Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random shutdowns

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Random shutdowns

Unread postby Azvi » January 20th, 2011, 5:00 pm

Hello,

my computer is suffering from random shutdowns and i would like to ask you to help me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:32, on 20.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\Programme\Alwil Software\Avast5\AvastUI.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3246177599
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: YUIMMQP - Unknown owner - C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe (file missing)

--
End of file - 4229 bytes

Uninstall List:

Actiontec MDC AC'97 Modem v2122D
Adobe Flash Player 10 Plugin
Anti-Twin (Installation 26.07.2008)
ATI - Dienstprogramm zur Deinstallation der Software
ATI Control Panel
ATI Display Driver
ATK0100 ACPI UTILITY
avast! Free Antivirus
CCleaner (remove only)
CDBurnerXP
Dungeon Lords Collector's Edition
Dungeon Lords Patch
EasyBox
Europa Universalis 2
FinalBurner Free v2.23.0.193
Foxit Reader
Free Video Dub version 1.8
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Keydefin V2.0
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
mDriver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.0
Philips GoGear HDD Device Manager
PowerDVD
Samsung Network Manager
Samsung Update Plus
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2183461)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360131)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2416400)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981349)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982381)
Sicherheitsupdate für Windows XP (KB982665)
Sierra On-Line Games (Remove only)
Sierra Utilities
Skype™ 5.0
Sophos Anti-Rootkit 1.3.1
SUPER © Version 2008.bld.32 (July 8, 2008)
Sygate Personal Firewall
Synaptics TouchPad
Ulead Photo Explorer 7.0 SE Platinum
Ulead VideoStudio 7 SE DVD
Ultima Online: Mondain's Legacy
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB955759)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
User's Guide
VLC media player 1.0.0
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows XP Service Pack 3
WinRAR
xp-AntiSpy 3.96-8

Thank you for helping me.
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm
Advertisement
Register to Remove

Re: Random shutdowns

Unread postby muppy03 » January 20th, 2011, 8:32 pm

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

I see some left overs from Symantec.

Go to Start-Settings-Control Panel, click on Add /remove programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.


NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Random shutdowns

Unread postby Azvi » January 21st, 2011, 2:20 am

Hi, thank you alot for helping me.

The Malware Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5563

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21.01.2011 07:19:27
mbam-log-2011-01-21 (07-19-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154434
Laufzeit: 11 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Logfile of random's system information tool 1.08 (written by random/random)
Run by Gerda Schmahl at 2011-01-21 07:20:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (3%) free of 76 GB
Total RAM: 511 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:20:31, on 21.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Gerda Schmahl\Desktop\Download\RSIT.exe
C:\Programme\trend micro\Gerda Schmahl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [VcCleanUp.exe] C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\VcCleanUp.exe /F C:\PROGRA~1\GEMEIN~1\SYMANT~1\LiveReg\ /RemoveAll
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3246177599
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: YUIMMQP - Unknown owner - C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe (file missing)

--
End of file - 4572 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-10 87751]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2003-06-17 126976]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2003-06-17 561152]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-08 61440]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-02-24 2372760]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avast5"=C:\Programme\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VcCleanUp.exe"=C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\VcCleanUp.exe [2002-08-06 61440]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-12-20 443728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-01-21 07:20:04 ----D---- C:\rsit
2011-01-21 06:46:38 ----D---- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\Malwarebytes
2011-01-21 06:46:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-21 06:46:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-01-21 06:46:25 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-21 06:46:24 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2011-01-20 21:53:04 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-20 21:53:03 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-20 21:53:01 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-20 21:53:01 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-20 21:53:00 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-20 21:53:00 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-20 21:52:59 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-20 21:52:41 ----SHD---- C:\Config.Msi
2011-01-20 21:52:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-01-20 20:31:54 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2011-01-20 20:28:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2011-01-20 19:16:47 ----A---- C:\WINDOWS\system32\drivers\tmcomm.sys
2011-01-14 00:40:10 ----D---- C:\Programme\Razor
2011-01-14 00:18:21 ----D---- C:\Programme\EA Games
2011-01-13 23:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2010-12-29 06:31:56 ----D---- C:\Programme\Strategy First
2010-12-29 03:49:51 ----D---- C:\Programme\Trend Micro

