Verdacht auf Trojana, bitte dringend um Hilfe

Hallo Sorry für die unklare Vorstellung.
Ich bin eine der beiden Bekannten von Jörg (die Tochter)
sollten uns doch auch hier melden.

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3404
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

21.12.2009 21:44:42
mbam-log-2009-12-21 (21-44-42).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 245629
Laufzeit: 1 hour(s), 28 minute(s), 26 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Kim\Downloads\IMG55876_32.JPG-http://www.myspace.com(2).exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Kim\Downloads\IMG55876_32.JPG-http://www.myspace.com.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kim at 2009-12-21 22:06:35
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 216 GB (74%) free of 292 GB
Total RAM: 3000 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:34, on 21.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UMTS USB Modem Manager\UMTS USB Modem Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kim\Downloads\RSIT.exe
C:\Program Files\trend micro\Kim.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D798C9A1-0A14-4D86-BA29-E671155C29DF}: NameServer = 212.23.97.2 212.23.97.3
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 6863 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{B8A9F17E-872C-4BB4-85E0-58AFA53AFB29}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-14 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-04 6265376]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-08 894512]
"SmpcSys"=C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [2008-07-07 1038136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-08-12 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-08-12 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-08-12 145944]
"eRecoveryService"= []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-14 2043160]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"Skytel"=C:\Windows\Skytel.exe [2008-08-04 1833504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecu teHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\system32\EZUPBH~1.DLL [2009-06-02 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccid Driver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fir ewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fir ewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\E]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{528a1d43-4fa3-11de-813e-0017c46c4c4d}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{528a1d56-4fa3-11de-813e-0017c46c4c4d}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{72a92f40-7225-11de-8c80-00238b7eedc1}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{7640da52-501e-11de-a7ec-0017c46c4c4d}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{7640da54-501e-11de-a7ec-0017c46c4c4d}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints 2\{c3e7e04b-579e-11de-baf4-0017c46c4c4d}]
shell\AutoRun\command - E:\AutoRun.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-21 22:06:36 ----D---- C:\Program Files\trend micro
2009-12-21 22:06:35 ----D---- C:\rsit
2009-12-21 21:42:35 ----D---- C:\Program Files\QS
2009-12-21 19:55:13 ----D---- C:\Users\Kim\AppData\Roaming\Malwarebytes
2009-12-21 19:55:03 ----D---- C:\ProgramData\Malwarebytes
2009-12-21 19:55:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 03:00:27 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-12 03:00:26 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 23:53:18 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 23:53:16 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 23:53:15 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 23:53:15 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 23:53:14 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 23:53:14 ----A---- C:\Windows\system32\occache.dll
2009-12-09 23:53:14 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 23:53:14 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 23:53:13 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 23:53:13 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 23:53:13 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 23:44:42 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 23:36:47 ----A---- C:\Windows\system32\rastls.dll
2009-11-29 13:51:24 ----D---- C:\Program Files\GoogleClean
2009-11-29 13:46:05 ----D---- C:\Program Files\CCleaner
2009-11-29 13:17:33 ----D---- C:\Users\Kim\AppData\Roaming\TeamViewer
2009-11-27 03:01:18 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 14:49:10 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 14:49:09 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 03:31:36 ----A---- C:\Windows\system32\javaws.exe
2009-11-23 03:31:35 ----A---- C:\Windows\system32\javaw.exe
2009-11-23 03:31:35 ----A---- C:\Windows\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-12-21 22:07:09 ----D---- C:\Windows\Prefetch
2009-12-21 22:07:00 ----D---- C:\Windows\Temp
2009-12-21 22:06:36 ----RD---- C:\Program Files
2009-12-21 21:54:55 ----D---- C:\Windows\System32
2009-12-21 21:54:55 ----D---- C:\Windows\inf
2009-12-21 21:54:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-21 21:46:57 ----D---- C:\Windows\system32\drivers
2009-12-21 21:46:57 ----D---- C:\Windows\ehome
2009-12-21 20:59:46 ----D---- C:\Windows\system32\Tasks
2009-12-21 20:59:45 ----D---- C:\Windows\Tasks
2009-12-21 19:55:03 ----HD---- C:\ProgramData
2009-12-21 19:33:05 ----SHD---- C:\System Volume Information
2009-12-21 01:50:53 ----A---- C:\Windows\NeroDigital.ini
2009-12-19 14:43:02 ----D---- C:\Program Files\Mozilla Firefox
2009-12-18 03:34:22 ----HD---- C:\$AVG8.VAULT$
2009-12-18 01:18:07 ----D---- C:\Windows
2009-12-12 03:01:41 ----D---- C:\Windows\winsxs
2009-12-12 03:01:23 ----D---- C:\Windows\system32\catroot
2009-12-12 03:01:21 ----D---- C:\Windows\system32\catroot2
2009-12-10 03:37:34 ----D---- C:\Windows\rescache
2009-12-10 03:19:57 ----D---- C:\Windows\system32\migration
2009-12-10 03:19:55 ----D---- C:\Windows\system32\de-DE
2009-12-10 03:19:55 ----D---- C:\Program Files\Internet Explorer
2009-12-10 03:19:54 ----D---- C:\Program Files\Windows Mail
2009-12-10 03:03:37 ----SHD---- C:\Windows\Installer
2009-12-10 03:03:30 ----D---- C:\ProgramData\Microsoft Help
2009-12-10 03:01:14 ----D---- C:\Windows\Debug
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 13:48:56 ----D---- C:\Windows\Minidump
2009-11-23 03:31:33 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-06-02 108552]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-07-16 15392]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-08-24 101504]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-04 2161496]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2008-07-29 418816]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-20 60416]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-08 187448]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
R2 ETService;Empowering Technology Service; C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-08 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-04-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-12-21 22:07:37

