Fenster werden inaktiv

**Christine166** · 17.07.2009, 07:05

Hallo,
erstmal freue ich mich riesig, das ihr wieder online seit

Aber leider werden meine Fenster immer noch von alleine inaktiv...

Bevor das Forum offline gegangen ist hab ihr mich gebeten diese Logfile zu posten:

Lasst mich bitte wissen, ob ihr die anderen lofiles nochmal braucht

Code:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-03 19:45:36
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT            BA6FA28E                                                                                               ZwCreateKey
SSDT            BA6FA284                                                                                               ZwCreateThread
SSDT            BA6FA293                                                                                               ZwDeleteKey
SSDT            BA6FA29D                                                                                               ZwDeleteValueKey
SSDT            spgr.sys                                                                                               ZwEnumerateKey [0xB9EC6CA2]
SSDT            spgr.sys                                                                                               ZwEnumerateValueKey [0xB9EC7030]
SSDT            BA6FA2A2                                                                                               ZwLoadKey
SSDT            TfSysMon.sys (ThreatFire System Monitor/PC Tools)                                                      ZwOpenKey [0xBA0FCCEE]
SSDT            BA6FA270                                                                                               ZwOpenProcess
SSDT            BA6FA275                                                                                               ZwOpenThread
SSDT            spgr.sys                                                                                               ZwQueryKey [0xB9EC7108]
SSDT            spgr.sys                                                                                               ZwQueryValueKey [0xB9EC6F88]
SSDT            BA6FA2AC                                                                                               ZwReplaceKey
SSDT            BA6FA2A7                                                                                               ZwRestoreKey
SSDT            BA6FA298                                                                                               ZwSetValueKey
SSDT            BA6FA27F                                                                                               ZwTerminateProcess

INT 0x62        ?                                                                                                      8A652BF8
INT 0x63        ?                                                                                                      89B1CBF8
INT 0x82        ?                                                                                                      8A652BF8
INT 0x83        ?                                                                                                      89B1CBF8
INT 0x94        ?                                                                                                      89B1CBF8
INT 0xA4        ?                                                                                                      89B1CBF8
INT 0xB4        ?                                                                                                      8A6C1BF8

---- Kernel code sections - GMER 1.0.15 ----

?               spgr.sys                                                                                               Das System kann die angegebene Datei nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                  B8D068AC 4 Bytes  JMP 89B1C1D8 
.text           amo0cwdr.SYS                                                                                           B8C26386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           amo0cwdr.SYS                                                                                           B8C263AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           amo0cwdr.SYS                                                                                           B8C263C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text           amo0cwdr.SYS                                                                                           B8C263C9 1 Byte  [2E]
.text           amo0cwdr.SYS                                                                                           B8C263C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                    

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                     [B9EA9040] spgr.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                             [B9EA913C] spgr.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                    [B9EA90BE] spgr.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                            [B9EA97FC] spgr.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                    [B9EA96D2] spgr.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                     [B9EB9048] spgr.sys
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!KfAcquireSpinLock]                                   4B8BDF8B
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!READ_PORT_UCHAR]                                     8D3F0304
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!KeGetCurrentIrql]                                    CB033043
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!KfRaiseIrql]                                         0673C13B
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!KfLowerIrql]                                         C13B0003
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!HalGetInterruptVector]                               8366FA72
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!HalTranslateBusAddress]                              75000E7B
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!KeStallExecutionProcessor]                           0B7D80E3
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!KfReleaseSpinLock]                                   307B8D00
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                             00AA840F
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!READ_PORT_USHORT]                                    83660000
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                            6A000E7A
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[HAL.dll!WRITE_PORT_UCHAR]                                    C6647400
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[WMILIB.SYS!WmiSystemControl]                                 4F8B0200
IAT             \SystemRoot\System32\Drivers\amo0cwdr.SYS[WMILIB.SYS!WmiCompleteRequest]                               968D5140

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                 8A6C01F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                 TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device          \Driver\USBSTOR \Device\0000009c                                                                       8943F1F8

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                               pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\USBSTOR \Device\0000009e                                                                       8943F1F8

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                       89B1B1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                       89B1B1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                              8A6C21F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                8A6C21F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                   8A6C21F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                  8A6C21F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                       89B041F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                       89B1B1F8
Device          \Driver\PCI_PNP8676 \Device\00000054                                                                   spgr.sys
Device          \Driver\usbuhci \Device\USBPDO-4                                                                       89B1B1F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                              pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                       89B1B1F8
Device          \Driver\usbehci \Device\USBPDO-6                                                                       89B041F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                 8A6531F8
Device          \Driver\Cdrom \Device\CdRom0                                                                           89A7F1F8
Device          \Driver\Cdrom \Device\CdRom1                                                                           89A7F1F8
Device          \Driver\Cdrom \Device\CdRom2                                                                           89A7F1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                894AC1F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                       894AC1F8