======List of files/folders modified in the last 1 months======

2011-01-21 06:47:26 ----RD---- C:\Programme
2011-01-21 06:46:29 ----D---- C:\WINDOWS\system32\drivers
2011-01-21 06:44:18 ----SD---- C:\WINDOWS\Tasks
2011-01-21 06:44:08 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2011-01-21 06:11:20 ----D---- C:\WINDOWS\Temp
2011-01-20 22:03:23 ----D---- C:\Programme\eMule
2011-01-20 21:52:48 ----SHD---- C:\WINDOWS\Installer
2011-01-20 21:52:45 ----D---- C:\WINDOWS\WinSxS
2011-01-20 21:52:25 ----D---- C:\WINDOWS
2011-01-20 21:52:23 ----D---- C:\WINDOWS\system32
2011-01-20 21:52:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
2011-01-20 21:27:32 ----D---- C:\Programme\Gemeinsame Dateien
2011-01-20 21:27:30 ----SHD---- C:\System Volume Information
2011-01-20 21:15:48 ----D---- C:\WINDOWS\Prefetch
2011-01-20 21:09:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-20 21:04:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-20 20:48:15 ----D---- C:\WINDOWS\Debug
2011-01-20 20:03:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-17 19:36:49 ----HD---- C:\Programme\InstallShield Installation Information
2011-01-13 23:39:42 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-13 23:39:24 ----HD---- C:\WINDOWS\inf
2011-01-13 16:38:07 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-08 20:13:04 ----D---- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\vlc
2011-01-08 19:56:07 ----D---- C:\Blub
2011-01-06 03:08:16 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-29 03:49:54 ----SD---- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\Microsoft
2010-12-27 09:04:26 ----A---- C:\WINDOWS\Ulead32.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 ohci1394;OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 rmedia;Ricoh MediaCard Driver; C:\WINDOWS\system32\DRIVERS\rmedia.sys [2002-12-24 59520]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-11 691696]
R0 Teefer;Teefer for NT; C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [2004-02-02 55891]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-02-02 11914]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-10 1164576]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-02-25 670208]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2003-09-08 5786]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-05-16 220048]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-06-17 264528]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 aed8iydu;aed8iydu; C:\WINDOWS\system32\drivers\aed8iydu.sys []
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gsplittm;gsplittm; \??\C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\gsplittm.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1.tmp []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-02-15 6300]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-02-15 9021]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-02-17 140619]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter-Treiber; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2004-03-03 2482176]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-02-25 397312]
R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NMSAccess;NMSAccess; C:\Programme\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 SmcService;Sygate Personal Firewall; C:\Programme\Sygate\SPF\smc.exe [2004-02-24 2372760]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Samsung Update Plus;Samsung Update Plus; C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2006-07-21 57344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 YUIMMQP;YUIMMQP; C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe []
S4 iPodService;iPodService; C:\Programme\iPod\bin\iPodService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.08 2011-01-21 07:20:37

