Trojaner?? Fenster öffnet sich automatisch

jannoah1999 · May 22, 2009

Hallo,
ich habe inzwischen viele Seiten mit dem gleichen Problem gelesen, aber ich komme nicht weiter:

Firefox öffnet aus heiterem Himmel einfach neue Fenster mit irgendwelchen Adressen für unnütze Sachen.
Habe Antivir und mehrere online Datenüberprüfungen gemacht, diese finden aber nichts.

Hier mein logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:22, on 22.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\dokumente und einstellungen\alex\lokale einstellungen\anwendungsdaten\eqswm.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\preispiraten\Preispiraten4\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\preispiraten\Preispiraten4\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten 4 - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\preispiraten\Preispiraten4\IEButtonPPInterface.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SyncroNaut Timer] C:\Programme\ASBiON\SyncroNaut\SYSTEM\Timer4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XPClean-RegWarner] C:\Programme\XPcleanv5\RegWarner.exe /s
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eqswm] "c:\dokumente und einstellungen\alex\lokale einstellungen\anwendungsdaten\eqswm.exe" eqswm
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten4\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten4\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten4\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Preispiraten 4 - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten\Preispiraten4\preispiraten3ie.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {82DEF876-14E4-4CE5-9CA4-DE79A2EE46D2} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176480979593
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10761 bytes

Danke für euere Hilfe

jannoah

-humi- · May 22, 2009

http://www.pcwelt.de/forum/sicherhe...12-malwarebefall-posten-bitte-abarbeiten.html

jannoah1999 · May 22, 2009

info.txt logfile of random's system information tool 1.06 2009-05-22 15:24:40

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
BIMP Lite 1.62-->"C:\Programme\BIMP Lite\uninstall.exe"
CIB pdf brewer 2.3.12-->C:\Programme\InstallShield Installation Information\{F0312AC6-988B-11DA-9C49-000476F770CC}\setup.exe -runfromtemp -l0x0007 anything -removeonly
ClearProg 1.5.1 Beta 8-->C:\Programme\ClearProg\Uninstall.exe
Favorit-->"c:\dokumente und einstellungen\alex\lokale einstellungen\anwendungsdaten\eqswm.exe" -uninstall
Fotosizer 1.20-->C:\Programme\Fotosizer\uninst.exe
FoxServ 3.1 Beta 1-->"M:\FoxServ\uninstall.exe"
GIMP 2.4.6-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Encarta Enzyklopädie 2004-->MsiExec.exe /I{04440044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{90190407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Oriolus Lernprogramm Englisch in der Grundschule - Standard-->"C:\Programme\Oriolus\Engl_GS\unins000.exe"
Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Setup-Start von Microsoft Works 2004-->C:\Programme\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP F:\
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SimilarImages-->"C:\Programme\SimilarImages\Uninstall.exe"
SopCast 3.0.1-->C:\Programme\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Steuer-Spar-Erklärung 2008-->MsiExec.exe /I{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}
Tobit.Software clipinc.fx-->C:\WINDOWS\CISUnins.exe "C:\Programme\Tobit ClipInc\Server\CISUnins.inf"
Update für Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Vulkan 3D-->C:\WINDOWS\Vulkan3DUninstaller.exe
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WINZD 2008-12-->C:\WinSV\ZD\unins000.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: ARBEITSZIMMER
Event Code: 7036
Message: Dienst "HTTP-SSL" befindet sich jetzt im Status "Ausgeführt".

Record Number: 50124
Source Name: Service Control Manager
Time Written: 20090424120815.000000+120
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "HTTP-SSL" gesendet.

Record Number: 50123
Source Name: Service Control Manager
Time Written: 20090424120815.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: ARBEITSZIMMER
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Beendet".

Record Number: 50122
Source Name: Service Control Manager
Time Written: 20090424120812.000000+120
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 50121
Source Name: Service Control Manager
Time Written: 20090424120806.000000+120
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".

Record Number: 50120
Source Name: Service Control Manager
Time Written: 20090424120806.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ARBEITSZIMMER
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 30903
Source Name: Avira AntiVir
Time Written: 20090109082617.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ARBEITSZIMMER
Event Code: 1
Message: The service is started.