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                              pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device          \Driver\sptd \Device\1188324926                                                                        spgr.sys

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                            pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                       89B1B1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                       89B1B1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                      894431F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                       89B041F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                            894431F8
Device          \Driver\usbuhci \Device\USBFDO-3                                                                       89B1B1F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                       89B1B1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                       8A6531F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                       89B1B1F8
Device          \Driver\usbehci \Device\USBFDO-6                                                                       89B041F8
Device          \Driver\amo0cwdr \Device\Scsi\amo0cwdr1                                                                89A2E500
Device          \Driver\amo0cwdr \Device\Scsi\amo0cwdr1Port4Path0Target0Lun0                                           89A2E500
Device          \FileSystem\Cdfs \Cdfs                                                                                 88DF5500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                     771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                     285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                    C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                 0x86 0x63 0x7D 0x2F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh        0x6D 0x72 0x7E 0xC7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh  0x6C 0x09 0xAF 0xDF ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                           
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                        C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                        0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                     0x86 0x63 0x7D 0x2F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh            0x6D 0x72 0x7E 0xC7 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40            
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh      0x6C 0x09 0xAF 0xDF ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                           
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                        C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                        0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                     0x86 0x63 0x7D 0x2F ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh            0x6D 0x72 0x7E 0xC7 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40            
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh      0xC9 0xBD 0xBB 0xE4 ...

---- EOF - GMER 1.0.15 ----

schrauber · 17.07.2009, 08:14

Hallo Christine166, Herzlich Willkommen im HijackThis Support Board.

Ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden. Es ist wichtig, dass Du solange mitarbeitest, bis wir sagen, dass der Rechner "sauber" ist, auch wenn die Symptome eventuell nach den ersten Aktionen verschwunden sein sollten. Dazu gehört auch, keine weiteren Programme zu installieren oder Scans durchzuführen, ausser wenn es hier entsprechend angeordnet wird. Wenn Du dazu bereit bist, arbeite die folgenden Punkte in der angegebenen Reihenfolge ab. Drucke die Anleitungen zur Bereinigung Deines Systems am besten aus. Lese zunächst alles durch und wenn Dir etwas unklar ist, bitte fragen, bevor Du weitermachst.

Wenn Du mit dem Abarbeiten der einzelnen Punkte fertig bist, kontrolliere aufmerksam, ob Du keinen Punkt vergessen und alle angeforderten Logfiles in Code-Tags gepostet hast. Ergänze Deine jeweils letzten Beiträge solange über den "Ändern-Button", bis Dir jemand geantwortet hat. Wichtig: Bitte während unserer Reinigungphase nur Programme installieren, die wir anordnen. Bitte alle Aktionen, die wir anordnen nicht in einem eingeschränkten Userkonto ausführen, sondern vom Hauptuserkonto aus.

1. Schritt
Kannst Du auf Deinem Computer alles sehen?
Im Windows-Explorer >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

2. Schritt
bitte alle Logs in Code- Tags setzen Es erleichert uns die Auswertung! (keine Anhänge/Attachments)

schreibe so: [Code] dann das, was gepostet werden soll, einfügen schreibe wieder[/Code].

Das Ergebnis sieht dann so aus:

Code:

("hier sieht man dann das, was Du uns posten willst!")

3. Schritt
Systemdetails mit RSIT prüfen

Lade Random's System Information Tool (RSIT) von random/random herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

**Christine166** · 17.07.2009, 08:44

hallo,

danke für die schnelle antwort!

Code:

info.txt logfile of random's system information tool 1.06 2009-07-17 15:38:08

======Uninstall list======

-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CutePDF Writer 2.7-->C:\Programme\Acro Software\CutePDF Writer\uninscpw.exe
GlobeTrotter Connect-->MsiExec.exe /X{E03C00AC-9A90-4764-8D4B-57813A4AFD92}
Google Pinyin IME-->"C:\Programme\Google\Google Pinyin\Uninstall.exe"
Google Talk (remove only)-->"C:\Programme\Google\Google Talk\uninstall.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
IsoBuster 2.5-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
KompoZer 0.77-->"C:\Programme\Arbeit\KompoZer\unins000.exe"
Magic ISO Maker v5.5 (build 0274)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
McLoad Preinstaller-->C:\\Dokumente und Einstellungen\\U9200\\Anwendungsdaten\\McLoad\\Uninstall-Mcload.exe
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.11)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Registry Mechanic 8.0-->"C:\Programme\Registry Mechanic\unins000.exe" /Log
Security Task Manager 1.7h-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
SkinBuilder-->C:\Programme\SkinBuilder\UnInstall_24252.exe
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims 2 Family Fun Stuff-->C:\Programme\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Programme\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Programme\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Programme\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Programme\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Programme\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Programme\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Apartment Life-->C:\Programme\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Programme\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff-->C:\Programme\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff-->C:\Programme\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Programme\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff-->C:\Programme\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
TouchPad HotKey Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DB457913-028D-460E-BB4C-D9A6369752CA}\setup.exe" -l0x9 
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update für Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
W541U V2.0-->C:\Programme\InstallShield Installation Information\{D4B5467F-B1F6-43EB-A73D-035881F17B3E}\setup.exe -runfromtemp -l0x0009 -removeonly
WebCam HotKey Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{641108D0-0059-4370-9F6C-09056911C13C}\setup.exe" -l0x9 
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WirelessControl-->C:\Programme\InstallShield Installation Information\{003CD4FD-DB3E-4D12-9A34-8C00FA8A680F}\setup.exe -runfromtemp -l0x0009 -removeonly

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: FSC011211092801
Event Code: 4201
Message: Netzwerkadapter "Tenda...Wireless USB Adapter - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 9782
Source Name: Tcpip
Time Written: 20090626070255.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 4202
Message: Es wurde festgestellt, dass der Netzwerkadapter "Tenda...Wireless USB Adapter - Paketplaner-Miniport" vom Netzwerk getrennt wurde,
und dass die Netzwerkkonfiguration des Adapters freigegeben wurde. Möglicherweise
ist der Adapter beschädigt, falls der Adapter nicht vom Netzwerk getrennt wurde.
Wenden Sie sich an den Hersteller bezüglich aktueller Treiber.

Record Number: 9781
Source Name: Tcpip
Time Written: 20090626070235.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 4201
Message: Netzwerkadapter "Tenda...Wireless USB Adapter - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 9780
Source Name: Tcpip
Time Written: 20090626070205.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 8033
Message: Der Suchdienst hat eine Wahl auf dem Netzwerk "\Device\NetBT_Tcpip_{DA59F31E-BC1E-42A1-A058-349CAD54EC38}" erzwungen, da der Hauptsuchdienst beendet wurde.

Record Number: 9779
Source Name: BROWSER
Time Written: 20090626070020.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 4202
Message: Es wurde festgestellt, dass der Netzwerkadapter "Tenda...Wireless USB Adapter - Paketplaner-Miniport" vom Netzwerk getrennt wurde,
und dass die Netzwerkkonfiguration des Adapters freigegeben wurde. Möglicherweise
ist der Adapter beschädigt, falls der Adapter nicht vom Netzwerk getrennt wurde.
Wenden Sie sich an den Hersteller bezüglich aktueller Treiber.

Record Number: 9778
Source Name: Tcpip
Time Written: 20090626070020.000000+480
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: FSC011211092801
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 5
Source Name: SecurityCenter
Time Written: 20090128212754.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 102
Message: wuaueng.dll (2240) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).

Record Number: 4
Source Name: ESENT
Time Written: 20090128182048.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 100
Message: wuauclt (2240) Das Datenbankmodul 5.01.2600.2780 ist gestartet.

Record Number: 3
Source Name: ESENT
Time Written: 20090128182048.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20090128182013.000000+480
Event Type: Informationen
User: 

Computer Name: FSC011211092801
Event Code: 11728
Message: Product: WebFldrs XP -- Configuration completed successfully.

Record Number: 1
Source Name: MsiInstaller
Time Written: 20090128181846.000000+480
Event Type: Informationen
User: FSC011211092801\U9200

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Smart Projects\IsoBuster;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Programme\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Code:

Logfile of random's system information tool 1.06 (written by random/random)
Run by U9200 at 2009-07-17 15:38:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (48%) free of 114 GB
Total RAM: 2038 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:07, on 17.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\FSC\WebCam HotKey Utility\WebCam_HotKey.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Tenda\W541U V2.0\UI.exe
C:\Programme\FSC\Wireless Utility\WirelessSelector.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\U9200\Desktop\RSIT.exe
C:\Programme\trend micro\U9200.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yodl.de/?&affid=1&uid=38D7B704-AC50-4F8F-8882-ED70ED76FFDA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WebCamHotKey] C:\Programme\FSC\WebCam HotKey Utility\WebCam_HotKey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Programme\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: W541U V2.0.lnk = ?
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

