So hallo an Alle!
möcht mich nochmal für meinen ersten so undeutlichen Post entschuldigen

Also hier zu meinem Problem:
ich habe einen Computer mit XP-Betriebssystem und habe mir gestern mittag den Micro Antivirus 2009 Virus eingefangen. ständig erscheinen fenster mit wie viel Viren ich auf dem computer hätte, dass mein Computer kein Antivirusprogramm gefunden haben soll und ich das beheben soll, und ein Fenster das sagt auf Englisch: Warning Virus/Attack Detected Activate Now,Stop this attack. Da soll ich mich dann registrieren.

dazu kommt manchmal noch ganz kurz ein fenster mit C:/persönliche Einstellungen,....ist dann aber wieder weg und gleich darauf ein neues fenster wo sagt: Windows-Kein datenträger (exception Processing Message c0000013 Parameters 75b0bf9c 4 75b0bf9c 75b0bf9c) Da steht dann zur Auswahl Abbrechen, Wiederholen, Weiter

Ich muss immer erst die Fenster wegklicken damit ich wieder normal in das Computergeschehen eingreifen kann

zum Pfad weiss ich nicht so richtig was ihr da wollt (bin ein blutiger Amateur in sachen Computer)
denke aber dass der Virus sich in meinem Desktop-Ordner befindet, dann wäre der Pfad C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Desktop\

falls das nicht stimmt was ich euch geschrieben ahbe seit mir bitte nicht böse und löscht mein Thema
Ich ahbe versucht eure Anweisung so gut wie möglich zu bearbeiten
Vielen Dank für die Hilfe

Hi,

wie gehts denn deinem Internet, kannst du Malwarebyter herunterladen und damit dein System bereinigen?

Poste das entstandene Log anschließend hier und erstelle ein HijackThis log und poste das ebenfalls hier.

lg myrtille

ja Internet geht schon noch,manchmal jedoch ziemlich langsam wenn das micro virus fenster lädt.
meinen sie mit Malwarebyter Malwarebytes Anti-Malware ?? (http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html)

Oups. ja, tut mir Leid. Sowas sollte nicht passieren.
Ich meine in der Tat Malwarebytes und eigentlich verlinke ich die Anleitungen auch immer mit.

lg myrtille

also hier mein malwarebyte logfile teil 1 von 2

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.28
Datenbank Version: 1211
Windows 5.1.2600 Service Pack 2

27.09.2008 14:16:39
mbam-log-2008-09-27 (14-16-39).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 202484
Laufzeit: 1 hour(s), 8 minute(s), 3 second(s)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 7
Infizierte Registrierungsschlüssel: 44
Infizierte Registrierungswerte: 34
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 14
Infizierte Dateien: 119