======Uninstall list======

-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BAD400A0-F924-4BB6-9651-CD45642B3917}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec MDC AC'97 Modem v2122D-->agrsmdel
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Anti-Twin (Installation 26.07.2008)-->C:\Programme\AntiTwin\uninstall.exe /uninst "UninstallKey=Anti-Twin 2008-07-26 18.30.39"
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
avast! Free Antivirus-->C:\Programme\Alwil Software\Avast5\aswRunDll.exe "C:\Programme\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Programme\CDBurnerXP\unins000.exe"
Dungeon Lords Collector's Edition-->MsiExec.exe /I{DD63D54B-4A8C-4547-8A98-DDD5718FEE5E}
Dungeon Lords Patch-->MsiExec.exe /I{38F82684-6453-4678-87B8-7A1F01623F9D}
EasyBox-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A999CE76-D054-4684-80C7-53FC9243E019}\Setup.exe" -l0x7 Remove
Europa Universalis 2-->C:\PROGRA~1\STRATE~1\EUROPA~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\EUROPA~1\INSTALL.LOG
FinalBurner Free v2.23.0.193-->"C:\Programme\FinalBurner\Uninstall.exe" "C:\Programme\FinalBurner\install.log" -u
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
Free Video Dub version 1.8-->"C:\Programme\DVDVideoSoft\Free Video Dub\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Keydefin V2.0-->C:\WINDOWS\IsUninst.exe -fC:\Programme\SAMSUNG\Keydefin\Uninst.isu
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.13)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OpenOffice.org 3.0-->MsiExec.exe /I{7EC19307-7C22-47A8-922B-3FA965291260}
Philips GoGear HDD Device Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{B184A2F7-3EC8-4B86-8412-27E0D53BA535} /l1031
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Samsung Network Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3E8077B5-A703-4F0F-B652-BA615F87A15D}\Setup.exe" -l0x7
Samsung Update Plus-->MsiExec.exe /X{AF7CFEF6-BF8A-40EE-A3A9-9A3D567DF066}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Sicherheitsupdate für Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2360131)-->"C:\WINDOWS\$NtUninstallKB2360131$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2416400)-->"C:\WINDOWS\$NtUninstallKB2416400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Sierra On-Line Games (Remove only)-->C:\SIERRA\SETUP.EXE /U
Sierra Utilities-->C:\Programme\Sierra On-Line\sutil32.exe uninstall
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Sophos Anti-Rootkit 1.3.1-->C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove
SUPER © Version 2008.bld.32 (July 8, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Sygate Personal Firewall-->MsiExec.exe /X{F860F390-78F4-4B45-8C1A-0489618E315B}
Synaptics TouchPad-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ulead Photo Explorer 7.0 SE Platinum-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}\setup.exe" -l0x7
Ulead VideoStudio 7 SE DVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x7
Ultima Online: Mondain's Legacy-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}\setup.exe" -l0x9 -removeonly
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update für Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update für Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
User's Guide-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EF99C14B-17C2-4994-B5C1-EB204A343A6F}\Setup.exe" Remove
VLC media player 1.0.0-->C:\Programme\VideoLAN\VLC\uninstall.exe
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
xp-AntiSpy 3.96-8-->C:\Programme\xp-AntiSpy\Uninstall.exe

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: RAZZIA
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{8A3D75A6-CFBD-4285-8B3E-CCDAC32DDCE9}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 77424
Source Name: Tcpip
Time Written: 20101209110659.000000+060
Event Type: Informationen
User:

Computer Name: RAZZIA
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{8A3D75A6-CFBD-4285-8B3E-CCDAC32DDCE9}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 77423
Source Name: Tcpip
Time Written: 20101209110653.000000+060
Event Type: Informationen
User:

Computer Name: RAZZIA
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{8A3D75A6-CFBD-4285-8B3E-CCDAC32DDCE9}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 77422
Source Name: Tcpip
Time Written: 20101209110646.000000+060
Event Type: Informationen
User:

Computer Name: RAZZIA
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{8A3D75A6-CFBD-4285-8B3E-CCDAC32DDCE9}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 77421
Source Name: Tcpip
Time Written: 20101209110646.000000+060
Event Type: Informationen
User:

Computer Name: RAZZIA
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{8A3D75A6-CFBD-4285-8B3E-CCDAC32DDCE9}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 77420
Source Name: Tcpip
Time Written: 20101209110641.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: GIGI
Event Code: 20
Message:
Record Number: 10171
Source Name: Google Update
Time Written: 20100131051932.000000+060
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: GIGI
Event Code: 20
Message:
Record Number: 10170
Source Name: Google Update
Time Written: 20100131042607.000000+060
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: GIGI
Event Code: 20
Message:
Record Number: 10169
Source Name: Google Update
Time Written: 20100131041321.000000+060
Event Type: Fehler
User: NT-AUTORITÄT\SYSTEM

Computer Name: GIGI
Event Code: 0
Message:
Record Number: 10168
Source Name: gupdate1ca289f754fb530
Time Written: 20100131040448.000000+060
Event Type: Informationen
User:

Computer Name: GIGI
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 10167
Source Name: SecurityCenter
Time Written: 20100131040420.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


I removed the rests of Symantec, and removed the file Malwarebytes' Anti-Malware showed me.
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm

Re: Random shutdowns

Unread postby muppy03 » January 21st, 2011, 7:00 pm

A couple of things that you need to consider and what could be contributing to the random shutdowns.
System drive C: has 2 GB (3%) free of 76 GB
XP really likes about 15% to work at its best, so if you can either remove unwanted programs or move them to a different drive it would help immensely. You also have quite low RAM by todays standards.
Total RAM: 511 MB (27% free)
If you are able to increase it to at least 1GB, it will help the performance of the computer.