--
End of file - 6698 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-02 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-02 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WebCamHotKey"=C:\Programme\FSC\WebCam HotKey Utility\WebCam_HotKey.exe [2007-06-26 376832]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2007-05-11 864256]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-11 16342528]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-06-01 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-06-01 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-06-01 138008]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Google IME Autoupdater"=C:\Programme\Google\Google Pinyin\GooglePinyinDaemon.exe [2008-10-17 308720]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-02 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
W541U V2.0.lnk - C:\Programme\Tenda\W541U V2.0\UI.exe
WirelessSelector.lnk - C:\Programme\FSC\Wireless Utility\WirelessSelector.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Office\Office12\OUTLOOK.EXE"="C:\Programme\Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Google\Google Talk\googletalk.exe"="C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2009-07-15 19:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 19:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 19:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 18:27:10 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Download Manager
2009-07-15 18:26:56 ----D---- C:\WINDOWS\Sun
2009-07-15 17:32:50 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\McLoad
2009-07-15 17:23:30 ----D---- C:\Programme\SkinBuilder
2009-07-14 11:36:23 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\ICQ
2009-07-14 11:35:50 ----D---- C:\Programme\ICQ6.5
2009-07-03 10:33:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-02 16:45:41 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-02 16:45:41 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-02 16:45:41 ----A---- C:\WINDOWS\system32\java.exe
2009-07-02 16:40:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-07-02 16:40:30 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-07-02 16:15:55 ----D---- C:\Programme\NOS
2009-07-02 16:15:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS
2009-07-02 15:11:08 ----D---- C:\Programme\Avira
2009-07-02 15:11:08 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-07-01 20:29:02 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-01 19:10:58 ----D---- C:\Programme\trend micro
2009-07-01 19:10:57 ----D---- C:\rsit
2009-07-01 17:32:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-07-01 17:32:41 ----D---- C:\Programme\SUPERAntiSpyware
2009-07-01 17:32:41 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\SUPERAntiSpyware.com
2009-07-01 16:19:29 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Help
2009-07-01 16:18:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
2009-07-01 16:18:27 ----D---- C:\Programme\Security Task Manager
2009-06-30 21:31:46 ----D---- C:\Programme\Sierra On-Line
2009-06-30 21:31:13 ----A---- C:\WINDOWS\SIERRA.INI
2009-06-30 21:31:08 ----A---- C:\WINDOWS\IsUninst.exe
2009-06-26 19:01:36 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Malwarebytes
2009-06-26 19:01:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-06-26 13:19:03 ----D---- C:\Programme\Pharao I
2009-06-22 17:16:35 ----D---- C:\Programme\Bullfrog
2009-06-22 11:58:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-21 17:33:56 ----D---- C:\WINDOWS\RegisteredPackages
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-06-21 17:29:27 ----N---- C:\WINDOWS\system32\px.dll
2009-06-21 17:29:16 ----D---- C:\Programme\Winamp
2009-06-21 17:29:16 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Winamp
2009-06-16 19:06:22 ----HD---- C:\Programme\Uninstall Information
2009-06-16 12:06:52 ----D---- C:\WINDOWS\ie8updates
2009-06-16 12:05:57 ----HDC---- C:\WINDOWS\ie8
2009-06-12 09:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 09:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 09:27:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 09:27:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 14:59:43 ----D---- C:\Programme\JRE
2009-06-04 00:05:16 ----A---- C:\WINDOWS\system32\cpwmon2k.dll
2009-06-04 00:05:12 ----D---- C:\Programme\Acro Software
2009-05-25 15:33:19 ----D---- C:\Programme\MagicDisc
2009-05-18 11:21:04 ----D---- C:\WINDOWS\pss
2009-05-03 14:38:57 ----D---- C:\Programme\Lavasoft
2009-05-03 14:38:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-05-03 10:24:34 ----D---- C:\Programme\Spybot - Search & Destroy
2009-05-01 11:47:24 ----D---- C:\df937d0aa09bba8dc052275c6ff57a92
2009-04-30 13:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-04-27 19:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-27 19:06:23 ----D---- C:\WINDOWS\ie7updates
2009-04-27 19:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-27 16:43:52 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-04-27 13:09:33 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-04-27 13:08:40 ----D---- C:\WINDOWS\Prefetch
2009-04-27 13:06:47 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-04-27 13:06:44 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools
2009-04-27 13:06:38 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\PC Tools
2009-04-27 13:06:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2009-04-27 13:06:35 ----D---- C:\Programme\Registry Mechanic
2009-04-27 13:02:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-04-27 12:59:48 ----D---- C:\Temp
2009-04-27 12:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-27 12:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-27 12:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-27 12:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-27 12:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-27 12:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-27 12:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-27 12:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-27 12:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-27 12:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-27 12:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-27 12:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-27 12:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-27 12:48:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-27 12:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-27 12:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-27 12:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-27 12:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-27 12:47:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-27 12:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-27 12:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-27 12:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-27 12:47:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-27 12:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-27 12:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-27 12:47:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-27 12:44:58 ----D---- C:\WINDOWS\system32\de