Infizierte Speicherprozesse:
C:\Programme\Gemeinsame Dateien\YourPrivacyGuard\mc.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\Programme\MicroAV\MicroAV.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\lphccohj0ev0e.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt7.tmp (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\WINDOWS\system32\hgGxUKdD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pqpqnnso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qttiejbu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zdedmx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ljJBqnKa.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dkrdfxlk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\blphccohj0ev0e.scr (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09c72999-5c10-41a3-a524-24661d942003} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbqnka (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{09c72999-5c10-41a3-a524-24661d942003} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b48bd6c-36d4-4c0a-8f44-fc95c671c42e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1b48bd6c-36d4-4c0a-8f44-fc95c671c42e} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc4ab399-45a1-43f9-9361-ed2ca50797a3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc4ab399-45a1-43f9-9361-ed2ca50797a3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{047b1116-6d16-4d67-89ba-e8f588abbea0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{047b1116-6d16-4d67-89ba-e8f588abbea0} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e0e27a8-1340-4b90-b9b1-23958f6b303f} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0e27a8-1340-4b90-b9b1-23958f6b303f} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\leosrv.bvlt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\leosrv.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qqiehelper.qqbrowserhelperobject (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qqiehelper.qqbrowserhelperobject.1 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1a038f6e-3378-4be7-b317-eadc055299cf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50415dd4-afbb-4543-b265-7bd75a607f03} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{779b9e97-275c-44f3-ae58-e84ece760924} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3ea154b-8d5f-4f74-88ed-0b45e1729b02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c035cf7e-ff68-4046-abb7-d61a91f6e2cd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62ea9201-8cc7-4199-ac30-7744f836322e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e2c96138-08a8-4945-aae6-0542e7ae0ff2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62ea9201-8cc7-4199-ac30-7744f836322e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19f9dd0b-d517-4093-b7ac-a7eaded9571a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8527d57f-132d-4ca7-8df1-cd5cf64beb52} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6553f40f-175a-4997-94bd-36635b34c5f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smartvideocodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost (Backdoor.Bifrose) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dc9f23d8 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmdfac1044 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{09c72999-5c10-41a3-a524-24661d942003} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc9ohj0ev0e (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurba.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurb9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yurba.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphccohj0ev0e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggxukdd -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxukdd  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\PCSecureSystem (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Programme\PCSecureSystem\Up (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Programme\SmartVideoCodec (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\PCSecureSystem (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\PCSecureSystem\AVQuar (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\Gemeinsame Dateien\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Programme\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\NI.UGA6P_0001_N122M2210 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\PCSecureSystem (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\PCSecureSystem\Logs (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\Yourprivacyguard (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\Yourprivacyguard\Logs (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\ljJBqnKa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgGxUKdD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\DdKUxGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DdKUxGgh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zdedmx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pqpqnnso.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\osnnqpqp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dkrdfxlk.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\nsidntld.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qttiejbu.dll (Trojan.Vundo) -> Delete on reboot.
C:\Programme\Gemeinsame Dateien\YourPrivacyGuard\mc.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\MicroAV\MicroAV.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\ttvbontvm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\SmartVideoCodec\SmartVideoCodec.ocx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin\Lokale Einstellungen\Temp\GLK5.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ILQLWD4N\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UZCTCHQF\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7ENCVW5\CAL8W3LH (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7ENCVW5\kb678031[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y7ENCVW5\t655[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\MicroAV\MicroAV.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fbzalh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdabAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEUlJy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtrQGwU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ioqkcyyd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MicroAV.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nkclwuok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ofspugkb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxryqncq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gilpnweq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jxqwcena.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxhoahfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwqgkqev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pysvfpyq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaYqoL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxxxwX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\PCSecureSystem\history.db (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Programme\PCSecureSystem\Up\diagnosis.dat (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Programme\SmartVideoCodec\install.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\SmartVideoCodec\Uninstall.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\7.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\MicroAV\MicroAV.ooo (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Programme\MicroAV\MicroAV0.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Programme\MicroAV\MicroAV1.dat (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\NI.UGA6P_0001_N122M2210\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\NI.UGA6P_0001_N122M2210\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\NI.UGA6P_0001_N122M2210\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\PCSecureSystem\Logs\threats.log (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\PCSecureSystem\Logs\update.log (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yourprivacyguard\Abbr (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Yourprivacyguard\ProdCode (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\Yourprivacyguard\Logs\update.log (Rogue.Yourprivacyguard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\YUR2.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMdfac1044.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMdfac1044.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\binret.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphccohj0ev0e.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphccohj0ev0e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phccohj0ev0e.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
         

mein malwarebyte logfile 2 von 2

Code: Alles auswählenAufklappen

ATTFilter

C:\Dokumente und Einstellungen\Robin\Desktop\AntiSpyware.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.ttA.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt1.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt2.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt3.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt4.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Robin\Lokale Einstellungen\Temp\pey34.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Timo.BAUER-67D850EAD\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Papa&Mama.BAUER-67D850EAD\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Timo.BAUER-67D850EAD\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Papa&Mama.BAUER-67D850EAD\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Timo.BAUER-67D850EAD\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Papa&Mama.BAUER-67D850EAD\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Timo.BAUER-67D850EAD\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Papa&Mama.BAUER-67D850EAD\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Timo.BAUER-67D850EAD\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Papa&Mama.BAUER-67D850EAD\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Timo.BAUER-67D850EAD\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Papa&Mama.BAUER-67D850EAD\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSacjw.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSevri.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShpue.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSjjsm.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSleer.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSmric.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrbnn.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSjcxe.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
         