Do you know what this folder is?

C:\Blub

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Random shutdowns

Unread postby Azvi » January 22nd, 2011, 5:53 pm

New HijackThis.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:54:32, on 22.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\Programme\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3246177599
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: YUIMMQP - Unknown owner - C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe (file missing)

--
End of file - 4010 bytes

ComboFix 11-01-22.01 - Gerda Schmahl 22.01.2011 22:37:55.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Gerda Schmahl\Desktop\Download\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Gerda Schmahl\Anwendungsdaten\.#
c:\windows\system32\STEC3.sys

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STEC3
-------\Service_STEC3


((((((((((((((((((((((( Dateien erstellt von 2010-12-22 bis 2011-01-22 ))))))))))))))))))))))))))))))
.

2011-01-21 06:20 . 2011-01-21 06:20 -------- d-----w- C:\rsit
2011-01-21 05:46 . 2011-01-21 05:46 -------- d-----w- c:\dokumente und einstellungen\Gerda Schmahl\Anwendungsdaten\Malwarebytes
2011-01-21 05:46 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-21 05:46 . 2011-01-21 05:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-01-21 05:46 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-21 05:46 . 2011-01-21 05:46 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-01-20 20:53 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-20 20:53 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-20 20:53 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-20 20:53 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-20 20:53 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-20 20:53 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-20 20:52 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-20 20:52 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-20 20:52 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-20 19:31 . 2011-01-20 20:16 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2011-01-20 19:28 . 2011-01-20 20:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2011-01-20 18:16 . 2011-01-20 18:16 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-01-17 18:34 . 2005-04-03 22:02 753664 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-01-17 18:34 . 2005-04-03 22:02 69714 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-01-17 18:34 . 2005-04-03 22:01 274432 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-01-17 18:34 . 2005-04-03 22:00 184320 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-01-17 18:34 . 2005-04-03 21:59 5632 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-01-17 18:34 . 2011-01-17 18:34 200836 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-01-17 18:34 . 2011-01-17 18:34 331908 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-01-13 23:40 . 2011-01-13 23:40 -------- d-----w- c:\programme\Razor
2011-01-13 23:18 . 2011-01-17 18:36 -------- d-----w- c:\programme\EA Games
2010-12-29 05:31 . 2010-12-29 05:31 -------- d-----w- c:\programme\Strategy First
2010-12-29 02:49 . 2010-12-29 02:49 388096 ----a-r- c:\dokumente und einstellungen\Gerda Schmahl\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-29 02:49 . 2011-01-21 06:20 -------- d-----w- c:\programme\Trend Micro

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 20:11 . 2009-08-20 13:59 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-11-18 18:12 . 2004-08-31 18:20 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:51 . 2004-08-31 18:05 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-05 05:04 . 2004-08-31 18:05 672768 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:04 . 2004-08-31 18:05 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-02 15:17 . 2004-08-31 18:05 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:12 . 2004-08-31 18:05 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-08-31 18:05 1853440 ----a-w- c:\windows\system32\win32k.sys
2008-08-04 16:12 . 2008-08-04 16:12 0 ----a-w- c:\programme\izWrTe52971.tmp
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-10 87751]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2003-06-17 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2003-06-17 561152]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2003-09-08 61440]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-02-24 2372760]
"avast5"="c:\programme\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03.08.2008 09:56 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.01.2011 21:53 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.01.2011 21:53 17744]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [31.08.2004 19:37 4300]
S3 gsplittm;gsplittm;\??\c:\dokume~1\GERDAS~1\LOKALE~1\Temp\gsplittm.sys --> c:\dokume~1\GERDAS~1\LOKALE~1\Temp\gsplittm.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
S3 YUIMMQP;YUIMMQP;c:\dokume~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe --> c:\dokume~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\dokumente und einstellungen\Gerda Schmahl\Anwendungsdaten\Mozilla\Firefox\Profiles\z8l5q80c.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: keyword.URL - hxxp://ecosia.org/lucky.php?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Flash Video Resources Downloader: max@subfighter.com - %profile%\extensions\max@subfighter.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Ecosia (eco-friendly search engine): {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} - %profile%\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-22 22:46
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1.tmp"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2988)
c:\windows\system32\SSSensor.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Sygate\SPF\smc.exe
c:\programme\Alwil Software\Avast5\AvastSvc.exe
c:\windows\AGRSMMSG.exe
c:\programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-22 22:50:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-22 21:50