2009-04-27 12:44:58 ----D---- C:\WINDOWS\system32\bits
2009-04-27 12:44:58 ----D---- C:\WINDOWS\l2schemas
2009-04-27 12:43:32 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-27 12:42:20 ----D---- C:\WINDOWS\network diagnostic
2009-04-27 12:40:46 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-27 12:35:14 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-04-27 11:06:49 ----D---- C:\WINDOWS\WBEM
2009-04-27 11:06:48 ----D---- C:\WINDOWS\system32\de-de
2009-04-27 11:06:24 ----HDC---- C:\WINDOWS\ie7
2009-04-27 11:06:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-04-27 11:05:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-04-27 11:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-04-27 11:05:21 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-04-26 16:59:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-26 10:26:47 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\OpenOffice.org
2009-04-26 10:25:09 ----D---- C:\Programme\OpenOffice.org 3
2009-04-26 10:24:44 ----D---- C:\Programme\Java
2009-04-26 10:24:43 ----D---- C:\Programme\Gemeinsame Dateien\Java
2009-04-26 10:24:35 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Sun
2009-04-24 15:15:38 ----HD---- C:\WINDOWS\PIF
2009-04-23 13:06:05 ----D---- C:\Programme\MagicISO
2009-04-23 12:27:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2009-04-23 12:22:32 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-04-23 12:22:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-23 12:22:31 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-04-23 12:22:31 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-04-23 12:22:29 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-23 12:22:29 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-23 12:22:27 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-04-23 12:22:27 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-04-23 12:22:26 ----N---- C:\WINDOWS\system32\slserv.exe
2009-04-23 12:22:26 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-04-23 12:22:26 ----N---- C:\WINDOWS\system32\slgen.dll
2009-04-23 12:22:26 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-04-23 12:22:26 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-04-23 12:22:26 ----N---- C:\WINDOWS\slrundll.exe
2009-04-23 12:22:25 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-23 12:22:24 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-23 12:22:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-23 12:22:23 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-23 12:22:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-23 12:22:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-23 12:22:23 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-23 12:22:23 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-04-23 12:22:22 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-23 12:22:21 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-04-23 12:22:20 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-23 12:22:20 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-23 12:22:20 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-23 12:22:20 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-04-23 12:22:20 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-04-23 12:22:20 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-04-23 12:22:19 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-23 12:22:19 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-23 12:22:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-23 12:22:14 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-23 12:22:14 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-23 12:22:14 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-23 12:22:14 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-04-23 12:22:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-23 12:22:10 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-23 12:22:10 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-23 12:22:10 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-23 12:22:10 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-23 12:22:10 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-23 12:22:09 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-23 12:22:09 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-23 12:22:08 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-04-23 12:22:07 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-04-23 12:22:06 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-23 12:22:05 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-23 12:22:04 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-23 12:22:03 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-04-23 12:22:01 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-04-23 12:21:59 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-22 12:40:56 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Apple Computer
2009-04-22 12:40:48 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-04-22 12:40:36 ----D---- C:\Programme\iPod
2009-04-22 12:40:34 ----D---- C:\Programme\iTunes
2009-04-22 12:40:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-22 12:40:04 ----D---- C:\Programme\QuickTime
2009-04-22 12:40:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-04-22 12:39:54 ----D---- C:\Programme\Apple Software Update
2009-04-22 12:39:22 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-04-22 12:39:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-04-19 00:59:05 ----A---- C:\WINDOWS\system32\muweb.dll
2009-04-19 00:59:05 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-04-19 00:59:05 ----A---- C:\WINDOWS\system32\mucltui.dll