und mein hjt logfile

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:36, on 27.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\avmwlanstick\FRITZWLANMini.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\YUR2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\Programme\ICQ6\ICQ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Programme\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [UADC_3824922036] "C:\Programme\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [bm] "C:\Programme\Gemeinsame Dateien\PCSecureSystem\bm.exe" dm=http://pcsecuresystem.com ad=http://pcsecuresystem.com sd=http://ykeeper.pcsecuresystem.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BMdfac1044] Rundll32.exe "C:\WINDOWS\system32\qttiejbu.dll",s
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Tencent QQ.lnk = C:\Programme\QQ\Africa2003\QQ.exe
O4 - Global Startup: QQ.lnk = C:\Programme\QQ\Africa2003\QQ.exe
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Programme\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Programme\QQ\Africa2003\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Programme\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Programme\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Programme\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Programme\QQ\Africa2003\AddToNetDisk.htm
O9 - Extra button: 2-AntiSpyware - {47E775F6-22CC-48a1-8746-E1A22CDDA7B5} - C:/Programme/AntiSpyware/AntiSpyware.exe
O9 - Extra 'Tools' menuitem: 2-AntiSpyware - {47E775F6-22CC-48a1-8746-E1A22CDDA7B5} - C:/Programme/AntiSpyware/AntiSpyware.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Programme\QQ\Africa2003\QQ.EXE
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Programme\QQ\Africa2003\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Programme\QQ\Africa2003\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Programme\QQ\Africa2003\QQIEHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs: zdedmx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8166 bytes
         

ist der virus jetzt schon weg??
auf jeden fall erscheinen diese Meldungen nicht mehr
dafür erscheint jetzt in 5minuten abständen ein weißes Internetexplorer Fenster

das weiße internetexplorer fenster meldet sich nicht mehr
ist jetzt alles wieder ok?

Hi,
Erstelle bitte ein Log mit RSIT. Es werden 2 Dateien erstellt (log.txt und info.txt). Poste den Inhalt beider Dateien hier. (Wenn die Dateien zu lange sind kannst du sie bei file-upload hochladen und die Links hier posten.)

Ich denk nicht, dass alles weg ist. Aber das gröbste sollte bereist entfernt worden sein.

lg myrtille

ok, dann hier der logfile log.txt 1 von 2

Code: Alles auswählenAufklappen

ATTFilter

Logfile of random's system information tool 1.02 (written by random/random)
Run by Robin at 2008-09-28 12:15:15
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 8 GB (10%) free of 76 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:21, on 28.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\avmwlanstick\FRITZWLANMini.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Veoh Networks\Veoh\VeohClient.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\VideoLAN\VLC\vlc.exe
C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Desktop\RSIT.exe
C:\Programme\HijackThis\Robin.exe
         