Vor Suchlauf: 3.859.030.016 Bytes frei
Nach Suchlauf: 3.805.790.208 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BCBA8CDC8B3905E509DDAF0D78E8F9EC


c:/blub is file a with movies, fotos and music.

This computer is a laptop, i think i cant add RAM.
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm

Re: Random shutdowns

Unread postby muppy03 » January 22nd, 2011, 6:46 pm

Please give me an update on problems on your next post after doing the following. Are you still having random shutdowns? Any other problems noticed?

1. COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    c:\programme\izWrTe52971.tmp
    c:\dokume~1\GERDAS~1\LOKALE~1\Temp\gsplittm.sys
    c:\dokume~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe
    
     Folder::
    c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
    
    Driver::
    gsplittm
    YUIMMQP
     
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


2. TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

3. Re Run RSIT and post the one log it produces.

Please reply with:-
  • Combofix log
  • RSIT log
  • Update on problems
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Random shutdowns

Unread postby Azvi » January 22nd, 2011, 7:39 pm

ComboFix 11-01-22.01 - Gerda Schmahl 23.01.2011 0:18:52.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.259 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Gerda Schmahl\Desktop\Download\ComboFix.exe
Benutzte Befehlsschalter :: C:\Dokumente und Einstellungen\Gerda Schmahl\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
"c:\dokume~1\GERDAS~1\LOKALE~1\Temp\gsplittm.sys"
"c:\dokume~1\GERDAS~1\LOKALE~1\Temp\YUIMMQP.exe"
"c:\programme\izWrTe52971.tmp"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools\DownloadManager\avinstall_dl.tmp_LogFile.txt
c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools\DownloadManager\PC Tools AntiVirus Free8.0\avinstall_dl.exe
c:\programme\izWrTe52971.tmp

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GSPLITTM
-------\Legacy_YUIMMQP
-------\Service_gsplittm
-------\Service_YUIMMQP


((((((((((((((((((((((( Dateien erstellt von 2010-12-22 bis 2011-01-22 ))))))))))))))))))))))))))))))
.

2011-01-21 06:20:04 . 2011-01-21 06:20:37 -------- d-----w- C:\rsit
2011-01-21 05:46:38 . 2011-01-21 05:46:38 -------- d-----w- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\Malwarebytes
2011-01-21 05:46:29 . 2010-12-20 17:09:00 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-21 05:46:28 . 2011-01-21 05:46:28 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-01-21 05:46:25 . 2010-12-20 17:08:40 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-21 05:46:24 . 2011-01-21 05:46:31 -------- d-----w- C:\Programme\Malwarebytes' Anti-Malware
2011-01-20 20:53:04 . 2011-01-13 08:37:09 17744 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-20 20:53:03 . 2011-01-13 08:41:16 294608 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-20 20:53:01 . 2011-01-13 08:40:16 47440 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-20 20:53:01 . 2011-01-13 08:37:30 23632 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-20 20:53:00 . 2011-01-13 08:40:04 100176 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-20 20:53:00 . 2011-01-13 08:39:50 94544 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-20 20:52:59 . 2011-01-13 08:37:11 29392 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-20 20:52:25 . 2011-01-13 08:47:35 38848 ----a-w- C:\WINDOWS\avastSS.scr
2011-01-20 20:52:23 . 2011-01-13 08:47:32 188216 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-01-20 19:31:54 . 2011-01-20 20:16:20 -------- d---a-w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2011-01-20 18:16:47 . 2011-01-20 18:16:46 190032 ----a-w- C:\WINDOWS\system32\drivers\tmcomm.sys
2011-01-17 18:34:51 . 2005-04-03 22:02:58 753664 ----a-w- C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-01-17 18:34:51 . 2005-04-03 22:02:24 69714 ----a-w- C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-01-17 18:34:51 . 2005-04-03 22:01:28 274432 ----a-w- C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-01-17 18:34:51 . 2005-04-03 22:00:52 184320 ----a-w- C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-01-17 18:34:51 . 2005-04-03 21:59:52 5632 ----a-w- C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-01-17 18:34:45 . 2011-01-17 18:34:45 200836 ----a-w- C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-01-17 18:34:44 . 2011-01-17 18:34:44 331908 ----a-w- C:\Programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-01-13 23:40:10 . 2011-01-13 23:40:11 -------- d-----w- C:\Programme\Razor
2011-01-13 23:18:21 . 2011-01-17 18:36:33 -------- d-----w- C:\Programme\EA Games
2010-12-29 05:31:56 . 2010-12-29 05:31:56 -------- d-----w- C:\Programme\Strategy First
2010-12-29 02:49:54 . 2010-12-29 02:49:54 388096 ----a-r- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-29 02:49:51 . 2011-01-21 06:20:31 -------- d-----w- C:\Programme\Trend Micro