======List of files/folders modified in the last 3 months======

2009-07-17 08:42:45 ----D---- C:\Programme\Mozilla Firefox
2009-07-17 08:09:24 ----D---- C:\WINDOWS\Temp
2009-07-16 17:45:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-15 20:29:40 ----D---- C:\WINDOWS
2009-07-15 20:29:28 ----D---- C:\WINDOWS\system32
2009-07-15 19:02:45 ----SHD---- C:\WINDOWS\Installer
2009-07-15 19:02:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-07-15 19:02:31 ----HD---- C:\WINDOWS\inf
2009-07-15 19:02:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 19:02:26 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 19:02:24 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-15 17:23:30 ----RD---- C:\Programme
2009-07-14 11:43:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-14 11:37:15 ----HD---- C:\Programme\InstallShield Installation Information
2009-07-13 23:28:14 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Skype
2009-07-13 23:08:49 ----D---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\skypePM
2009-07-07 23:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 10:41:39 ----RD---- C:\WINDOWS\Web
2009-07-03 10:33:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-02 16:40:30 ----D---- C:\Programme\Gemeinsame Dateien
2009-07-02 16:40:30 ----D---- C:\Programme\Adobe
2009-07-02 16:05:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-02 15:11:16 ----D---- C:\WINDOWS\system32\drivers
2009-07-02 15:09:10 ----D---- C:\WINDOWS\WinSxS
2009-07-01 17:32:47 ----SD---- C:\Dokumente und Einstellungen\U9200\Anwendungsdaten\Microsoft
2009-07-01 12:36:13 ----D---- C:\WINDOWS\Minidump
2009-06-30 21:36:12 ----A---- C:\WINDOWS\setuplog.txt
2009-06-21 17:40:37 ----D---- C:\WINDOWS\security
2009-06-21 17:34:37 ----D---- C:\Programme\Windows Media Player
2009-06-21 17:34:35 ----D---- C:\WINDOWS\Debug
2009-06-16 22:36:10 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 22:36:10 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-16 19:06:14 ----D---- C:\WINDOWS\Media
2009-06-16 19:06:14 ----D---- C:\Programme\Internet Explorer
2009-06-16 19:06:13 ----D---- C:\WINDOWS\Help
2009-06-12 09:32:19 ----D---- C:\Programme\EA GAMES
2009-06-11 14:59:53 ----RSD---- C:\WINDOWS\Fonts
2009-06-04 03:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-25 13:54:15 ----SD---- C:\WINDOWS\Tasks
2009-05-21 23:05:26 ----D---- C:\WINDOWS\system32\wbem
2009-05-20 16:48:19 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-05-18 12:37:09 ----RASH---- C:\boot.ini
2009-05-18 12:37:07 ----A---- C:\WINDOWS\win.ini
2009-05-18 12:37:06 ----A---- C:\WINDOWS\system.ini
2009-05-13 13:02:13 ----A---- C:\WINDOWS\system32\wininet.dll
2009-05-13 13:02:12 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-05-07 23:32:03 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-01 05:13:04 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-05-01 05:13:03 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-05-01 05:12:57 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-05-01 05:12:57 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-05-01 05:12:56 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-30 19:21:08 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-29 12:41:55 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-27 17:29:37 ----D---- C:\WINDOWS\system32\config
2009-04-27 13:09:45 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-27 13:08:18 ----D---- C:\WINDOWS\system32\Setup
2009-04-27 13:08:18 ----D---- C:\WINDOWS\AppPatch
2009-04-27 12:47:19 ----D---- C:\Programme\Messenger
2009-04-27 12:45:05 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-27 12:45:05 ----D---- C:\WINDOWS\ime
2009-04-27 12:45:05 ----D---- C:\WINDOWS\ehome
2009-04-27 12:44:58 ----D---- C:\WINDOWS\system32\usmt
2009-04-27 12:44:58 ----D---- C:\WINDOWS\PeerNet
2009-04-27 12:44:57 ----D---- C:\Programme\Movie Maker
2009-04-27 12:43:25 ----D---- C:\WINDOWS\system32\Restore
2009-04-27 12:43:25 ----D---- C:\WINDOWS\system32\npp
2009-04-27 12:43:24 ----D---- C:\WINDOWS\srchasst
2009-04-27 12:43:24 ----D---- C:\WINDOWS\msagent
2009-04-27 12:43:22 ----D---- C:\Programme\NetMeeting
2009-04-27 12:43:21 ----D---- C:\WINDOWS\system32\Com
2009-04-27 12:43:20 ----D---- C:\Programme\Windows NT
2009-04-27 12:43:20 ----D---- C:\Programme\Outlook Express
2009-04-27 12:43:19 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-04-27 12:43:08 ----D---- C:\WINDOWS\system32\oobe
2009-04-27 12:43:07 ----D---- C:\WINDOWS\system
2009-04-27 12:41:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-27 00:52:10 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-04-22 12:40:48 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-11 21419]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 acpi_contactor;acpi_contactor Driver; C:\WINDOWS\system32\DRIVERS\acpi_contactor_xp.sys [2007-07-27 6528]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-25 5761760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-11 4419584]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-08-28 627072]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-05-11 208576]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
S3 a13lwfys;a13lwfys; C:\WINDOWS\system32\drivers\a13lwfys.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-06-22 547072]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hitmanpro2;Hitman Pro 2 Driver; \??\C:\Programme\Hitman Pro\hitmanpro2.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-02-23 113920]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-03-01 41344]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-05-03 259712]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-02 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe []
S4 sdCoreService;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe []

-----------------EOF-----------------

schrauber · 18.07.2009, 08:35

Downloade Malwarebytes Anti-Malware von einem dieser Downloadspiegel:

Malwarebytes - MajorGeeks.com - BestTechie

Installiere das Programm in den vorgegebenen Pfad.
Lasse es online updaten (Reiter Updates).
Starte das Programm und aktiviere "Komplett Scan durchführen" => Scan.
Wähle alle verfügbaren Laufwerke aus und starte den Scan.
Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

**Christine166** · 18.07.2009, 15:28

hallo,
malewarebytes hat leider nichts gefunden... Die Fenster werden immer nich inaktiv, aber, wenn ich meinen Wireless USB-Adapter ausstecke ist alles normal. Sprich, der Bug macht die Fenster nur inaktiv, wenn ich im Internet bin.

Code:

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2458
Windows 5.1.2600 Service Pack 3

18.07.2009 22:23:55
mbam-log-2009-07-18 (22-23-55).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 188382
Laufzeit: 51 minute(s), 51 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

schrauber · 18.07.2009, 15:36

Rootkitscan mit RootRepeal

Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
Entpacke die Datei auf Deinen Desktop.
Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
.
Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

**Christine166** · 18.07.2009, 15:57

Code:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:			2009/07/18 22:47
Program Version:		Version 1.3.2.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9ABC4000	Size: 815104	File Visible: No	Signed: -
Status: -

Name: PCI_PNP0260
Image Path: \Driver\PCI_PNP0260
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9A1F4000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spja.sys
Image Path: spja.sys
Address: 0xB9EA7000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\dokumente und einstellungen\u9200\lokale einstellungen\temp\etilqs_bmf7xjy5nanwve6hys8z
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\dokumente und einstellungen\u9200\lokale einstellungen\temp\etilqs_v3ahx9aeozy42zwantpp
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\dokumente und einstellungen\u9200\lokale einstellungen\temp\etilqs_vpf1mrgbalmsga437ejq
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 041	Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x9fbea49e

#: 053	Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x9fbea494

#: 063	Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x9fbea4a3

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x9fbea4ad

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "spja.sys" at address 0xb9ec6ca2

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "spja.sys" at address 0xb9ec7030

#: 098	Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0x9fbea4b2

#: 119	Function Name: NtOpenKey
Status: Hooked by "TfSysMon.sys" at address 0xba0fccee

#: 122	Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x9fbea480

#: 128	Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x9fbea485

#: 160	Function Name: NtQueryKey
Status: Hooked by "spja.sys" at address 0xb9ec7108

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "spja.sys" at address 0xb9ec6f88

#: 193	Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0x9fbea4bc

#: 204	Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0x9fbea4b7

#: 247	Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x9fbea4a8

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x9fbea48f

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x8a6c01f8	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System	Address: 0x892dd500	Address: 121

Object: Hidden Code [Driver: a0tzqjecЅ浍浓Ёం䵃䥖ƈﰡЂఉ瑎捦, IRP_MJ_CREATE]
Process: System	Address: 0x89a151f8	Address: 121

Object: Hidden Code [Driver: a0tzqjecЅ浍浓Ёం䵃䥖ƈﰡЂఉ瑎捦, IRP_MJ_CLOSE]
Process: System	Address: 0x89a151f8	Address: 121

Object: Hidden Code [Driver: a0tzqjecЅ浍浓Ёం䵃䥖ƈﰡЂఉ瑎捦, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89a151f8	Address: 121

Object: Hidden Code [Driver: a0tzqjecЅ浍浓Ёం䵃䥖ƈﰡЂఉ瑎捦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89a151f8	Address: 121

Object: Hidden Code [Driver: a0tzqjecЅ浍浓Ёం䵃䥖ƈﰡЂఉ瑎捦, IRP_MJ_POWER]
Process: System	Address: 0x89a151f8	Address: 121

Object: Hidden Code [Driver: a0tzqjecЅ浍浓Ёం䵃䥖ƈﰡЂఉ瑎捦, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89a151f8	Address: 121

Object: Hidden Code [Driver: a0tzqjecЅ浍浓Ёం䵃䥖ƈﰡЂఉ瑎捦, IRP_MJ_PNP]
Process: System	Address: 0x89a151f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x89a6d1f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System	Address: 0x8a6c21f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System	Address: 0x894601f8	Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x89b0d1f8	Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x89b0d1f8	Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89b0d1f8	Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89b0d1f8	Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x89b0d1f8	Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89b0d1f8	Address: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x89b0d1f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8a6531f8	Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x894821f8	Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x894821f8	Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x894821f8	Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x894821f8	Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x894821f8	Address: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x894821f8	Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x89af61f8	Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x89af61f8	Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89af61f8	Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89af61f8	Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x89af61f8	Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89af61f8	Address: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x89af61f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x894621f8	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_CREATE]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_CLOSE]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_READ]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_CLEANUP]
Process: System	Address: 0x892df500	Address: 121

Object: Hidden Code [Driver: CdfsЅ敓摓Ёఅ瑎獆錨褐済, IRP_MJ_PNP]
Process: System	Address: 0x892df500	Address: 121

==EOF==

schrauber · 18.07.2009, 16:08

Kaspersky Online Scan

Überprüfe Dein komplettes System mit dem Kaspersky Online-Scanner. Bitte während des Scans alle evtl. vorhandenen externen Festplatten einschalten/anschließen. Außerdem während des Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliche) abstellen und nicht vergessen, sie hinterher wieder einzuschalten.

Kaspersky Online Scanner
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Java muss installiert, aktiv und erlaubt sein.
- Bebilderte Anleitung von sundavis.
- Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
- Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
- Die Datenschutzerklärung akzeptieren.
- Programm installieren lassen.
- Update der Signaturen installieren lassen.
- Wenn der Status "Complete" ist,
- Scan-Einstellungen (Settings) Standard lassen
- Links den Link "My Computer" anklicken.
- Scan beginnt automatisch.
- Wenn der Scan fertig ist, auf "View scan report" klicken,
- "Save report as" und Dateityp auf .txt umstellen,
- und auf dem Desktop als Kaspersky.txt speichern.
- Logdatei hier posten.
- Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

Installiere bitte mal die Treiber vom WLAN-Stick neu.

**Christine166** · 19.07.2009, 04:25

Hier das Scanergebniss von Kaspersky

Code:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
 Sunday, July 19, 2009
 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner  version: 7.0.26.13
 Program database last update: Saturday, July 18, 2009 18:13:50
 Records in database: 2489756
--------------------------------------------------------------------------------

Scan settings:
	Scan using the following database: extended
	Scan archives: yes
	Scan mail databases: yes

Scan area - My Computer:
	C:\
	D:\
	E:\
	F:\
	G:\

Scan statistics:
	Files scanned: 88401
	Threat name: 0
	Infected objects: 0
	Suspicious objects: 0
	Duration of the scan: 01:43:21

No malware has been detected. The scan area is clean.

The selected area was scanned.

Ich habe die Treiber des WLAN-Sticks deinstalliert, der Stick funktioniert immer noch, ist mit dem Internet verbunden. Es scheint auch, als sei das das Problem gewesen. Die Fenster werden nicht mehr inaktiv

Kannst du mir erklären, wie sich das ausgewirkt hat, dass die Fenster inaktiv wurden?

schrauber · 19.07.2009, 07:16

Nö kann ich nicht, aber ich weiß warum der Stick auch ohne Treiber geht, und das könnte zu Deinem Problem geführt haben

.

Windows hat viele viele Treiber ab Werk dabei. Solche Sachen wie Sticks und so einfach mal einstöpseln und warten, ob Windows nicht doch die Treiber hat. Wenn Du direkt den mitgelieferten Treiber installierst, kommen sich die beiden in die Quere

.

Thema: Fenster werden inaktiv

Themen-Optionen

Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

AW: Fenster werden inaktiv

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Popup Fenster, Firefox muß beendet werden...

fenster, taskbar, taskleiste und destop wechselnd inaktiv - logfiles :)

Fenster wechselt ständig von aktiv nach inaktiv

Firewall angeblich inaktiv

Verlauf leeren ist inaktiv

Berechtigungen