logfile log.txt 2 von 2

Code: Alles auswählenAufklappen

ATTFilter

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AntiSyware (IE PlugIn) - {2F3D01F3-2A8E-4814-AA0F-8315172D22BF} - C:\Programme\AntiSpyware\modules\IEPlugin153.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Programme\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [UADC_3824922036] "C:\Programme\AdvancedCleaner Free\UADCcw.exe" -c
O4 - HKLM\..\Run: [bm] "C:\Programme\Gemeinsame Dateien\PCSecureSystem\bm.exe" dm=http://pcsecuresystem.com ad=http://pcsecuresystem.com sd=http://ykeeper.pcsecuresystem.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Tencent QQ.lnk = C:\Programme\QQ\Africa2003\QQ.exe
O4 - Global Startup: QQ.lnk = C:\Programme\QQ\Africa2003\QQ.exe
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Programme\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Programme\QQ\Africa2003\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Programme\QQ\Africa2003\AddEmotion.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Programme\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Programme\QQ\Africa2003\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Programme\QQ\Africa2003\AddToNetDisk.htm
O9 - Extra button: 2-AntiSpyware - {47E775F6-22CC-48a1-8746-E1A22CDDA7B5} - C:/Programme/AntiSpyware/AntiSpyware.exe
O9 - Extra 'Tools' menuitem: 2-AntiSpyware - {47E775F6-22CC-48a1-8746-E1A22CDDA7B5} - C:/Programme/AntiSpyware/AntiSpyware.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Programme\QQ\Africa2003\QQ.EXE
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Programme\QQ\Africa2003\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Programme\QQ\Africa2003\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Programme\QQ\Africa2003\QQIEHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - AppInit_DLLs: zdedmx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 8724 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F3D01F3-2A8E-4814-AA0F-8315172D22BF}]
AntiSyware (IE PlugIn) - C:\Programme\AntiSpyware\modules\IEPlugin153.dll [2006-12-10 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\programme\google\googletoolbar1.dll [2007-04-05 2427968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\programme\google\googletoolbar1.dll [2007-04-05 2427968]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"=C:\Programme\avmwlanstick\FRITZWLANMini.exe [2006-06-23 343552]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
""=C:\Programme\Mozilla Firefox\
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-02-24 335872]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SM_IAN"=C:\Programme\AdvancedCleaner Free\ian_monitor.exe []
"UADC_3824922036"=C:\Programme\AdvancedCleaner Free\UADCcw.exe -c []
"bm"=C:\Programme\Gemeinsame Dateien\PCSecureSystem\bm.exe dm=http://pcsecuresystem.com ad=http://pcsecuresystem.com sd=http://ykeeper.pcsecuresystem.com []
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2007-12-21 185896]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-18 68856]
"Creative Detector"=C:\Programme\Creative\MediaSource\Detector\CTDetect.exe [2004-10-05 98304]
"MsnMsgr"=C:\Programme\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Veoh"=C:\Programme\Veoh Networks\Veoh\VeohClient.exe [2008-04-01 3587120]
""=C:\Programme\Mozilla Firefox\
"ICQ"=C:\Programme\ICQ6\ICQ.exe [2008-09-01 173304]

C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart
QQ.lnk - C:\Programme\QQ\Africa2003\QQ.exe

C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Startmenü\Programme\Autostart
Tencent QQ.lnk - C:\Programme\QQ\Africa2003\QQ.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="zdedmx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSjcxe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Programme\Microsoft Games\Age of Empires II\empires2.exe"="C:\Programme\Microsoft Games\Age of Empires II\empires2.exe:*:Disabled:Age of Empires II"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\Warcraft III\Warcraft III.exe"="E:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Programme\Warcraft 3\Warcraft III\Warcraft III.exe"="C:\Programme\Warcraft 3\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Programme\Call of Duty\CoDMP.exe"="C:\Programme\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm"
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Programme\QQ\Africa2003\QQ.exe"="C:\Programme\QQ\Africa2003\QQ.exe:*:Enabled:QQ"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt7.tmp"="C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Lokale Einstellungen\Temp\.tt7.tmp:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf17ba48-df69-11db-97db-000b6a9988e3}]
shell\AutoRun\command - I:\pushinst.exe