Record Number: 30902
Source Name: IJPLMSVC
Time Written: 20090109082606.000000+060
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 30901
Source Name: Avira AntiVir
Time Written: 20090109081835.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ARBEITSZIMMER
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 30900
Source Name: SecurityCenter
Time Written: 20090109081833.000000+060
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 1
Message: The service is started.

Record Number: 30899
Source Name: IJPLMSVC
Time Written: 20090109081824.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;;C:\Programme\CIB software GmbH\CIB pdf brewer;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

jannoah1999 · May 22, 2009

Logfile of random's system information tool 1.06 (written by random/random)
Run by alex at 2009-05-22 15:24:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (39%) free of 76 GB
Total RAM: 511 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:33, on 22.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\dokumente und einstellungen\alex\lokale einstellungen\anwendungsdaten\eqswm.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Outlook Express\MSIMN.EXE
C:\Dokumente und Einstellungen\alex\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\alex.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\preispiraten\Preispiraten4\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\preispiraten\Preispiraten4\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten 4 - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\preispiraten\Preispiraten4\IEButtonPPInterface.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SyncroNaut Timer] C:\Programme\ASBiON\SyncroNaut\SYSTEM\Timer4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XPClean-RegWarner] C:\Programme\XPcleanv5\RegWarner.exe /s
O4 - HKCU\..\Run: [ClipIncSrvTray] "C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eqswm] "c:\dokumente und einstellungen\alex\lokale einstellungen\anwendungsdaten\eqswm.exe" eqswm
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Programme\\Preispiraten\\Preispiraten4\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten4\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten4\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Preispiraten 4 - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten\Preispiraten4\preispiraten3ie.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: MedionShop - {82DEF876-14E4-4CE5-9CA4-DE79A2EE46D2} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.de/scan_de/scan8/oscan8.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10442 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84B94901-3645-4D80-A6B7-4D0050B19455}]
amazon - C:\Programme\preispiraten\Preispiraten4\IEButtonAmazonInterface.dll [2006-11-08 646144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-05-11 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD9B7762-DFBC-42B1-BB30-02A78287B456}]
eBay - C:\Programme\preispiraten\Preispiraten4\IEButtonEbayInterface.dll [2006-11-08 647168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}]
Preispiraten 4 - C:\Programme\preispiraten\Preispiraten4\IEButtonPPInterface.dll [2006-11-23 661504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-05-11 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-03-30 335872]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"Dit"=C:\WINDOWS\Dit.exe [2002-08-28 73728]
"CHotkey"=C:\WINDOWS\mHotkey.exe [2002-07-23 477184]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2007-10-03 185632]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-04-02 342312]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SyncroNaut Timer"=C:\Programme\ASBiON\SyncroNaut\SYSTEM\Timer4.exe [2007-02-23 1200640]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"XPClean-RegWarner"=C:\Programme\XPcleanv5\RegWarner.exe /s []
"ClipIncSrvTray"=C:\Programme\Tobit ClipInc\Player\ClipIncTray.exe [2009-03-16 668424]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-13 68856]
"eqswm"=c:\dokumente und einstellungen\alex\lokale einstellungen\anwendungsdaten\eqswm.exe [2009-05-20 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI Foto Service]
C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe [2007-01-26 1167360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALDI_SUED_FotoSuite_Download]
C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe [2007-01-26 1167360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLMIcon]
C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2007-04-04 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-15 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-17 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Programme\Home Cinema\PowerCinema\PCMService.exe [2004-04-05 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-13 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2007-10-03 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip2\WZQKPICK.EXE [2006-09-01 122880]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Programme\SopCast\adv\SopAdver.exe"="C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Programme\SopCast\SopCast.exe"="C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-05-22 15:24:19 ----DC---- C:\rsit
2009-05-22 14:45:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-05-22 14:44:31 ----D---- C:\WINDOWS\LastGood
2009-05-21 18:05:27 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-05-21 18:05:26 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-05-21 17:49:32 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-21 17:49:24 ----D---- C:\Programme\MSBuild
2009-05-21 17:49:21 ----D---- C:\WINDOWS\system32\en-US
2009-05-21 17:49:04 ----D---- C:\Programme\Reference Assemblies
2009-05-21 17:47:53 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-05-21 17:47:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-05-21 17:47:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-05-21 17:23:26 ----D---- C:\WINDOWS\ie8updates
2009-05-21 17:20:44 ----HDC---- C:\WINDOWS\ie8
2009-05-20 18:05:16 ----D---- C:\Programme\Panda Security
2009-05-20 17:52:39 ----D---- C:\Programme\ClearProg
2009-05-20 17:52:27 ----A---- C:\Programme\Setup_ClearProg_1.5.1_Beta8.exe
2009-05-20 17:38:12 ----D---- C:\Programme\Trend Micro
2009-05-20 15:53:09 ----D---- C:\WINDOWS\BDOSCAN8
2009-05-18 17:07:17 ----D---- C:\Programme\Avira
2009-05-18 17:07:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-05-13 15:33:40 ----D---- C:\Programme\iTunes
2009-05-13 15:33:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-13 15:30:34 ----D---- C:\Programme\Apple Software Update
2009-05-13 15:30:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-13 15:29:52 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-05-13 15:29:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-04-15 08:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 08:42:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 08:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 08:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 08:38:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 08:38:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-03-11 09:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 09:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 09:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 09:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 14:29:14 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:28:56 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:27:44 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:27:24 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-03-02 15:53:39 ----D---- C:\Programme\Gemeinsame Dateien\MaierSoft
2009-03-02 15:53:38 ----D---- C:\Programme\SimilarImages
2009-03-02 15:52:45 ----D---- C:\Programme\Fotosizer
2009-02-27 21:23:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