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlackTriple-->"C:\Program Files\BlackTriple\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Collator (remove only)-->"C:\Program Files\Collator\uninstall.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Fiesta Online(EU_German) 1.02.026-->C:\Program Files\Gamigo Games\Fiesta Online(EU_German)\uninst.exe
Fruity (remove only)-->"C:\Program Files\Fruity\uninstall.exe"
GoogleClean-->"C:\Program Files\GoogleClean\unins000.exe"
HDRegDE-->MsiExec.exe /I{D359B12F-9B1A-46FD-B70C-F507B5B11590}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HorseJigsaw (remove only)-->"C:\Program Files\HorseJigsaw\uninstall.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Jumpu (remove only)-->"C:\Program Files\Jumpu\uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LavaJump-->"C:\Program Files\LavaJump\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaBoli-->"C:\Program Files\InstallShield Installation Information\{709817E4-5439-4206-8738-796B34B623BD}\setup.exe" -runfromtemp -l0x0007 -removeonly
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student-->C:\Program files\Microsoft Office\RunCmd.exe Office_Uninstall.cmd
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{62F7DA7E-CCCB-439C-A760-00C3926E761F}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8 Essentials-->MsiExec.exe /X{3559CDE0-11FC-4D7B-A65C-D646035B1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}
Packard Bell ImageWriter-->"C:\Program Files\InstallShield Installation Information\{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}\setup.exe" -runfromtemp -l0x0007 -removeonly
Packard Bell Recovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Packard Bell Updator-->"C:\Program Files\InstallShield Installation Information\{CA786CFF-1D31-4804-B436-F3405B14357F}\setup.exe" -runfromtemp -l0x0007 -removeonly
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
PingoPict (remove only)-->"C:\Program Files\PingoPict\uninstall.exe"
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetu p "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
RescueMe (remove only)-->"C:\Program Files\RescueMe\uninstall.exe"
RollerBalls (remove only)-->"C:\Program Files\RollerBalls\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Setup My PC-->"C:\Program Files\InstallShield Installation Information\{28518520-F25C-48C3-A224-861F331602F4}\setup.exe" -runfromtemp -l0x0007 -removeonly
Snake_and_Ladder (remove only)-->"C:\Program Files\Snake_and_Ladder\uninstall.exe"
SpacePong (remove only)-->"C:\Program Files\SpacePong\uninstall.exe"
SteelBrainMaster-->"C:\Program Files\SteelBrainMaster\unins000.exe"
StreetChase (remove only)-->"C:\Program Files\StreetChase\uninstall.exe"
Sudoku (remove only)-->"C:\Program Files\Sudoku\uninstall.exe"
SunsetBrainMaster-->"C:\Program Files\SunsetBrainMaster\unins000.exe"
SuperBrainMaster-->"C:\Program Files\SuperBrainMaster\unins000.exe"
SweetBrainMaster-->"C:\Program Files\SweetBrainMaster\unins000.exe"
SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
UMTS USB Modem Manager-->C:\Program Files\UMTS USB Modem Manager\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
WaterTales (remove only)-->"C:\Program Files\WaterTales\uninstall.exe"
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Sync-->MsiExec.exe /X{8C1E2925-14F8-45AA-B999-1E2A74BF5607}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: BillKaulitz
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-863_neutral_GDR aus Paket KB948610(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 18284
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602201505.000000-000
Event Type: Informationen
User: LAPI\Kim

Computer Name: BillKaulitz
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-862_neutral_LDR aus Paket KB948610(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 18283
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602201505.000000-000
Event Type: Informationen
User: LAPI\Kim

Computer Name: BillKaulitz
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-861_neutral_GDR aus Paket KB948610(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 18282
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602201505.000000-000
Event Type: Informationen
User: LAPI\Kim

Computer Name: BillKaulitz
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-860_neutral_LDR aus Paket KB948610(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 18281
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602201505.000000-000
Event Type: Informationen
User: LAPI\Kim

Computer Name: BillKaulitz
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-859_neutral_GDR aus Paket KB948610(Update) in den Status Wird aufgelöst(Resolving) setzen zu können.
Record Number: 18280
Source Name: Microsoft-Windows-Servicing
Time Written: 20090602201505.000000-000
Event Type: Informationen
User: LAPI\Kim

=====Application event log=====

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0xc00002fe) abgebrochen.
Record Number: 944
Source Name: Desktop Window Manager
Time Written: 20090309022416.000000-000
Event Type: Informationen
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 943
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090309022412.000000-000
Event Type: Informationen
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 942
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090309022411.000000-000
Event Type: Informationen
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 103
Message: Windows (1396) Windows: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 941
Source Name: ESENT
Time Written: 20090309022349.000000-000
Event Type: Informationen
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 940
Source Name: Microsoft-Windows-Search
Time Written: 20090309022349.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-MRVX7A7O0AJ$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x284
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1369
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090309022407.438125-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1368
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090309022350.106525-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-MRVX7A7O0AJ$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x284
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 1367
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090309022350.106525-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-MRVX7A7O0AJ$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x284
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1366
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090309022350.106525-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-MRVX7A7O0AJ
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-1838009730-3197933250-3659393460-500
Kontoname: Administrator
Domänenname: WIN-MRVX7A7O0AJ
Logon-ID: 0x2ccc1
Record Number: 1365
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090309022339.997725-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

Ja das habe ich ausgeführt, da hat sich dann im firefox ein neuer Tab geöffnet, da kam aber nichts also keine Adresse. Nur eine leere Seite. Dann hat sich ein Speicher Fenster geöffnet. Da bin ich dann auf Speichern gegangen, habe unter Downloads geschaut da war aber dann auch nichts von der eben runter geladenen Datei.

ne das war nich der link, kann ich den link hier reinsetzen?
Oder ist das nicht erlaubt?
Also diesen Link was sie gerade geschrieben haben habe ich nie angeklickt.

oder doch, auf diesem link hatte ich 2 trojana, aber das war nicht der Link der sich selber verschickt hat.

okay das mache ich dann mal und komme dann wieder online.
Also der Link lautet: foto:Dhxxp://tuephoto.tu.ohost.de/getimage.php?0=kim_tietze@hotmaile.de

Entschuldige bitte das ich gestern nicht mehr online gekommen bin, da ist etwas dazwischen gekommen was ich erledigen musste. Also ich habe diesen Scan jetzt gemacht, aber da kam gar nichts was ich hätte Kopieren können.

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit quick scan 2009-12-24 17:35:12
Windows 6.0.6002 Service Pack 2
Running: p189v8sw.exe; Driver: C:\Users\Kim\AppData\Local\Temp\fxldapod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-24 22:05:18
Windows 6.0.6002 Service Pack 2
Running: p189v8sw.exe; Driver: C:\Users\Kim\AppData\Local\Temp\fxldapod.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!SetScrollRange 766BD185 5 Bytes JMP 001D23B0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!GetSysColorBrush 766BE21C 5 Bytes JMP 001D24A0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!GetScrollInfo 766BF073 7 Bytes JMP 001D2280 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!ShowScrollBar 766BF8AE 5 Bytes JMP 001D2400 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!SetScrollInfo 766C71D8 7 Bytes JMP 001D2330 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!GetSysColor 766C9BF6 5 Bytes JMP 001D2440 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!EnableScrollBar 766DAF53 7 Bytes JMP 001D2240 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!GetScrollPos 766E337D 5 Bytes JMP 001D22C0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!GetScrollRange 766E34A5 5 Bytes JMP 001D22F0 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\Mobile Partner\Mobile Partner.exe[2592] USER32.dll!SetScrollPos 766E3602 5 Bytes JMP 001D2370 C:\Program Files\Mobile Partner\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] kernel32.dll!LoadLibraryExW 77889109 6 Bytes JMP 5F070F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] kernel32.dll!ReadFile 7789F02B 6 Bytes JMP 5F160F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] kernel32.dll!GetFileSize 778A7148 6 Bytes JMP 5F190F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] kernel32.dll!CloseHandle 778AAE8D 6 Bytes JMP 5F130F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] kernel32.dll!CreateFileW 778AAECB 6 Bytes JMP 5F100F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] USER32.dll!SetParent 766BA2AA 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] USER32.dll!SetParent + 4 766BA2AE 2 Bytes [1D, 5F]
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] USER32.dll!CreateWindowExW 766C1305 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] USER32.dll!DispatchMessageW 766D021C 6 Bytes JMP 5F040F5A
.text C:\Program Files\ICQ6.5\ICQ.exe[5560] ole32.dll!CoCreateInstance 765B9EA6 6 Bytes JMP 5F0D0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----