======List of files/folders created in the last 1 months======

2008-09-28 12:15:15 ----D---- C:\rsit
2008-09-27 13:02:05 ----D---- C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\Malwarebytes
2008-09-27 13:01:54 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-09-27 13:01:54 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Malwarebytes
2008-09-26 17:46:58 ----D---- C:\Programme\HijackThis
2008-09-26 17:19:20 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2008-09-26 17:19:20 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-09-26 17:19:19 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2008-09-26 17:19:18 ----A---- C:\WINDOWS\system32\swxcacls.exe
2008-09-26 17:19:18 ----A---- C:\WINDOWS\system32\swsc.exe
2008-09-26 17:19:18 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2008-09-26 17:19:18 ----A---- C:\WINDOWS\system32\dumphive.exe
2008-09-26 17:19:17 ----A---- C:\WINDOWS\system32\swreg.exe
2008-09-26 17:19:17 ----A---- C:\WINDOWS\system32\Process.exe
2008-09-26 17:11:46 ----SH---- C:\WINDOWS\system32\euvxgnma.ini
2008-09-26 17:11:04 ----A---- C:\WINDOWS\system32\d7bce7a6-.txt
2008-09-12 13:18:38 ----D---- C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\ATI
2008-09-11 22:38:35 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ATI
2008-09-11 21:21:40 ----D---- C:\Programme\s2
2008-09-11 20:34:49 ----D---- C:\Programme\Sierra
2008-09-11 20:32:38 ----D---- C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\InstallShield
2008-09-11 16:00:48 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2008-09-11 15:54:27 ----D---- C:\Programme\ANNO 1503 Königs- Edition
2008-09-10 21:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 21:35:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-09 21:04:16 ----D---- C:\Programme\Monte Cristo
2008-09-05 11:46:38 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Adobe
2008-09-03 11:36:55 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 1 months======

2008-09-28 12:15:16 ----D---- C:\WINDOWS\Prefetch
2008-09-28 12:13:38 ----D---- C:\Programme\Mozilla Firefox
2008-09-28 12:13:15 ----D---- C:\WINDOWS\Temp
2008-09-28 12:12:59 ----D---- C:\WINDOWS
2008-09-28 10:30:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-27 16:08:15 ----A---- C:\WINDOWS\NeroDigital.ini
2008-09-27 14:44:52 ----D---- C:\WINDOWS\system32
2008-09-27 14:44:50 ----RD---- C:\Programme
2008-09-27 14:44:50 ----D---- C:\WINDOWS\system32\drivers
2008-09-27 14:16:39 ----D---- C:\Programme\Gemeinsame Dateien
2008-09-27 10:47:14 ----SHD---- C:\System Volume Information
2008-09-27 10:47:14 ----D---- C:\WINDOWS\system32\Restore
2008-09-26 23:18:27 ----D---- C:\Programme\AVPersonal
2008-09-26 17:20:49 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-26 17:20:35 ----A---- C:\rapport.txt
2008-09-26 17:20:10 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-26 17:06:06 ----A---- C:\WINDOWS\dat.txt
2008-09-26 17:00:14 ----SHD---- C:\WINDOWS\Installer
2008-09-26 16:59:45 ----D---- C:\Dokumente und Einstellungen\Robin.BAUER-67D850EAD\Anwendungsdaten\LimeWire
2008-09-26 16:53:38 ----HD---- C:\Programme\InstallShield Installation Information
2008-09-26 16:53:34 ----D---- C:\WINDOWS\system32\DirectX
2008-09-26 16:53:27 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 16:08:02 ----D---- C:\Programme\Microsoft Games
2008-09-25 19:55:10 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-25 19:55:08 ----RSD---- C:\WINDOWS\assembly
2008-09-23 21:32:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-23 21:32:21 ----D---- C:\WINDOWS\WinSxS
2008-09-23 18:20:55 ----D---- C:\Programme\ICQ6
2008-09-11 22:38:36 ----D---- C:\WINDOWS\system32\config
2008-09-11 20:40:16 ----HD---- C:\WINDOWS\inf
2008-09-10 21:35:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 21:35:26 ----A---- C:\WINDOWS\imsins.BAK
2008-09-10 19:34:07 ----D---- C:\Program Files
2008-09-09 22:18:42 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-09 20:49:35 ----D---- C:\Programme\ATI Technologies
2008-09-09 20:48:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-09 20:08:42 ----D---- C:\DXTEMP
2008-09-05 11:46:53 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2008-09-05 11:46:24 ----D---- C:\Programme\Adobe
2008-09-03 11:36:55 ----D---- C:\WINDOWS\Debug
2008-09-03 11:14:11 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]
R2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R2 npkcrypt;npkcrypt; \??\C:\Programme\QQ\Africa2003\npkcrypt.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]
R3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 BDFsDrv;BDFsDrv; \??\C:\Programme\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Programme\Softwin\BitDefender10\bdrsdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 gUSBSTOi;gUSBSTOi; \??\C:\DOKUME~1\ROBIN~2.BAU\LOKALE~1\Temp\gUSBSTOi.sys []
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-03 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2007-12-03 103736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-05 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

