654,4MB        1.4
NVIDIA PhysX        NVIDIA Corporation        11.03.2010        119,9MB        9.09.0203
Octoshape add-in for Adobe Flash Player                26.03.2010        2,64MB       
Octoshape Streaming Services                26.03.2010        0,75MB       
OpenAL                17.03.2010        0,75MB       
OpenOffice.org 3.0        OpenOffice.org        11.02.2010        331,8MB        3.0.9379
PokerStars        PokerStars        07.05.2010        62,6MB       
PokerStrategy.com Equilator        PokerStrategy.com        09.06.2010        38,3MB        1.8.1.0
PostgreSQL 8.4        PostgreSQL Global Development Group        09.05.2010        454,5MB        8.4
QuickTime        Apple Inc.        05.04.2010        73,8MB        7.66.71.0
Realtek 8169 8168 8101E 8102E Ethernet Driver        Realtek        07.02.2010        1,67MB        1.00.0000
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        06.02.2010        10,9MB        6.0.1.5898
Skype Toolbars        Skype Technologies S.A.        08.02.2010        5,25MB        1.0.4051
Skype™ 4.1        Skype Technologies S.A.        08.02.2010        31,1MB        4.1.179
Steam        Valve Corporation        16.03.2010        1,49MB        1.0.0.0
VLC media player 1.0.5        VideoLAN Team        05.03.2010        76,1MB        1.0.5
Windows Driver Package - Intel (NETw5v32) net  (04/27/2008 12.0.0.73)        Intel        06.02.2010                04/27/2008 12.0.0.73
Windows Media Player Firefox Plugin        Microsoft Corp        16.03.2010        0,29MB        1.0.0.8
WinRAR                04.06.2010        3,78MB
Weil für die Verwendung von Gmer notwendig ist, die Verbindung zum Internet zu trennen und ich alle aktuell geöffneten Fenster schließen möchte, folgen die weiteren Ergebnisse in einem zweiten Post.


Vielen Dank!

mammamia 08.07.2010 10:56
(5) Wenn ich Gmer herunterlade (ob als .zip oder .exe), sobald ich das Programm starte, lädt er das entsprechende Fenster, scheint dann kurz ein paar Ordner zu durchlaufen und erklärt mir anschließend: "Gmer.exe funktioniert nicht mehr - Windows kann online nach einer Lösung für das Problem suchen [...]". Einen entsprechenden Log kann ich deshalb nicht posten.

(6) RootRepeal

Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/07/08 11:48
Program Version:                Version 1.3.5.0
Windows Version:                Windows Vista SP2
==================================================

Drivers
-------------------
Name: a2ltuhh3.SYS
Image Path: C:\Windows\System32\Drivers\a2ltuhh3.SYS
Address: 0x8A597000        Size: 233472        File Visible: -        Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x807AF000        Size: 286720        File Visible: -        Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8204C000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x909A6000        Size: 294912        File Visible: -        Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x8265F000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82667000        Size: 122880        File Visible: -        Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x982D0000        Size: 311296        File Visible: -        Signed: -
Status: -

Name: avgio.sys
Image Path: D:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0x90606000        Size: 6144        File Visible: -        Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys
Address: 0x902A2000        Size: 81920        File Visible: -        Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x8F3C7000        Size: 114688        File Visible: -        Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x805E7000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x90906000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80488000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9E497000        Size: 102400        File Visible: -        Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x98320000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x90236000        Size: 90112        File Visible: -        Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8A57F000        Size: 98304        File Visible: -        Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D1000        Size: 917504        File Visible: -        Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8A7A1000        Size: 135168        File Visible: -        Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80490000        Size: 266240        File Visible: -        Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8EDD7000        Size: 14208        File Visible: -        Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x807FD000        Size: 10496        File Visible: -        Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x9024C000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8A7C2000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: ctxusbm.sys
Image Path: C:\Windows\system32\DRIVERS\ctxusbm.sys
Address: 0x8F3B3000        Size: 81920        File Visible: -        Signed: -
Status: -

Name: CVPNDRVA.sys
Image Path: C:\Windows\system32\Drivers\CVPNDRVA.sys
Address: 0xA3408000        Size: 589824        File Visible: -        Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8F39C000        Size: 94208        File Visible: -        Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8A790000        Size: 69632        File Visible: -        Signed: -
Status: -

