Hallo, erstmal vielen Dank, dass du dich meiner annimmst.
Die mpx.exe hab ich ja leider schon gelöscht (s. Eröffnungspost). Beim Rechtsklicken der mpxu.exe sehe ich nur vier Reiter (Allgemein, Kompatibilität, Sicherheit, Dateiinfo). Unter Dateiinfo stehen zwar die Eigenschaften, wie Quelle, Autor..., aber keine Werte dahinter.
Hier nun der Virustotal Scan:
Code:
Datei mpxu.exe empfangen 2008.07.13 13:50:17 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.11.0 2008.07.11 Win-Trojan/3proxy.41984
AntiVir 7.8.0.64 2008.07.11 -
Authentium 5.1.0.4 2008.07.13 W32/Heuristic-324!Eldorado
Avast 4.8.1195.0 2008.07.13 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.12 -
BitDefender 7.2 2008.07.13 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.13 -
DrWeb 4.44.0.09170 2008.07.12 -
eSafe 7.0.17.0 2008.07.10 Suspicious File
eTrust-Vet 31.6.5949 2008.07.12 -
Ewido 4.0 2008.07.13 -
F-Prot 4.4.4.56 2008.07.13 W32/Heuristic-324!Eldorado
F-Secure 7.60.13501.0 2008.07.12 -
Fortinet 3.14.0.0 2008.07.13 -
GData 2.0.7306.1023 2008.07.13 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.07.13 Virus.Win32.Trojan
Kaspersky 7.0.0.125 2008.07.13 -
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.13 -
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.13 Suspicious file
Prevx1 V2 2008.07.13 Suspicious
Rising 20.52.62.00 2008.07.13 -
Sophos 4.31.0 2008.07.13 -
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.13 -
TheHacker 6.2.96.378 2008.07.13 -
TrendMicro 8.700.0.1004 2008.07.11 PAK_Generic.001
VBA32 3.12.6.9 2008.07.12 Trojan.Proxy.2685
VirusBuster 4.5.11.0 2008.07.12 -
Webwasher-Gateway 6.6.2 2008.07.11 -
weitere Informationen
File size: 18944 bytes
MD5...: 5d3f13453574a7730f29fe3f85a0b669
SHA1..: f41908e13b42948b9aee52d9c0fe749f810a96c4
SHA256: af2613d843927bdffa9c5ec3585089926def9b17c72b8967e051a1e349dcf97f
SHA512: 294aa2bcbe9d1b4caf8df4a9f5129581130765016668b783ae54b2d6e3fd6f26<br>35a76f7118770725d3e2f9d415511484a5686f1ef8c4b3f8481f62e3734691eb
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40f440<br>timedatestamp.....: 0x4785396f (Wed Jan 09 21:15:27 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xb000 0x5000 0x4600 7.90 17133d64e9304173a5c63e31b799fcee<br>UPX2 0x10000 0x1000 0x200 2.23 eb567ced00d0780a781d0b29cf40d3e5<br><br>( 3 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> msvcrt.dll: _iob<br>> WS2_32.DLL: bind<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=C1CD43A200A897514AA90012B452B800C4EC7E5C
packers (Kaspersky): PE_Patch.UPX, UPX
packers (Authentium): UPX
packers (F-Prot): UPX
Nun das SDFix Log
Code:
SDFix: Version 1.205
Run by Christian on 13.07.2008 at 14:16
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOKUME~1\CHRIST~1\Desktop\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\atmadm2.exe.bat - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\vista_sp1.exe.bat - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\software.php - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\software.php.bat - Deleted
C:\WINDOWS\yeTyezzd.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 14:28:06
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:da,f2,e9,12,d4,e3,0f,6d,c4,e7,6e,8a,91,89,ec,1d,66,e4,59,c4,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,29,7b,79,25,f4,34,fd,e4,5d,37,54,b8,3f,47,31,8a,..
"khjeh"=hex:fb,0c,17,6d,cb,60,7d,10,0e,db,03,4d,57,29,fd,56,07,cf,f7,cc,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,ec,8b,e4,bd,d5,5b,52,4a,24,3e,18,38,b5,78,b4,7b,6c,03,57,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF\0000]
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:da,f2,e9,12,d4,e3,0f,6d,c4,e7,6e,8a,91,89,ec,1d,66,e4,59,c4,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,29,7b,79,25,f4,34,fd,e4,5d,37,54,b8,3f,47,31,8a,..