-----------------EOF-----------------
         

und hier logfile info.txt teil 1 von 2

Code: Alles auswählenAufklappen

ATTFilter

info.txt logfile of random's system information tool 1.02 2008-09-28 12:15:33

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x7  /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x7  /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
         

logfile info.txt teil 2 von 2

Code: Alles auswählenAufklappen

ATTFilter

Adobe Acrobat 5.0-->C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Advanced PDF-to-Word 1.0 Demo-->C:\PROGRA~1\ADVANC~1\demos\UNWISE.EXE /U C:\PROGRA~1\ADVANC~1\demos\apdf2word.log
Age of Empires III-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45} 
ANNO 1503 Königs- Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}\Setup.exe" -l0x7 
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d 
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe"
Bombic 1.0-->C:\Programme\Bombic\unins000.exe
Caesar IV-->C:\Programme\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\Setup.exe -runfromtemp -l0x0007 -removeonly
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Creative Jukebox Driver-->C:\Programme\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x7  /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x7  /remove
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7  /remove
Die Siedler II - Die nächste Generation-->"C:\Programme\Ubisoft\Funatics\Die Siedler II - Die nächste Generation\uninstall.exe"
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Content Uploader-->C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\programme\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Programme\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
LimeWire 4.16.6-->"C:\Programme\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Age of Empires II-->"C:\Programme\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero OEM-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
QQ2003 SA-->C:\Programme\QQ\Africa2003\uninst.exe
QQ2005 Formal-->C:\Programme\QQ\Africa2003\uninst.exe
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rita Brentrups Fetch-->C:\Programme\Frogster\Rita Brentrups Fetch\data\FetchUninstaller.exe
Security Update für Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VeohTV BETA-->C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Video Converter-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{78B914B4-4586-41C6-B02C-3CB10FE0DED7}\setup.exe" -l0x9  -removeonly
VideoLAN VLC media player 0.8.6f-->C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe
Xvid 1.1.2 final uninstall-->"C:\Programme\Xvid\unins000.exe"

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
         

Entschuldigung ich wollte die dateien im fileuploader hochladen aber der hat gesagt die dateien seien zu groß

Hi,

die Logs sind wunderbar so.
Arbeite bitte folgendes ab:
Anleitung Avenger (by swandog46) Lade dir das Tool Avenger und speichere es auf dem Desktop:

• Doppelklick auf das Avenger-Symbol

• Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code: Alles auswählenAufklappen

ATTFilter

files to delete:
C:\WINDOWS\system32\euvxgnma.ini
C:\WINDOWS\system32\d7bce7a6-.txt

folders to delete:
C:\Programme\AdvancedCleaner Free
C:\Programme\Gemeinsame Dateien\PCSecureSystem
C:\Programme\AntiSpyware
registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSjcxe.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSjcxe.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F3D01F3-2A8E-4814-AA0F-8315172D22BF}

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|SM_IAN
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|UADC_3824922036
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|bm

Registry value to replace by dummy:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLS
         

• Schliesse nun alle Programme und Browser-Fenster

• Um den Avenger zu starten klicke auf -> Execute
• Dann bestätigen mit "Yes" das der Rechner neu startet

• Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

• Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

lg myrtille

ich habe den text in den avenger kopiert und als ich auf execute gedrückt habe kam ein error-fenster wo drin stand ,,error invalid syntax in command:registry value to replace by dummy:"skipping line. (registry value deletion mode)

wenn ich da dann auf ok drücke kommt ein neues fenster:titel Continue?
press ok to continue script execution or cancel to abort.

was soll ich machen?? trotzdem zustimmen??