Name: dne2000.sys
Image Path: C:\Windows\system32\DRIVERS\dne2000.sys
Address: 0x8A5DF000        Size: 126592        File Visible: -        Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x908BE000        Size: 151552        File Visible: -        Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90259000        Size: 45056        File Visible: No        Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x90264000        Size: 40960        File Visible: No        Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x9026E000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8E55C000        Size: 659456        File Visible: -        Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8A769000        Size: 159744        File Visible: -        Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x826CF000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8269D000        Size: 204800        File Visible: -        Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x908F6000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8A4F7000        Size: 110592        File Visible: -        Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8EDF9000        Size: 21120        File Visible: -        Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82019000        Size: 208896        File Visible: -        Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x82750000        Size: 577536        File Visible: -        Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x9020B000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x90916000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8A3F6000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x9E40D000        Size: 446464        File Visible: -        Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8EDDB000        Size: 77824        File Visible: -        Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8A5D0000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8EDEE000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x90223000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80400000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8F274000        Size: 172032        File Visible: -        Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x826DF000        Size: 462848        File Visible: -        Signed: -
Status: -

Name: kxldapoc.sys
Image Path: C:\Users\Lars\AppData\Local\Temp\kxldapoc.sys
Address: 0xA35B3000        Size: 93056        File Visible: No        Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x90366000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x90287000        Size: 110592        File Visible: -        Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80407000        Size: 458752        File Visible: -        Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x90278000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8EA00000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x9021B000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8264F000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x9E4B0000        Size: 86016        File Visible: -        Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x9E4C5000        Size: 135168        File Visible: -        Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x9E4E6000        Size: 126976        File Visible: -        Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9E505000        Size: 233472        File Visible: -        Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9E53E000        Size: 98304        File Visible: -        Signed: -
Status: -

Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x82685000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x9095A000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x807F5000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8A37B000        Size: 192512        File Visible: -        Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8A315000        Size: 176128        File Visible: -        Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F29E000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8A75A000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8A20A000        Size: 1093632        File Visible: -        Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8A3EB000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x903A0000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8F207000        Size: 143360        File Visible: -        Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8F2EA000        Size: 69632        File Visible: -        Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x909EE000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8F2FB000        Size: 204800        File Visible: -        Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8A340000        Size: 241664        File Visible: -        Signed: -
Status: -

Name: NETw5v32.sys
Image Path: C:\Windows\system32\DRIVERS\NETw5v32.sys
Address: 0x8EA0E000        Size: 3698688        File Visible: -        Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x90965000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8F392000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8A609000        Size: 1114112        File Visible: -        Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8204C000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x908FF000        Size: 28672        File Visible: -        Signed: -
Status: -

Name: nvBridge.kmd
Image Path: C:\Windows\system32\DRIVERS\nvBridge.kmd
Address: 0x8E55A000        Size: 8192        File Visible: -        Signed: -
Status: -

Name: nvhda32v.sys
Image Path: C:\Windows\system32\drivers\nvhda32v.sys
Address: 0x908E3000        Size: 77824        File Visible: -        Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8DC04000        Size: 9786752        File Visible: -        Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x90376000        Size: 172032        File Visible: -        Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8F32D000        Size: 90112        File Visible: -        Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x805D8000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x805B1000        Size: 159744        File Visible: -        Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x8268F000        Size: 57344        File Visible: -        Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA3498000        Size: 909312        File Visible: -        Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8204C000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x90891000        Size: 184320        File Visible: -        Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80477000        Size: 69632        File Visible: -        Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x90973000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x827DD000        Size: 94208        File Visible: -        Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F22A000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F239000        Size: 81920        File Visible: -        Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8F24D000        Size: 86016        File Visible: -        Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8204C000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8F356000        Size: 245760        File Visible: -        Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x9094A000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x90952000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA35CA000        Size: 49152        File Visible: No        Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x903AA000        Size: 77824        File Visible: -        Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x90608000        Size: 2657344        File Visible: -        Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x8ED95000        Size: 270336        File Visible: -        Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80789000        Size: 155648        File Visible: -        Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA3576000        Size: 40960        File Visible: -        Signed: -
Status: -

Name: serscan.sys
Image Path: C:\Windows\system32\DRIVERS\serscan.sys
Address: 0x8A7F8000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x90992000        Size: 81920        File Visible: -        Signed: -
Status: -

Name: spdk.sys
Image Path: C:\Windows\System32\Drivers\spdk.sys
Address: 0x8068D000        Size: 995328        File Visible: No        Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8A752000        Size: 32768        File Visible: -        Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x902B6000        Size: 720896        File Visible: -        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9E57D000        Size: 319488        File Visible: -        Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9E556000        Size: 159744        File Visible: -        Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9E47A000        Size: 118784        File Visible: -        Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x90600000        Size: 23040        File Visible: -        Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8A3AA000        Size: 266240        File Visible: -        Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F272000        Size: 4992        File Visible: -        Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8A40D000        Size: 958464        File Visible: -        Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA3580000        Size: 49152        File Visible: -        Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8A400000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x9097C000        Size: 90112        File Visible: -        Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8F262000        Size: 65536        File Visible: -        Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x982B0000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8A600000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8A7ED000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F2A8000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x9090D000        Size: 8192        File Visible: -        Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8A570000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8F2B5000        Size: 217088        File Visible: -        Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8A532000        Size: 253952        File Visible: -        Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8F3E3000        Size: 86016        File Visible: -        Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8A527000        Size: 45056        File Visible: -        Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x9091D000        Size: 49152        File Visible: -        Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x90929000        Size: 135168        File Visible: -        Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x805F1000        Size: 61440        File Visible: -        Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82605000        Size: 303104        File Visible: -        Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8A719000        Size: 233472        File Visible: -        Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8F343000        Size: 77824        File Visible: -        Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8A51B000        Size: 49152        File Visible: -        Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80604000        Size: 507904        File Visible: -        Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x80680000        Size: 53248        File Visible: -        Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x98090000        Size: 2109440        File Visible: -        Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x98090000        Size: 2109440        File Visible: -        Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8A512000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x80780000        Size: 36864        File Visible: -        Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8204C000        Size: 3903488        File Visible: -        Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xA35A1000        Size: 73728        File Visible: -        Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xA358C000        Size: 83328        File Visible: -        Signed: -
Status: -

Name: x10ufx2.sys
Image Path: C:\Windows\System32\Drivers\x10ufx2.sys
Address: 0x9022C000        Size: 40960        File Visible: -        Signed: -
Status: -
Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/07/08 11:48
Program Version:                Version 1.3.5.0
Windows Version:                Windows Vista SP2
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System        Address: 0x8552c1f8        Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System        Address: 0x8552a1f8        Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System        Address: 0x8552a1f8        Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8552a1f8        Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8552a1f8        Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System        Address: 0x8552a1f8        Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8552a1f8        Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System        Address: 0x8552a1f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System        Address: 0x864991f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_CREATE]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_CLOSE]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_READ]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_WRITE]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_POWER]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: USBSTOR￿Ѝ摍, IRP_MJ_PNP]
Process: System        Address: 0x8fe941f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System        Address: 0x864a11f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System        Address: 0x864a11f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x864a11f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x864a11f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System        Address: 0x864a11f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x864a11f8        Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System        Address: 0x864a11f8        Size: 121

Object: Hidden Code [Driver: a2ltuhh3Ї灓摴, IRP_MJ_CREATE]
Process: System        Address: 0x865dc1f8        Size: 121

Object: Hidden Code [Driver: a2ltuhh3Ї灓摴, IRP_MJ_CLOSE]
Process: System        Address: 0x865dc1f8        Size: 121

Object: Hidden Code [Driver: a2ltuhh3Ї灓摴, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x865dc1f8        Size: 121

Object: Hidden Code [Driver: a2ltuhh3Ї灓摴, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x865dc1f8        Size: 121

Object: Hidden Code [Driver: a2ltuhh3Ї灓摴, IRP_MJ_POWER]
Process: System        Address: 0x865dc1f8        Size: 121

Object: Hidden Code [Driver: a2ltuhh3Ї灓摴, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x865dc1f8        Size: 121

Object: Hidden Code [Driver: a2ltuhh3Ї灓摴, IRP_MJ_PNP]
Process: System        Address: 0x865dc1f8        Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System        Address: 0x8f501500        Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System        Address: 0x8f501500        Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8f501500        Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8f501500        Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System        Address: 0x8f501500        Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System        Address: 0x8f501500        Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System        Address: 0x8f4bb500        Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System        Address: 0x8f4bb500        Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8f4bb500        Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8f4bb500        Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System        Address: 0x8f4bb500        Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System        Address: 0x8f4bb500        Size: 121

Object: Hidden Code [Driver: iScsiPrtЃ浍楓瑠赔, IRP_MJ_CREATE]
Process: System        Address: 0x8663c1f8        Size: 121

Object: Hidden Code [Driver: iScsiPrtЃ浍楓瑠赔, IRP_MJ_CLOSE]
Process: System        Address: 0x8663c1f8        Size: 121

Object: Hidden Code [Driver: iScsiPrtЃ浍楓瑠赔, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8663c1f8        Size: 121

Object: Hidden Code [Driver: iScsiPrtЃ浍楓瑠赔, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8663c1f8        Size: 121

Object: Hidden Code [Driver: iScsiPrtЃ浍楓瑠赔, IRP_MJ_POWER]
Process: System        Address: 0x8663c1f8        Size: 121

Object: Hidden Code [Driver: iScsiPrtЃ浍楓瑠赔, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8663c1f8        Size: 121

Object: Hidden Code [Driver: iScsiPrtЃ浍楓瑠赔, IRP_MJ_PNP]
Process: System        Address: 0x8663c1f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System        Address: 0x855281f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System        Address: 0x864ea1f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System        Address: 0x864ea1f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x864ea1f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x864ea1f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System        Address: 0x864ea1f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x864ea1f8        Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System        Address: 0x864ea1f8        Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System        Address: 0x8552b1f8        Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8552b1f8        Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System        Address: 0x8552b1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_CREATE]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_CREATE_NAMED_PIPE]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_CLOSE]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_READ]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_WRITE]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_QUERY_EA]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_SET_EA]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_CLEANUP]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_CREATE_MAILSLOT]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_QUERY_SECURITY]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_SET_SECURITY]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_POWER]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_SYSTEM_CONTROL]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_DEVICE_CHANGE]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_QUERY_QUOTA]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_SET_QUOTA]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: mrxsmb챠薎І晖呁잀饜, IRP_MJ_PNP]
Process: System        Address: 0x8645a1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_CREATE]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_CLOSE]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_READ]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_WRITE]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_DEVICE_CONTROL]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_SHUTDOWN]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_LOCK_CONTROL]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_CLEANUP]
Process: System        Address: 0x8644e1f8        Size: 121

Object: Hidden Code [Driver: cdfsЍ䵆汳`䡌赝䡌赝돠蘴䠠赝퍠艫, IRP_MJ_PNP]
Process: System        Address: 0x8644e1f8        Size: 121
Hidden Services wurden nicht gefunden.


Vielen Dank!

kira 09.07.2010 05:57
hi

Reinigung und Systemprüfung :

1.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren (Ordnerinhalt markieren-> löschen)
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind, nicht löschbar, also versuche es bitte nicht mit "Gewalt"!.
c:\windows\temp
- anschließend den Papierkorb leeren

2.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

3.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.

→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ InternetoptionenSicherheit":
→ alles auf Standardstufe stellen
Active X erlauben - damit die neue Virendefinitionen installiert werden können

mammamia 10.07.2010 05:27
(1) Die temporären Dateien sind gelöscht.

(2) Durch CCleaner wurden alle Fehler behoben.

(3) Das Ergebnis-Protokoll von SUPERAntiSpyware ist folgendes:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/09/2010 at 06:08 PM

Application Version : 4.40.1002

Core Rules Database Version : 5177
Trace Rules Database Version: 2989

Scan type      : Complete Scan
Total Scan Time : 00:35:02

Memory items scanned      : 710
Memory threats detected  : 0
Registry items scanned    : 8928
Registry threats detected : 1
File items scanned        : 29193
File threats detected    : 1

Malware.Trace
        HKU\S-1-5-21-6710304-3433624121-992636011-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Trojan.Unclassified/Loader-Suspicious
        D:\RVG SOFTWARE\HOLDEM MANAGER\LOADER.EXE
(4) Der Kaspersky-Scan ist durchgelaufen. Der Report ist dieser hier:

Code:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Friday, July 9, 2010
 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Friday, July 09, 2010 12:38:57
 Records in database: 4242247
--------------------------------------------------------------------------------

Scan settings:
        scan using the following database: extended
        Scan archives: yes
        Scan e-mail databases: yes

Scan area - My Computer:
        C:\
        D:\
        E:\
        F:\
        G:\
        H:\

Scan statistics:
        Objects scanned: 183548
        Threats found: 5
        Infected objects found: 5
        Suspicious objects found: 0
        Scan duration: 02:54:54


File name / Threat / Threats count
C:\Users\++++\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@APPDIR@\DBControlPanel.exe        Infected: Backdoor.Win32.Poison.awex        1
C:\Users\++++\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe        Infected: Backdoor.Win32.Poison.awgh        1
C:\Users\++++\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe        Infected: Backdoor.Win32.Poison.awgg        1
C:\Users\++++\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5473416c-11d200de        Infected: Exploit.Java.Agent.f        1
D:\Eigene Dateien\Poker\Alles\Dokumente, Hände etc\Theorie\Verschiedenes\Bücher\40 Poker EBooks\40PS_EBKS\HoldemIndicatorSetup.exe        Infected: Trojan-Downloader.Win32.Genome.evm        1

Selected area has been scanned.

Vielen Dank!

kira 10.07.2010 07:23
hi

weiterhin alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.

1.
- Malware-Scan mit a-squared Free [/color][/b]
- Ohne Hintergrundwächter durchsucht a-squared den Computer auf div. schädlichen Programmen.
- Also lade a-squared Free von Emsisoft herunter
- Update das Programm und lass dein rechner komplett scannen
- Am Ende des Scans alle Funde löschen lassen und über den Button "Bericht speichern" das Log speichern und hier in den Thread posten.

2.
Führe dann einen Komplett-Systemcheck mit Nod32 - die Scanergebnis als *.txt Dateien speichern)
- (ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

** Wie ist den aktuellen Zustand des Rechners?


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131