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 20:11:06 . 2009-08-20 13:59:48 43520 ----a-w- C:\WINDOWS\system32\CmdLineExt03.dll
2010-11-18 18:12:41 . 2004-08-31 18:20:16 86016 ----a-w- C:\WINDOWS\system32\isign32.dll
2010-11-09 14:51:40 . 2004-08-31 18:05:42 249856 ----a-w- C:\WINDOWS\system32\odbc32.dll
2010-11-05 05:04:20 . 2004-08-31 18:05:57 672768 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-11-05 05:04:20 . 2004-08-31 18:05:54 61952 ----a-w- C:\WINDOWS\system32\tdc.ocx
2010-11-02 15:17:02 . 2004-08-31 18:05:39 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys
2010-10-28 13:12:17 . 2004-08-31 18:05:11 290048 ----a-w- C:\WINDOWS\system32\atmfd.dll
2010-10-26 14:05:38 . 2004-08-31 18:05:57 1853440 ----a-w- C:\WINDOWS\system32\win32k.sys
2006-05-03 09:06:54 163328 --sh--r- C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- C:\WINDOWS\system32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-10 02:37:10 87751]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-06-17 01:40:00 126976]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-06-17 01:40:00 561152]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-08 07:02:58 61440]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-02-24 14:35:06 2372760]
"avast5"="C:\Programme\Alwil Software\Avast5\avastUI.exe" [2011-01-13 08:47:34 3396624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:22:40 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [03.08.2008 09:56:36 691696]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [20.01.2011 21:53:03 294608]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [20.01.2011 21:53:04 17744]
R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [31.08.2004 19:37:07 4300]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\1.tmp --> C:\WINDOWS\system32\1.tmp [?]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\Mozilla\Firefox\Profiles\z8l5q80c.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: keyword.URL - hxxp://ecosia.org/lucky.php?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Flash Video Resources Downloader: max@subfighter.com - %profile%\extensions\max@subfighter.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Ecosia (eco-friendly search engine): {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} - %profile%\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Gerda Schmahl at 2011-01-23 00:38:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (18%) free of 76 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:38:29, on 23.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Gerda Schmahl\Desktop\Download\RSIT.exe
C:\Programme\trend micro\Gerda Schmahl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3246177599
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