======List of files/folders modified in the last 3 months======

2009-05-22 15:24:19 ----D---- C:\WINDOWS\Prefetch
2009-05-22 15:21:50 ----HD---- C:\WINDOWS\inf
2009-05-22 15:16:46 ----D---- C:\WINDOWS\system32
2009-05-22 14:58:31 ----D---- C:\WINDOWS\Temp
2009-05-22 14:46:40 ----D---- C:\WINDOWS
2009-05-22 14:46:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-22 14:46:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-22 14:45:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-22 14:43:20 ----D---- C:\Programme\Mozilla Firefox
2009-05-22 08:07:28 ----A---- C:\WINDOWS\ModemLog_Creatix V.9X data fax modem.txt
2009-05-22 08:07:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ASBiON
2009-05-21 22:12:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-21 19:53:30 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-21 19:53:26 ----RSD---- C:\WINDOWS\assembly
2009-05-21 19:38:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-21 18:19:23 ----DC---- C:\Config.Msi
2009-05-21 18:05:34 ----A---- C:\WINDOWS\imsins.BAK
2009-05-21 18:05:16 ----SHD---- C:\WINDOWS\Installer
2009-05-21 18:04:58 ----D---- C:\WINDOWS\system32\de-de
2009-05-21 17:58:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-21 17:57:30 ----D---- C:\WINDOWS\WinSxS
2009-05-21 17:49:24 ----RD---- C:\Programme
2009-05-21 17:49:17 ----RSD---- C:\WINDOWS\Fonts
2009-05-21 17:48:39 ----D---- C:\WINDOWS\system32\spool
2009-05-21 17:36:20 ----D---- C:\WINDOWS\Media
2009-05-21 17:36:20 ----D---- C:\WINDOWS\Help
2009-05-21 17:36:20 ----D---- C:\Programme\Internet Explorer
2009-05-21 17:22:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-20 18:08:37 ----D---- C:\WINDOWS\system32\drivers
2009-05-20 07:57:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-05-20 07:56:35 ----D---- C:\Programme\Spybot - Search & Destroy
2009-05-17 17:25:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-16 16:50:12 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-05-13 15:33:48 ----D---- C:\Programme\iPod
2009-05-13 15:32:20 ----D---- C:\Programme\QuickTime
2009-05-13 15:31:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-05-13 15:30:42 ----SD---- C:\WINDOWS\Tasks
2009-05-13 15:29:52 ----D---- C:\Programme\Gemeinsame Dateien
2009-05-07 09:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-30 19:17:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2009-04-15 10:33:20 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 10:33:19 ----D---- C:\WINDOWS\AppPatch
2009-03-21 16:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-13 11:41:30 ----A---- C:\WINDOWS\CISUnins.exe
2009-03-13 11:41:30 ----A---- C:\WINDOWS\CICUnins.exe
2009-03-08 14:29:32 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:27:42 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-03-06 16:19:00 ----A---- C:\WINDOWS\system32\pdh.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-30 700928]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-01-08 812416]
R3 ctxc51;ctxc51; C:\WINDOWS\System32\DRIVERS\ctxc51.sys [2004-01-20 1086853]
R3 ctxc52;ctxc52; C:\WINDOWS\System32\DRIVERS\ctxc52.sys [2004-01-20 619369]
R3 ctxc53;ctxc53; C:\WINDOWS\System32\DRIVERS\ctxc53.sys [2004-01-20 51493]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-01-20 31472]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 Cap7134;MEDION (7134) WDM Video Capture; C:\WINDOWS\System32\DRIVERS\Cap7134.sys [2003-06-05 350752]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3; C:\WINDOWS\System32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 uxddrv;Dynamically loaded UxdDrv; \??\f:\Diagnose\Wstpro\uxddrv.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AAV UpdateService;AAV UpdateService; C:\Programme\Gemeinsame Dateien\AAV\aavus.exe [2007-10-04 122880]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 ClipInc001;ClipInc 001; C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [2009-03-16 2225416]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 LogWatch;Ereignisprotokoll-Überwachung; C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 CA_LIC_CLNT;CA-Lizenz-Client; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
S3 CA_LIC_SRVR;CA-Lizenzserver; C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-11 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

deoroller · May 22, 2009

O4 - HKCU\..\Run: [eqswm] "c:\dokumente und einstellungen\alex\lokale einstellungen\anwendungsdaten\eqswm.exe" eqswm

bei Jotti/Virustotal scannen und poste anschl.die Ergebnisse...

jannoah1999 · May 22, 2009

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.22 Trojan.Skintrim!IK
AhnLab-V3 5.0.0.2 2009.05.22 -
AntiVir 7.9.0.168 2009.05.22 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.22 -
BitDefender 7.2 2009.05.22 -
CAT-QuickHeal 10.00 2009.05.22 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.22 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6518 2009.05.22 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.22 -
Fortinet 3.117.0.0 2009.05.22 -
GData 19 2009.05.22 -
Ikarus T3.1.1.49.0 2009.05.22 Trojan.Skintrim
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.22 -
McAfee 5622 2009.05.21 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.22 -
Microsoft 1.4701 2009.05.22 Trojan:Win32/Skintrim.gen!D
NOD32 4097 2009.05.22 -
Norman 6.01.05 2009.05.20 -
nProtect 2009.1.8.0 2009.05.22 -
Panda 10.0.0.14 2009.05.22 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.22 -
Rising 21.30.42.00 2009.05.22 -
Sophos 4.42.0 2009.05.22 Mal/SkimTrim-C
Sunbelt 3.2.1858.2 2009.05.22 -
Symantec 1.4.4.12 2009.05.22 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.22 -
VBA32 3.12.10.5 2009.05.22 -
ViRobot 2009.5.22.1747 2009.05.22 -
VirusBuster 4.6.5.0 2009.05.22 -

deoroller · May 22, 2009

Die Datei ist anscheinend nicht harmlos.

Im abgesicherten Modus mit deaktivierter Systemwiederherstellung den Eintrag mit HiJackThis entfernen.

jannoah1999 · May 23, 2009

vielen dank!
Problem gelöst!
Alex

-humi- · May 23, 2009

lasse dein System bitte mittels Bitdefender Onlinescan mal checken:
http://www.bitdefender.de/scan_de/scan8/ie.html

Nevok · May 23, 2009

@ jannoah1999

Java Runtime Environment (JRE) ist veraltet. Bitte deinstallieren und von http://www.java.com/de/download/manual.jsp die aktuelle Version runterladen und installieren.

Gruß
Nevok

-humi- · May 29, 2009

ich finds nett, wenn sich ein TO nicht mehr meldet, der glaubt er habe es geschafft....
bin mir sicher: bis bald

deoroller · May 29, 2009

Man weiß ja nicht, wie das Problem gelöst wurde.
Vielleicht hat der TO jetzt einen Mac.

Log in or Sign up

Trojaner?? Fenster öffnet sich automatisch

jannoah1999 ROM

-humi- Joker

jannoah1999 ROM

jannoah1999 ROM

deoroller Wandelndes Forum

jannoah1999 ROM

deoroller Wandelndes Forum

jannoah1999 ROM

-humi- Joker

Nevok Ganzes Gigabyte

-humi- Joker

deoroller Wandelndes Forum

Share This Page