"khjeh"=hex:fb,0c,17,6d,cb,60,7d,10,0e,db,03,4d,57,29,fd,56,07,cf,f7,cc,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,ec,8b,e4,bd,d5,5b,52,4a,24,3e,18,38,b5,78,b4,7b,6c,03,57,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000]
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b6cbf4c1
"s2"=dword:18ce0bae
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:da,f2,e9,12,d4,e3,0f,6d,c4,e7,6e,8a,91,89,ec,1d,66,e4,59,c4,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,29,7b,79,25,f4,34,fd,e4,5d,37,54,b8,3f,47,31,8a,..
"khjeh"=hex:fb,0c,17,6d,cb,60,7d,10,0e,db,03,4d,57,29,fd,56,07,cf,f7,cc,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,ec,8b,e4,bd,d5,5b,52,4a,24,3e,18,38,b5,78,b4,7b,6c,03,57,e4,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\BitBeamer\\bitbeamer.exe"="C:\\Programme\\BitBeamer\\bitbeamer.exe:*:Enabled:BitBeamer"
"C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe"="C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Programme\\Kazaa Lite\\clean.kmd"="C:\\Programme\\Kazaa Lite\\clean.kmd:*:Enabled:clean"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Programme\\Miranda IM\\miranda32.exe"="C:\\Programme\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Zero Hour\\game.dat"="D:\\Zero Hour\\game.dat:*:Enabled:game"
"C:\\Programme\\DVD2one V2\\dvd2one2.exe"="File \"e:\\progz\\dvd2one.v2.0.3.crack-snd.by.chingliu\\crack-snd\\dvd2one2.exe:*:Enabled:dvd2one2\" does not exist."
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\mIRC\\mirc.exe"="C:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programme\\GigaByte\\VGA Utility Manager\\G-vga.exe"="C:\\Programme\\GigaByte\\VGA Utility Manager\\G-vga.exe:*:Enabled:Menu"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Programme\\mIRC Zocken\\mirc.exe"="C:\\Programme\\mIRC Zocken\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\mIRC Zock\\mirc.exe"="C:\\Programme\\mIRC Zock\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Programme\\SimpleCenter\\Home Media Server.exe"="C:\\Programme\\SimpleCenter\\Home Media Server.exe:*:Enabled:Home Media Server"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\Steam\\steamapps\\ziegl-air@web.de\\counter-strike\\hl.exe"="D:\\Steam\\steamapps\\ziegl-air@web.de\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\mpxu.exe"="C:\\WINDOWS\\system32\\mpxu.exe:*:Enabled:mpxu"
"C:\\Programme\\HLSW\\hlsw.exe"="C:\\Programme\\HLSW\\hlsw.exe:*:Enabled:MFC-Anwendung HLSW"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
Remaining Files :
File Backups: - C:\DOKUME~1\CHRIST~1\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Programme\Windows Media Player\mplayer2.exe"
Wed 11 Aug 2004 73,728 A.SH. --- "C:\Programme\Windows Media Player\wmplayer.exe"
Sun 20 Feb 2005 56 A.SHR --- "C:\WINDOWS\system32\E83243BDF3.sys"
Sun 20 Feb 2005 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 17 Dec 2005 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Wed 13 Dec 2006 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Fri 23 May 2008 61,952 ...H. --- "C:\Dokumente und Einstellungen\Christian\Desktop\Diplomarbeit BBP\~WRL0003.tmp"
Tue 13 May 2008 46,592 ...H. --- "C:\Dokumente und Einstellungen\Christian\Desktop\Diplomarbeit BBP\~WRL0087.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT5.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\851ec77bad9deffe5a3e6f29ba9e9716\BIT3.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT4.tmp"
Wed 28 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BIT3.tmp"
Finished!
Nun die Logs von Deckards
Code:
SDFix: Version 1.205
Run by Christian on 13.07.2008 at 14:16
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOKUME~1\CHRIST~1\Desktop\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\atmadm2.exe.bat - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\bindsrv2.exe.bat - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\vista_sp1.exe.bat - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\software.php - Deleted
C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\software.php.bat - Deleted
C:\WINDOWS\yeTyezzd.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 14:28:06
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:da,f2,e9,12,d4,e3,0f,6d,c4,e7,6e,8a,91,89,ec,1d,66,e4,59,c4,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,29,7b,79,25,f4,34,fd,e4,5d,37,54,b8,3f,47,31,8a,..
"khjeh"=hex:fb,0c,17,6d,cb,60,7d,10,0e,db,03,4d,57,29,fd,56,07,cf,f7,cc,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,ec,8b,e4,bd,d5,5b,52,4a,24,3e,18,38,b5,78,b4,7b,6c,03,57,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF\0000]
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:da,f2,e9,12,d4,e3,0f,6d,c4,e7,6e,8a,91,89,ec,1d,66,e4,59,c4,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,29,7b,79,25,f4,34,fd,e4,5d,37,54,b8,3f,47,31,8a,..
"khjeh"=hex:fb,0c,17,6d,cb,60,7d,10,0e,db,03,4d,57,29,fd,56,07,cf,f7,cc,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,ec,8b,e4,bd,d5,5b,52,4a,24,3e,18,38,b5,78,b4,7b,6c,03,57,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000]
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b6cbf4c1
"s2"=dword:18ce0bae
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programme\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:da,f2,e9,12,d4,e3,0f,6d,c4,e7,6e,8a,91,89,ec,1d,66,e4,59,c4,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,04,29,7b,79,25,f4,34,fd,e4,5d,37,54,b8,3f,47,31,8a,..
"khjeh"=hex:fb,0c,17,6d,cb,60,7d,10,0e,db,03,4d,57,29,fd,56,07,cf,f7,cc,59,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e2,ec,8b,e4,bd,d5,5b,52,4a,24,3e,18,38,b5,78,b4,7b,6c,03,57,e4,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\BitBeamer\\bitbeamer.exe"="C:\\Programme\\BitBeamer\\bitbeamer.exe:*:Enabled:BitBeamer"
"C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe"="C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Programme\\Kazaa Lite\\clean.kmd"="C:\\Programme\\Kazaa Lite\\clean.kmd:*:Enabled:clean"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Programme\\Miranda IM\\miranda32.exe"="C:\\Programme\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Zero Hour\\game.dat"="D:\\Zero Hour\\game.dat:*:Enabled:game"
"C:\\Programme\\DVD2one V2\\dvd2one2.exe"="File \"e:\\progz\\dvd2one.v2.0.3.crack-snd.by.chingliu\\crack-snd\\dvd2one2.exe:*:Enabled:dvd2one2\" does not exist."
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\mIRC\\mirc.exe"="C:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programme\\GigaByte\\VGA Utility Manager\\G-vga.exe"="C:\\Programme\\GigaByte\\VGA Utility Manager\\G-vga.exe:*:Enabled:Menu"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Programme\\mIRC Zocken\\mirc.exe"="C:\\Programme\\mIRC Zocken\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\mIRC Zock\\mirc.exe"="C:\\Programme\\mIRC Zock\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Programme\\SimpleCenter\\Home Media Server.exe"="C:\\Programme\\SimpleCenter\\Home Media Server.exe:*:Enabled:Home Media Server"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\Steam\\steamapps\\ziegl-air@web.de\\counter-strike\\hl.exe"="D:\\Steam\\steamapps\\ziegl-air@web.de\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\mpxu.exe"="C:\\WINDOWS\\system32\\mpxu.exe:*:Enabled:mpxu"
"C:\\Programme\\HLSW\\hlsw.exe"="C:\\Programme\\HLSW\\hlsw.exe:*:Enabled:MFC-Anwendung HLSW"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
Remaining Files :
File Backups: - C:\DOKUME~1\CHRIST~1\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Programme\Windows Media Player\mplayer2.exe"
Wed 11 Aug 2004 73,728 A.SH. --- "C:\Programme\Windows Media Player\wmplayer.exe"
Sun 20 Feb 2005 56 A.SHR --- "C:\WINDOWS\system32\E83243BDF3.sys"
Sun 20 Feb 2005 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 17 Dec 2005 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Wed 13 Dec 2006 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Fri 23 May 2008 61,952 ...H. --- "C:\Dokumente und Einstellungen\Christian\Desktop\Diplomarbeit BBP\~WRL0003.tmp"
Tue 13 May 2008 46,592 ...H. --- "C:\Dokumente und Einstellungen\Christian\Desktop\Diplomarbeit BBP\~WRL0087.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT5.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\851ec77bad9deffe5a3e6f29ba9e9716\BIT3.tmp"
Thu 15 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT4.tmp"
Wed 28 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BIT3.tmp"
Finished!
Code:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German
CPU 0: AMD Athlon(tm) XP 2200+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.48 MiB / 587.71 MiB
Pagefile Memory (total/avail): 1694.66 MiB / 1183.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.47 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 20 GiB total, 4.91 GiB free.
D: is Fixed (NTFS) - 56.68 GiB total, 29.3 GiB free.
E: is Fixed (NTFS) - 172.56 GiB total, 2.94 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (FAT)
I: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - IC35L080AVVA07-0 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 20 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 56.68 GiB - D:
\\.\PHYSICALDRIVE1 - IC35L180AVV207-1 - 172.56 GiB - 1 partition
\PARTITION0 - Verwaltung logischer Datenträger - 172.56 GiB - E:
\\.\PHYSICALDRIVE2 - SWISSBIT Twist USB Device - 117.66 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 121.23 MiB - H:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before download.
Windows Internal Firewall is enabled.
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\BitBeamer\\bitbeamer.exe"="C:\\Programme\\BitBeamer\\bitbeamer.exe:*:Enabled:BitBeamer"
"C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe"="C:\\Programme\\Java\\j2re1.4.2_06\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Programme\\Kazaa Lite\\clean.kmd"="C:\\Programme\\Kazaa Lite\\clean.kmd:*:Enabled:clean"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Programme\\Miranda IM\\miranda32.exe"="C:\\Programme\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Zero Hour\\game.dat"="D:\\Zero Hour\\game.dat:*:Enabled:game"
"C:\\Programme\\DVD2one V2\\dvd2one2.exe"="File \\"e:\\progz\\dvd2one.v2.0.3.crack-snd.by.chingliu\\crack-snd\\dvd2one2.exe:*:Enabled:dvd2one2\\" does not exist."
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\mIRC\\mirc.exe"="C:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Programme\\Roxio\\WinOnCD 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Programme\\GigaByte\\VGA Utility Manager\\G-vga.exe"="C:\\Programme\\GigaByte\\VGA Utility Manager\\G-vga.exe:*:Enabled:Menu"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Programme\\mIRC Zocken\\mirc.exe"="C:\\Programme\\mIRC Zocken\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\mIRC Zock\\mirc.exe"="C:\\Programme\\mIRC Zock\\mirc.exe:*:Enabled:mIRC"
"C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Programme\\SimpleCenter\\Home Media Server.exe"="C:\\Programme\\SimpleCenter\\Home Media Server.exe:*:Enabled:Home Media Server"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"D:\\Steam\\steamapps\\ziegl-air@web.de\\counter-strike\\hl.exe"="D:\\Steam\\steamapps\\ziegl-air@web.de\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\mpxu.exe"="C:\\WINDOWS\\system32\\mpxu.exe:*:Enabled:mpxu"
"C:\\Programme\\HLSW\\hlsw.exe"="C:\\Programme\\HLSW\\hlsw.exe:*:Enabled:MFC-Anwendung HLSW"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Christian\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=ZIG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Christian
LOGONSERVER=\\ZIG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Programme\PC Connectivity Solution;C:\Programme\QuickTime\QTSystem;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared;C:\Programme\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Programme\Gemeinsame Dateien\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp
USERDOMAIN=ZIG
USERNAME=Christian
USERPROFILE=C:\Dokumente und Einstellungen\Christian
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Christian (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AFPL Ghostscript 8.53 --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ASUS Display Drivers --> C:\WINDOWS\anvunis.exe
µTorrent --> "C:\Programme\uTorrent\uTorrent.exe" /UNINSTALL
Avira AntiVir Personal – Free Antivirus --> C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BootSkin --> C:\PROGRA~1\Stardock\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\BootSkin\INSTALL.LOG
briblo Screen Saver --> C:\WINDOWS\system32\briblo.scr /u
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CDex extraction audio --> "C:\Programme\CDex_150\uninstall.exe"
Cisco Systems VPN Client 5.0.02.0090 --> MsiExec.exe /X{871DF2BE-41D2-4334-AC33-839AF16FC8FE}
Command & Conquer(TM) Generäle --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and Conquer(TM) Generäle Die Stunde Null --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Counter-Strike --> "D:\Steam\steam.exe" steam://uninstall/10
D-Link AirPlus G+ Wireless Adapter Utility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A2F67EA3-0721-4E0D-A7B9-AE8F321303AF}\Setup.exe" -l0x9
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Pro Trial --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DSL-Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7
eMule --> "C:\Programme\eMule\Uninstall.exe"
EPoX Unified System Diagnostic Manager (USDM) --> "C:\Programme\EPoX\USDM\SETUP.EXE" "-UNINSTALL"
FLIQLO Screen Saver --> C:\WINDOWS\system32\FLIQLO.scr /u
forteManager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1883A84D-94AA-432C-9519-FA31B6B118B9}\setup.exe" -l0x7 -removeonly
Foxit Reader --> C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
FreePDF XP (Remove only) --> C:\Programme\FreePDF_XP\fpsetup.exe /r
HDX4 Player --> MsiExec.exe /X{288F9827-B2B7-4126-A3FB-9CF7BF29932C}
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.2.1.2 --> "C:\Programme\HLSW\unins000.exe"
HP Foto- und Bildbearbeitung 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Foto und Bildbearbeitung 2.0 - hp psc 1100 series --> C:\Programme\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1100 series --> MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
hp psc 1100 series --> rundll32 hpzcon07.dll,VendorJettison hp psc 1100 series
ICQ 5 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Programme\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.15) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.41 --> C:\Programme\Mp3tag\Mp3tagUninstall.EXE
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyPhoneExplorer --> C:\Programme\MyPhoneExplorer\uninstall.exe
Native Instruments Traktor DJ Studio 3 --> C:\PROGRA~1\NATIVE~1\TRAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\TRAKTO~1\INSTALL.LOG
NfoDiz 5.0 --> C:\PROGRA~1\NfoDiz\UNWISE.EXE C:\PROGRA~1\NfoDiz\INSTALL.LOG
Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Programme\NimoCodec Pack\uninstall.exe"
Nokia NSeries Multimedia Player --> MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
PerfectDisk 2008 Professional --> MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio --> Alcrmv.exe -r -m
RedMon - Redirection Port Monitor --> C:\WINDOWS\system32\unredmon.exe
Roxio WinOnCD 8 --> MsiExec.exe /I{61B1952A-6270-4B62-BA79-7A9C6FFFEE21}
SDK --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spyware Doctor 5.5 --> C:\Programme\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sun ODF Plugin for Microsoft Office 1.1 --> MsiExec.exe /X{8A3F2D6B-8347-4A5A-A398-F4DDBC6CB380}
System Requirements Lab --> C:\Programme\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> C:\Programme\Teamspeak2_RC2\unins000.exe
Total Video Converter 3.11 --> "C:\Programme\Total Video Converter\unins000.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Twingly Screensaver --> MsiExec.exe /I{EB711BC7-0FDF-460C-A00C-DF8E5E996037}
USB-MusicStick 250 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{30F1A87C-CA9C-45F6-BB72-5315D60A073F}\Setup.exe" -l0x9
Ventrilo --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Bus Master Ultra ATA Driver (Remove) --> RunDll32 VIAIDECO.dll,UninstallIDE
VIA Platform Device Manager --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VideoLAN VLC media player 0.8.6f --> C:\Programme\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Programme\Winamp\UninstWA.exe"
Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR --> C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
-- Application Event Log -------------------------------------------------------
Event Record #/Type15280 / Success
Event Submitted/Written: 07/13/2008 02:24:32 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Der Adobe Active File-Monitor-Service wurde gestartet.
Event Record #/Type15272 / Success
Event Submitted/Written: 07/13/2008 01:32:01 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Der Adobe Active File-Monitor-Service wurde gestartet.
Event Record #/Type15261 / Success
Event Submitted/Written: 07/12/2008 00:35:03 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Der Adobe Active File-Monitor-Service wurde gestartet.
Event Record #/Type15253 / Success
Event Submitted/Written: 07/12/2008 00:30:10 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Der Adobe Active File-Monitor-Service wurde gestartet.
Event Record #/Type15245 / Success
Event Submitted/Written: 07/12/2008 00:23:01 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Der Adobe Active File-Monitor-Service wurde gestartet.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type88727 / Error
Event Submitted/Written: 07/13/2008 02:25:35 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ShldDrv
ViaIde
Event Record #/Type88726 / Error
Event Submitted/Written: 07/13/2008 02:25:19 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Panda Process Protection Service" wurde mit folgendem Fehler beendet:
%%31
Event Record #/Type88725 / Error
Event Submitted/Written: 07/13/2008 02:25:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "Panda Process Protection Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Event Record #/Type88718 / Error
Event Submitted/Written: 07/13/2008 02:09:10 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
AmdK7
ANVIOCTL
avgio
avipbb
Fips
IPSec
MRxSmb
NetBIOS
NetBT
prodrv06
RasAcd
Rdbss
RxFilter
ShldDrv
ssmdrv
Tcpip
ViaIde
Event Record #/Type88717 / Error
Event Submitted/Written: 07/13/2008 02:09:10 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
-- End of Deckard's System Scanner: finished at 2008-07-13 14:42:24 ------------
Leider seh ich grade, dass ich bei Schritt 3 vergessen Habe zu HJT laufen zu lassen 
Habe es jetzt am Ende gemacht. Hier der Log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:44, on 13.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\PerfectDisk2008finish\PD91Agent.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\EPOX\USDM\USDM.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Portrait Displays\forteManager\DTHtml.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\gammacontrol1031\Gammacontrol.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {e5ca8e27-f8cb-4fa9-39d4-faeb1182bcdd} - {ddcb2811-beaf-4d93-9af4-bc8f72e8ac5e} - (no file)
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Programme\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DT LGE] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinBooter] C:\Dokumente und Einstellungen\Christian\Desktop\BootTimer.exe /run
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Gammacontrol] "C:\Programme\gammacontrol1031\Gammacontrol.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5352512F-A2B8-4EE6-886C-5F7272E3BE34}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD58D6FA-016B-4EC2-AEA2-85DB9F1AC42E}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efcARkIB - efcARkIB.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programme\PerfectDisk2008finish\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programme\PerfectDisk2008finish\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
--
End of file - 8861 bytes
Huch 
Hier die main.txt
Code:
Deckard's System Scanner v20071014.68
Run by Christian on 2008-07-13 14:38:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
28: 2008-07-13 12:38:31 UTC - RP321 - Deckard's System Scanner Restore Point
27: 2008-07-11 13:56:48 UTC - RP320 - Avira AntiVir Personal - 11.07.2008 15:56
26: 2008-07-11 01:34:35 UTC - RP319 - Last known good configuration
25: 2008-07-11 01:34:29 UTC - RP318 - Java(TM) 6 Update 7 wird installiert
24: 2008-07-11 01:34:29 UTC - RP317 - Revo Uninstaller's restore point - DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.2.5
-- First Restore Point --
1: 2008-07-11 01:34:25 UTC - RP294 - Installed Driver Detective
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Christian.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:49, on 13.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\PerfectDisk2008finish\PD91Agent.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\EPOX\USDM\USDM.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Portrait Displays\forteManager\DTHtml.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\gammacontrol1031\Gammacontrol.exe
C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Christian\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Christian.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {e5ca8e27-f8cb-4fa9-39d4-faeb1182bcdd} - {ddcb2811-beaf-4d93-9af4-bc8f72e8ac5e} - (no file)
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [EPoXUSDM] "C:\Programme\EPOX\USDM\USDM.EXE" "5000"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Programme\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DT LGE] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinBooter] C:\Dokumente und Einstellungen\Christian\Desktop\BootTimer.exe /run
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Gammacontrol] "C:\Programme\gammacontrol1031\Gammacontrol.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5352512F-A2B8-4EE6-886C-5F7272E3BE34}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD58D6FA-016B-4EC2-AEA2-85DB9F1AC42E}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efcARkIB - efcARkIB.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programme\PerfectDisk2008finish\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programme\PerfectDisk2008finish\PD91Engine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
--
End of file - 8822 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080712-151023-550 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
-- File Associations -----------------------------------------------------------
.scr - scrfile - shell\open\command - "%1" %*
.txt - Nfodiz.Document - DefaultIcon - C:\PROGRA~1\NfoDiz\Nfodiz.exe,0
.txt - Nfodiz.Document - shell\open\command - notepad.exe %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 ANVIOCTL - c:\windows\system32\drivers\anvioctl.sys <Not Verified; ASUSTeK; ASUS VGA Driver for Windows 2000/XP>
R1 ANVOSDNT (ASUS Keyboard Filter Driver) - c:\windows\system32\drivers\anvosdnt.sys <Not Verified; ASUS; ASUS keyboard filter driver>
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 SSHDRV61 - c:\windows\system32\drivers\sshdrv61.sys
R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 EPoXUSDM - c:\windows\system32\drivers\epoxusdm.sys
R2 mapmem - c:\windows\system32\drivers\mapmem.sys <Not Verified; EPoX Inc.; USDM Driver>
R2 portio - c:\windows\system32\drivers\portio.sys <Not Verified; Epox Inc.; USDM>
R3 catchme - c:\dokume~1\christ~1\lokale~1\temp\catchme.sys (file missing)
R3 TSMPacket (DSL-Manager Service) - c:\windows\system32\drivers\tsmpkt.sys <Not Verified; T-Systems; T-DSL Manager>
S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shldrv51.sys (file missing)
S2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys (file missing)
S3 ausens - c:\windows\system32\drivers\ausens.sys <Not Verified; Sensaura Ltd; >
S3 dtwmnic5 (Telekom Eumex 704PC LAN) - c:\windows\system32\drivers\dtwmnic5.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GPCIDrv - c:\windows\gpcidrv.sys
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 GVTDrv - c:\windows\system32\drivers\gvtdrv.sys
S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver>
S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver>
S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem>
S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management>
S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
S3 StMp3Rec (Treiber für Player-Wiederherstellungsgerät) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; Generic; Generic MP3 Player>
S3 uafilter - c:\windows\system32\drivers\uafilter.sys <Not Verified; SONIX Technology Co., LTD; USB AUDIO FILTER DRIVER>
S3 upperdev - c:\windows\system32\drivers\usbser_lowerflt.sys (file missing)
S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys (file missing)
S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys (file missing)
S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys (file missing)
S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys (file missing)
S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Asset Management Daemon - c:\programme\gemeinsame dateien\portrait displays\plugins\am\dtsslsrv.exe
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\programme\gemeinsame dateien\portrait displays\shared\dtsrvc.exe
R3 TDslMgrService (DSL-Manager) - "c:\programme\t-online\dsl-manager\dslmgrsvc.exe" <Not Verified; T-Systems Enterprise Services GmbH; DSL-Manager>
S3 FLEXnet Licensing Service - "c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ServiceLayer - "c:\programme\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_25031259&REV_10\3&61AAA01&0&50
Manufacturer: Realtek
Name: Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC #2
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_25031259&REV_10\3&61AAA01&0&50
Service: rtl8139
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
-- Scheduled Tasks -------------------------------------------------------------
2007-10-22 01:28:46 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2004-06-09 20:08:05 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1086804459.job
-- Files created between 2008-06-13 and 2008-07-13 -----------------------------
2008-07-13 14:11:45 0 d-------- C:\WINDOWS\ERUNT
2008-07-12 14:31:01 0 d-------- C:\Programme\Trend Micro
2008-07-12 02:49:56 0 d-------- C:\Programme\gammacontrol1031
2008-07-12 01:06:21 0 dr-h----- C:\Dokumente und Einstellungen\Christian\Recent
2008-07-11 15:57:08 0 d-------- C:\Programme\Avira
2008-07-11 07:01:14 472560 --ahs---- C:\WINDOWS\system32\gNUuvGgh.ini2
2008-07-11 05:26:09 0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-11 05:08:46 3408 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-11 05:08:02 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-11 05:08:02 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-11 05:08:02 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-11 05:08:02 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-11 05:08:02 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-11 05:08:02 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-11 05:08:02 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-11 05:08:02 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-11 05:07:56 0 d-------- C:\SmitfraudFix
2008-07-11 03:59:24 0 d-------- C:\Dokumente und Einstellungen\Christian\Start Menu
2008-07-11 02:57:59 0 d-------- C:\VundoFix Backups
2008-07-10 21:35:04 0 d---s---- C:\Programme\HLSW
2008-07-09 22:14:37 0 d-------- C:\WINDOWS\Prefs
2008-07-09 16:48:02 0 d-------- C:\Programme\Spyware Doctor
2008-07-07 20:11:30 0 d-------- C:\Programme\Realtek AC97
2008-07-07 20:11:27 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-07-05 02:22:43 532480 --a------ C:\WINDOWS\system32\FLIQLO.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-07-05 02:22:43 0 d-------- C:\WINDOWS\system32\FLIQLO dir
2008-07-05 02:15:13 0 d-------- C:\Programme\Twingly Screensaver
2008-07-05 02:13:25 29696 --a------ C:\WINDOWS\mickey32.dll <Not Verified; MacSourcery; Mickey DLL>
2008-07-05 02:13:25 402208 --a------ C:\WINDOWS\Bacura.scr <Not Verified; MacSourcery; CineMac for Director>
2008-07-05 02:13:25 2841342 --a------ C:\WINDOWS\Bacura.exe <Not Verified; Macromedia, Inc.; Director 8 Shockwave Studio>
2008-07-05 02:03:42 532480 --a------ C:\WINDOWS\system32\briblo.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-07-05 02:03:42 0 d-------- C:\WINDOWS\system32\briblo dir
2008-07-04 20:03:53 372736 --a------ C:\WINDOWS\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-07-04 20:03:47 0 d-------- C:\Programme\Gemeinsame Dateien\Portrait Displays
2008-07-04 20:03:45 0 d-------- C:\Programme\Portrait Displays
2008-07-02 23:27:56 0 d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-06-29 07:33:18 18944 --a------ C:\WINDOWS\system32\mpxu.exe
-- Find3M Report ---------------------------------------------------------------
2008-07-12 15:30:17 0 d-------- C:\Programme\MyPhoneExplorer
2008-07-11 20:54:07 0 d-------- C:\Programme\eMule
2008-07-11 05:26:21 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Malwarebytes
2008-07-11 02:57:10 0 d-------- C:\Programme\Java
2008-07-11 02:31:09 0 d-------- C:\Programme\mIRC
2008-07-11 00:35:03 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\DVDFab
2008-07-11 00:33:31 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Vso
2008-07-11 00:33:31 33 --a------ C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\pcouffin.log
2008-07-11 00:33:30 47360 --a------ C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-11 00:33:30 1144 --a------ C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\pcouffin.inf
2008-07-11 00:33:30 7887 --a------ C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\pcouffin.cat
2008-07-10 21:36:54 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\HLSW
2008-07-10 20:57:14 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\teamspeak2
2008-07-10 16:58:04 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\uTorrent
2008-07-09 18:55:12 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\BitBeamer
2008-07-09 16:48:02 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\PC Tools
2008-07-09 16:34:07 0 d-------- C:\Programme\Total Video Converter
2008-07-09 16:31:22 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\GIZMO2
2008-07-09 03:15:57 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Skype
2008-07-09 03:01:32 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\skypePM
2008-07-07 20:11:27 0 d--h----- C:\Programme\InstallShield Installation Information
2008-07-06 16:35:53 0 d-------- C:\Programme\TerraTec
2008-07-04 23:36:23 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\DisplayTune
2008-07-04 20:03:47 0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-02 23:48:22 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Adobe
2008-07-02 23:28:13 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\PC Suite
2008-07-02 23:27:59 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-07-02 16:22:02 462770 --a------ C:\WINDOWS\system32\perfh007.dat
2008-07-02 16:22:02 85704 --a------ C:\WINDOWS\system32\perfc007.dat
2008-06-24 18:23:13 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\MyPhoneExplorer
2008-06-05 03:03:01 0 d-------- C:\Programme\No23 Recorder
2008-06-03 08:20:22 0 d-------- C:\Programme\Stardock
2008-05-29 15:27:06 0 d-------- C:\Programme\Winamp
2008-05-20 22:16:52 0 d-------- C:\Programme\Skyshare Manager v1.3.1
2008-05-16 19:12:16 0 d-------- C:\Programme\Steinberg
2008-05-16 16:15:39 0 d-------- C:\Programme\DIFX
2008-05-16 16:15:25 0 d-------- C:\Programme\PC Connectivity Solution
2008-05-16 15:28:43 0 d-------- C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\dvdcss
2008-05-14 03:46:05 0 d-------- C:\Programme\MSBuild
2008-05-14 03:42:14 0 d-------- C:\Programme\Reference Assemblies
2008-05-14 02:19:52 0 d-------- C:\Programme\SimpleCenter
2008-05-14 02:18:00 0 d-------- C:\Programme\Gemeinsame Dateien\MainConcept
2008-05-14 02:00:40 0 d-------- C:\Programme\AviSynth 2.5
2008-05-13 22:29:55 0 d-------- C:\Programme\MSXML 6.0
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ddcb2811-beaf-4d93-9af4-bc8f72e8ac5e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerStrip"="c:\programme\powerstrip\pstrip.exe" []
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [27.05.2005 10:24]
"EPoXUSDM"="C:\Programme\EPOX\USDM\USDM.exe" [04.02.2005 10:31]
"BootSkin Startup Jobs"="C:\Programme\Stardock\BootSkin\BootSkin.exe" [26.04.2004 17:21]
"LogonStudio"="C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" [03.09.2002 19:38]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22.10.2006 13:22]
"nwiz"="nwiz.exe" [22.10.2006 13:22 C:\WINDOWS\system32\nwiz.exe]
"anvshell"="anvshell.exe" [22.08.2002 09:51 C:\WINDOWS\anvshell.exe]
"LiveNote"="livenote.exe" [11.07.2002 15:31 C:\WINDOWS\livenote.exe]
"NvMediaCenter"="NvMCTray.dll" [22.10.2006 13:22 C:\WINDOWS\system32\nvmctray.dll]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [29.06.2007 06:24]
"DT LGE"="C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe" [11.10.2007 16:17]
"SoundMan"="SOUNDMAN.EXE" [16.04.2007 15:28 C:\WINDOWS\soundman.exe]
"ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [10.04.2008 15:14]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12.02.2008 10:06]
"WinBooter"="C:\Dokumente und Einstellungen\Christian\Desktop\BootTimer.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 09:57]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [12.11.2006 12:48]
"mpx"="c:\WINDOWS\system32\mpx.exe" []
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [29.06.2007 06:24]
"Gammacontrol"="C:\Programme\gammacontrol1031\Gammacontrol.exe" [06.01.2005 21:52]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcARkIB]
efcARkIB.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdd356ad-9026-11da-8f54-0030842a5d9f}]
auto\command- Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open
-- End of Deckard's System Scanner: finished at 2008-07-13 14:42:24 ------------
Hallo Zig, herzlich willkommen im HijackThis Support Board.