--
End of file - 3902 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-10 87751]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2003-06-17 126976]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2003-06-17 561152]
"Hcontrol"=C:\WINDOWS\ATK0100\Hcontrol.exe [2003-09-08 61440]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-02-24 2372760]
"avast5"=C:\Programme\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-01-23 00:34:28 ----SHD---- C:\RECYCLER
2011-01-23 00:25:27 ----D---- C:\WINDOWS\temp
2011-01-23 00:17:17 ----D---- C:\ComboFix
2011-01-22 22:36:53 ----A---- C:\Boot.bak
2011-01-22 22:36:47 ----RASHD---- C:\cmdcons
2011-01-22 22:32:59 ----A---- C:\WINDOWS\NIRCMD.exe
2011-01-22 22:32:59 ----A---- C:\WINDOWS\MBR.exe
2011-01-22 22:32:58 ----A---- C:\WINDOWS\zip.exe
2011-01-22 22:32:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-01-22 22:32:58 ----A---- C:\WINDOWS\SWSC.exe
2011-01-22 22:32:58 ----A---- C:\WINDOWS\SWREG.exe
2011-01-22 22:32:58 ----A---- C:\WINDOWS\sed.exe
2011-01-22 22:32:58 ----A---- C:\WINDOWS\PEV.exe
2011-01-22 22:32:58 ----A---- C:\WINDOWS\grep.exe
2011-01-22 22:29:49 ----D---- C:\WINDOWS\ERDNT
2011-01-22 22:29:40 ----D---- C:\Qoobox
2011-01-21 07:20:04 ----D---- C:\rsit
2011-01-21 06:46:38 ----D---- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\Malwarebytes
2011-01-21 06:46:29 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-01-21 06:46:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-01-21 06:46:25 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-01-21 06:46:24 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2011-01-20 21:53:04 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-20 21:53:03 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-20 21:53:01 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-20 21:53:01 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-20 21:53:00 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-20 21:53:00 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-20 21:52:59 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-20 21:52:41 ----D---- C:\Config.Msi
2011-01-20 21:52:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-01-20 20:31:54 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2011-01-20 19:16:47 ----A---- C:\WINDOWS\system32\drivers\tmcomm.sys
2011-01-14 00:40:10 ----D---- C:\Programme\Razor
2011-01-14 00:18:21 ----D---- C:\Programme\EA Games
2011-01-13 23:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2010-12-29 06:31:56 ----D---- C:\Programme\Strategy First
2010-12-29 03:49:51 ----D---- C:\Programme\Trend Micro

======List of files/folders modified in the last 1 months======

2011-01-23 00:38:16 ----D---- C:\WINDOWS\Prefetch
2011-01-23 00:34:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-23 00:34:37 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-23 00:34:28 ----D---- C:\WINDOWS\system32
2011-01-23 00:34:28 ----D---- C:\WINDOWS
2011-01-23 00:28:11 ----A---- C:\WINDOWS\system.ini
2011-01-23 00:27:53 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-23 00:25:53 ----D---- C:\WINDOWS\system32\config
2011-01-23 00:25:01 ----RD---- C:\Programme
2011-01-23 00:23:16 ----D---- C:\WINDOWS\system32\drivers
2011-01-23 00:23:15 ----D---- C:\WINDOWS\AppPatch
2011-01-23 00:23:11 ----D---- C:\Programme\Gemeinsame Dateien
2011-01-22 23:11:05 ----D---- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\vlc
2011-01-22 22:36:54 ----RASH---- C:\boot.ini
2011-01-21 06:44:18 ----SD---- C:\WINDOWS\Tasks
2011-01-20 21:52:48 ----SHD---- C:\WINDOWS\Installer
2011-01-20 21:52:45 ----D---- C:\WINDOWS\WinSxS
2011-01-20 21:52:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
2011-01-20 21:27:30 ----SHD---- C:\System Volume Information
2011-01-20 20:48:15 ----D---- C:\WINDOWS\Debug
2011-01-20 20:03:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-17 19:36:49 ----HD---- C:\Programme\InstallShield Installation Information
2011-01-13 23:39:42 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-13 23:39:24 ----HD---- C:\WINDOWS\inf
2011-01-13 16:38:07 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-08 19:56:07 ----D---- C:\Blub
2011-01-06 03:08:16 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-29 03:49:54 ----SD---- C:\Dokumente und Einstellungen\Gerda Schmahl\Anwendungsdaten\Microsoft
2010-12-27 09:04:26 ----A---- C:\WINDOWS\Ulead32.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 ohci1394;OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 rmedia;Ricoh MediaCard Driver; C:\WINDOWS\system32\DRIVERS\rmedia.sys [2002-12-24 59520]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-11 691696]
R0 Teefer;Teefer for NT; C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys [2004-02-02 55891]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-02-02 11914]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-06-10 1164576]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-02-25 670208]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2003-09-08 5786]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-05-16 220048]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-06-17 264528]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a6j5jie3;a6j5jie3; C:\WINDOWS\system32\drivers\a6j5jie3.sys []
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\DOKUME~1\GERDAS~1\LOKALE~1\Temp\catchme.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\1.tmp []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2005-02-15 6300]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2005-02-15 9021]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2005-02-17 140619]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter-Treiber; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2004-03-03 2482176]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-02-25 397312]
R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Samsung Update Plus;Samsung Update Plus; C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2006-07-21 57344]
R2 SmcService;Sygate Personal Firewall; C:\Programme\Sygate\SPF\smc.exe [2004-02-24 2372760]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPodService;iPodService; C:\Programme\iPod\bin\iPodService.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

im still suffering shutdowns. when i use local programmes or games it works well, but for example C:\Programme\EA Games\Ultima Online\client.exe
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm

Re: Random shutdowns

Unread postby Azvi » January 22nd, 2011, 7:40 pm

double post due to lack, excuse me
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm

Re: Random shutdowns

Unread postby muppy03 » January 24th, 2011, 7:44 am

im still suffering shutdowns. when i use local programmes or games it works well, but for example C:\Programme\EA Games\Ultima Online\client.exe

So is the only problem left, when playing the online games? Have you checked the System requirements needed for the particular game?

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 23.
  • Go to Java Site
  • Scroll down to where it says "JDK 6 Update 23 (JDK or JRE)"
  • Click on Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation- jre-6u23-windows-i586.exe & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code: Select all
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 4
    Java(TM) 6 Update 7
    
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Please reply with:-
  • ESET log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Random shutdowns

Unread postby Azvi » January 25th, 2011, 3:55 am

it also happened when i used firefox. im not sure, but i think it only happens when i use programms that generate internet traffic.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=0972b69ebb724d4d9bb2cd52e3297027
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-25 04:18:48
# local_time=2011-01-25 05:18:48 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 188884 188884 0 0
# compatibility_mode=768 16777215 100 0 6183014 6183014 0 0
# compatibility_mode=8192 67108863 100 0 3772 3772 0 0
# scanned=63339
# found=0
# cleaned=0
# scan_time=4339
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=0972b69ebb724d4d9bb2cd52e3297027
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-25 07:53:12
# local_time=2011-01-25 08:53:12 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 203307 203307 0 0
# compatibility_mode=768 16777215 100 0 6197437 6197437 0 0
# compatibility_mode=8192 67108863 100 0 18195 18195 0 0
# scanned=62929
# found=0
# cleaned=0
# scan_time=2788

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:56:37, on 25.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast5] "C:\Programme\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3246177599
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe

--
End of file - 3815 bytes
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm

Re: Random shutdowns

Unread postby muppy03 » January 26th, 2011, 6:24 am

Your logs are looking clean, and the problem may not be a malware one, it could in fact be a hardware issue. Does the laptop seem to get extra hot at all?
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Random shutdowns

Unread postby Azvi » January 27th, 2011, 3:07 am

yes. kind of. but i had these shutdowns when the pc was cold also. And i dont understand why it doesnt happen when i play offline. That should be using alot of cpu/ram/video memory also, shouldn't it?
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm

Re: Random shutdowns

Unread postby muppy03 » January 27th, 2011, 7:27 am

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
You need to update to IE 8 regardless if FF is your main browser.

yes. kind of. but i had these shutdowns when the pc was cold also. And i dont understand why it doesnt happen when i play offline. That should be using alot of cpu/ram/video memory also, shouldn't it?

First you have to understand that at this forum we mainly deal in malware infection rather than general tech help. You might find your answer on a dedicated tech help forum or one that deals with the particular games you are having problems with. From my understanding of gaming you would and do use more resources when playing online. I do feel that a lot of your issue is computer resources and am sorry I cannot give you a definite answer.

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image

The above procedure will implement some cleanup procedures as well as reset System Restore points

Here are some sites that might help

Tech help sites.

Tech Support Guy
Tech Support Forum
The Elder Geek on Windows
BleepingComputer.com
WhattheTech...formerly TomCoyote
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Random shutdowns

Unread postby Azvi » January 29th, 2011, 9:07 am

Thank you.
Azvi
Active Member
 
Posts: 8
Joined: January 20th, 2011, 3:14 pm

Re: Random shutdowns

Unread postby muppy03 » January 31st, 2011, 4:49 pm

This topic is now closed.


If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware