Hallo. Habe heute einen großen Fehler gemacht. Habe mal wieder im Internet rumgeschnuppert und eine .exe heruntergeladen. Als ich sie öffnen wollte, ist sie gleich wieder verschwunden. Habe mir gleich gedacht, dass das wohl ein Virus war. Habe die Datei wieder hergestellt und mal bei virustotal hochgeladen. Das Ergebnis hat mich dann bestätigt:

Zitat:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.08.08 Trojan.Win32.Nebuler!IK
AhnLab-V3 5.0.0.2 2009.08.08 Win-Trojan/Zlob.7760
AntiVir 7.9.0.248 2009.08.07 TR/Downloader.Gen
Antiy-AVL 2.0.3.7 2009.08.07 Trojan/Win32.Zlob.gen
Authentium 5.1.2.4 2009.08.08 W32/Downldr2.FVYZ
Avast 4.8.1335.0 2009.08.08 Win32:Trojan-gen {Other}
AVG 8.5.0.406 2009.08.08 Generic13.BDUU
BitDefender 7.2 2009.08.08 Trojan.Generic.2169278
CAT-QuickHeal 10.00 2009.08.08 Trojan.Agent.ATV
ClamAV 0.94.1 2009.08.07 -
Comodo 1913 2009.08.08 TrojWare.Win32.TrojanDownloader.Zlob.bggn
DrWeb 5.0.0.12182 2009.08.08 Trojan.DownLoad.37969
eSafe 7.0.17.0 2009.08.06 Win32.Downloader.Zlo
eTrust-Vet 31.6.6667 2009.08.08 Win32/Nebuler.ET
F-Prot 4.4.4.56 2009.08.08 W32/Downldr2.FVYZ
F-Secure 8.0.14470.0 2009.08.08 Trojan-Downloader.Win32.Zlob.bggn
Fortinet 3.120.0.0 2009.08.08 PossibleThreat
GData 19 2009.08.08 Trojan.Generic.2169278
Ikarus T3.1.1.64.0 2009.08.08 Trojan.Win32.Nebuler
Jiangmin 11.0.800 2009.08.08 TrojanDownloader.Zlob.tzw
K7AntiVirus 7.10.814 2009.08.08 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.08.08 Trojan-Downloader.Win32.Zlob.bggn
McAfee 5703 2009.08.08 Generic Downloader.x!cd
McAfee+Artemis 5703 2009.08.08 Generic Downloader.x!cd
McAfee-GW-Edition 6.8.5 2009.08.07 Heuristic.LooksLike.Win32.H
Microsoft 1.4903 2009.08.08 TrojanDownloader:Win32/Zlob.APQ
NOD32 4318 2009.08.08 a variant of Win32/TrojanDownloader.Agent.PHH
Norman 6.01.09 2009.08.07 W32/DLoader.OQNK
nProtect 2009.1.8.0 2009.08.08 Trojan/W32.Retapu.7760
Panda 10.0.0.14 2009.08.08 Trj/CI.A
PCTools 4.4.2.0 2009.08.08 -
Prevx 3.0 2009.08.08 Medium Risk Malware Downloader
Rising 21.41.52.00 2009.08.08 -
Sophos 4.44.0 2009.08.08 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.08.08 Trojan-Downloader.Zlob.Media-Codec
Symantec 1.4.4.12 2009.08.08 Downloader
TheHacker 6.3.4.3.378 2009.08.08 Trojan/Downloader.Zlob.bggn
TrendMicro 8.950.0.1094 2009.08.08 PAK_Generic.001
VBA32 3.12.10.9 2009.08.07 Trojan-Downloader.Win32.Zlob.bggn
ViRobot 2009.8.8.1875 2009.08.08 -
VirusBuster 4.6.5.0 2009.08.08 Trojan.DL.Zlob.AAYF

Habe mich dann schon selber mit HijackThis und spybot bisschen dran gemacht und nach merkwürdigen sachen gesucht und auch schon ein paar gelöscht. Trotzdem habe ich immer noch Probleme. Z.B. dass sich immer wieder verkleinerte Internet Explorer im Vordergrund öffnen die verschiedene Banner anzeigen. Oder beim Systemstart, werden mehrere Konsolen ausgeführt.

Hoffe ihr könnt vielleicht noch irgendwas an meinem logfile erkennen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:28:53, on 08.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\programme\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programme\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Programme\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Sticky Password\stpass.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\cft\cft.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Dokumente und Einstellungen\McOey\Eigene Dateien\ICQ\308241253\ReceivedFiles\958506 Ö\PGA_1.1.1\PGA 111\PGA\PGA 115\PGA 115\PGA\PGA.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\ICQ6\ICQ6.5\ICQ.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.iseekyou.im/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MJCore - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Programme\Jcore\Jcore2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [StickyPassword] C:\Programme\Sticky Password\stpass.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cft] C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\cft\cft.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220618166437
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Programme\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: hpdj3600 - Unknown owner - C:\DOKUME~1\McOey\LOKALE~1\Temp\hpdj3600.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programme\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11588 bytes


Danke im Voraus für eure Bemühungen!

mfg McOey

Hallo McOey,

Ein kleiner Hinweis als erstes. Du nutzt Panda und Panda wuerde die Datei gemeldet haben, waere es aktuell! (Panda 10.0.0.14 2009.08.08 Trj/CI.A)!

Erstelle bitte in der Reihenfolge ein Mbam, Gmer und RSIT Report.
http://www.trojaner-board.de/51187-a...i-malware.html
http://www.trojaner-board.de/74908-a...t-scanner.html
http://www.trojaner-board.de/74910-a...tion-tool.html

Wo hast du die von dir genannte Datei heruntergeladen. Schicke mir den Link bitte per PN

Erst einmal, muss leider einen Doppelpost machen, da ich sonst zu viele Zeichen habe.

Habe versucht alles so durchzuführen, wie du es gesagt hast. Allerdings lief das "Gmer" nicht so gut. Habe es nun 6 Stunden am laufen, und es ist immer noch nicht fertig. Ist das normal?

Aber hier die anderen Ergebnisse:

Mbam:

Zitat:

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2584
Windows 5.1.2600 Service Pack 3

09.08.2009 13:06:09
mbam-log-2009-08-09 (13-06-09).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 328368
Laufzeit: 1 hour(s), 34 minute(s), 9 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 5
Infizierte Dateien: 28

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\cft\cft.exe (Trojan.Dropper) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Programme\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\mjcore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mjcore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9d71d88c-c598-4935-c5d1-43aa4db90836} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MJCore.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cft (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\cft (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\pridl (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\cft\cft.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\system32\winupdater.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\pridl\pridl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Eigene Dateien\Replay_Media_Catcher_3.02__Tested_\Replay_Media_Catcher_3.02__Tested_\Replay Media Catcher 3.02 (Tested)\Crack.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Lokale Einstellungen\Temp\uninstall.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1V7Y2K6I\152[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5P7CLWHK\156[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Lokale Einstellungen\Temporary Internet Files\Content.IE5\F57JTCGA\163[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FYUESC3P\dfuninstaller.prod.v14000.18mar2009.exe[1].10b9665cc5f98c037e9b8dcc0e88929e (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\McOey\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FYUESC3P\155[1].net (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Programme\Trend Micro\HijackThis\backups\backup-20090808-164220-161.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50BA13AA-004D-462F-9724-C473FD617F64}\RP488\A0146308.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50BA13AA-004D-462F-9724-C473FD617F64}\RP488\A0147272.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50BA13AA-004D-462F-9724-C473FD617F64}\RP488\A0147292.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50BA13AA-004D-462F-9724-C473FD617F64}\RP488\A0147293.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{50BA13AA-004D-462F-9724-C473FD617F64}\RP488\A0147295.dll (Trojan.Agent.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\Mirko\Mirko\cryptload\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Not selected for removal.
D:\Mirko\Mirko\Endversion\progs\rdpv\rdpv.exe (Password.Stealer) -> Not selected for removal.
D:\Mirko\Mirko\ICQ\342378069 Jama\charge.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
D:\Mirko\Mirko\Setup\Bux.to Autoclicker\Bux.to Autoclicker.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Mirko\Mirko\Setup\spracherkennung\CryptLoad_1.0.6\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> Not selected for removal.
D:\Mirko\Mirko\usbhack\hack\progs\rdpv\rdpv.exe (Password.Stealer) -> Not selected for removal.
D:\Mirko\Mirko\usbhack\Kopie von hack\progs\rdpv\rdpv.exe (Password.Stealer) -> Not selected for removal.
C:\WINDOWS\system32\system32\logg.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Und die info.txt von Rsit

Zitat:

info.txt logfile of random's system information tool 1.06 2009-08-09 19:10:01

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
3DMark06-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
3DMiracle (remove only)-->"C:\Programme\USL\3DMiracle\uninst_3dmrcl.exe"
3DMonster (remove only)-->"C:\Programme\USL\3DMonster\uninst_3dmns.exe"
7-Zip 4.60 beta-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AusLogics Disk Defrag-->"C:\Programme\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVS Update Manager 1.0-->"C:\Programme\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Programme\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Programme\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Biathlon 2006-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{764AE968-28E0-4193-9F03-DD59B54A9E32}\setup.exe" -l0x7
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x7 Brunin03.dllBrunin03.dll
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Programme\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Programme\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Programme\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Programme\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Camden Town 1 Realschule-->C:\PROGRA~1\DIESTE~1\CAMDEN~1\UNWISE.EXE C:\PROGRA~1\DIESTE~1\CAMDEN~1\INSTALL.LOG
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ Alarmstufe Rot 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Counter-Strike-->"C:\PROGRA~1\Valve\Steam\steam.exe" steam://uninstall/10
Creation Master 08 Release 1.03-->"C:\Programme\Fifa Master\Creation Master 08\unins000.exe"
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
EA Download Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1031
EA SPORTS online 2007-->C:\Programme\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
FileZilla Client 3.1.5-->C:\Programme\FileZilla FTP Client\uninstall.exe
Foto-Mosaik 4.1.0-->C:\Programme\Foto-Mosaik\unins000.exe
FoxyTunes for Firefox-->"C:\Programme\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
GameGain-->"C:\Programme\GameGain\unins000.exe"
GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
Guitar Pro 5.0-->"C:\Programme\Guitar Pro 5\unins000.exe"
Half-Life Dedicated Server Update Tool-->C:\PROGRA~1\Valve\HLServer\UNWISE.EXE C:\PROGRA~1\Valve\HLServer\INSTALL.LOG
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
hp deskjet 3600 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 3600 series
hp deskjet 3600-->msiexec /x{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InterVideo FilterSDK-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A15ED800-19FF-11D5-AF7F-0050BA1191E9}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
JBidwatcher 2-->C:\Programme\CyberFOX Software\JBidwatcher2\Uninstall.exe
JBidwatcher 2-->C:\Programme\CyberFOX Software\JBidwatcher2\Uninstall.exe
JBidwatcher 2-->C:\Programme\CyberFOX Software\JBidwatcher2\Uninstall.exe
JBidwatcher 2-->C:\Programme\CyberFOX Software\JBidwatcher2\Uninstall.exe
LaMaster-->MsiExec.exe /I{3A47DA3C-0C2E-4D94-9BCE-6EA3550B37C9}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Private Folder 1.0-->MsiExec.exe /I{644EA08F-87D2-48C0-AE94-B327D1C85A97}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

die fortsetzung von der info.txt von Rsit:

Zitat:

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU-->O:\Test\Microsoft Visual C++ 2008 Express Edition with SP1 - DEU\setup.exe
Microsoft Visual C++ 2008 Express Edition with SP1 - DEU-->MsiExec.exe /X{D5A7D7AB-3093-3619-9261-74DB250ECF7B}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu-->MsiExec.exe /X{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
MixMeister Fusion Demo-->MsiExec.exe /I{6DDB8CC8-3F13-4E72-8203-51AA081E7DE0}
Monster Trucks Nitro Demo-->C:\Programme\Monster Trucks Nitro Demo\uninst.exe
Mozilla Firefox (3.0.13)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NBA LIVE 07-->C:\Programme\EA SPORTS\NBA LIVE 07\EAUninstall.exe
NEOTION Video Link Instant Record Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0D7FF40-4815-4722-9485-3A09E6A8C00A}\Setup.exe" -l0x9
Nero 7 Ultra Edition-->MsiExec.exe /I{42F7C377-2A1F-44FB-A17F-053C29E81031}
NHL® 08-->MsiExec.exe /X{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Orbit Downloader-->"C:\Programme\Orbitdownloader\unins000.exe"
Panda Internet Security 2007-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EEBA9416-3207-47E0-9022-116440599DBC}\SETUP.exe" -l0x7 -removeonly
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PASSWORD PROTECT FOLDERS™-->"C:\Programme\Password Protect Folders\unins000.exe"
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power Tab Librarian-->MsiExec.exe /I{0EEAB659-66AB-4250-BB30-984D92A9AC8C}
PPMate Network TV 2.0.0.40-->C:\Programme\PPMate\uninst.exe
Pro Evolution Soccer 6-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EBB794ED-D282-4334-92FB-254481EFF514} /l1031
ProtectDisc Driver, Version 11-->C:\Programme\ProtectDisc Driver Installer\uninstall_v11.exe
ProtectDisc Helper Driver 10-->C:\Programme\ProtectDisc Driver Installer\uninstall_v10.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recuva (remove only)-->"C:\Programme\Recuva\uninst.exe"
Replay Media Catcher 3.02-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Roll-->C:\WINDOWS\UniFish3.exe C:\Programme\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
RouterControl 1.80-->C:\WINDOWS\RCoUn.EXE /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"
RTL Wintergames 2007-->"C:\Programme\RTL Wintergames 2007\setup.exe" -u
R-Undelete 4.0-->C:\Programme\R-Undelete\Uninstall.exe
SDP Downloader-->MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
SiSoftware Sandra Lite 2009.SP1-->"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\unins000.exe"
Skype 3.0-->"C:\Programme\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Ericsson PC Suite-->MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
SopCast 2.0.4-->C:\Programme\SopCast\uninst.exe
soul.im-->MsiExec.exe /I{247E0933-1877-4208-BF6A-B39E3015B148}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Steam-->C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG
Stereographic Suite 1.0 (build 3022)-->"C:\Programme\Stereographic Suite\unins000.exe"
Sticky Password 3.4-->"C:\Programme\Sticky Password\unins000.exe"
Streamripper (Remove only)-->C:\Programme\Streamripper\Uninstall.exe
Summer Athletics-->"C:\Programme\Summer Athletics\unins000.exe"
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
Thrustmaster USB PC Camera-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{45C6317C-2577-4BD6-93D3-617B741EB9D3}\Setup.exe" -l0x7
TrackMania Nations ESWC 1.7.9-->"C:\Programme\TrackMania Nations ESWC\unins000.exe"
Trust HS-6200 Surround USB Headset-->C:\WINDOWS\CmiUSB2Uninstall.exe C:\Programme\Trust HS-6200 Surround USB Headset#C-Media USB Sound#Trust HS-6200 Surround USB Headset#
TubeBox!-->MsiExec.exe /I{2D38A682-ED5B-42C0-ABA4-0B3BE2DABDA8}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.6.1-->C:\Programme\TVUPlayer\uninst.exe
UltraStar Deluxe-->C:\Programme\UltraStar Deluxe\Uninstall.exe
Unity Web Player-->C:\Programme\Unity\WebPlayer\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VeohTV BETA-->C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Video mp3 Extractor-->"C:\Programme\Video mp3 Extractor\unins000.exe"
VideoLAN VLC media player 0.8.6c-->C:\Programme\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Automated Installation Kit-->MsiExec.exe /I{31E8F586-4EF7-4500-844D-BA8756474FF1}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Programme\Xfire\uninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

und die info.txt geht weiter:

Zitat:

=====HijackThis Backups=====

O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Programme\WWShow\WWShow.dll [2009-08-08]
O4 - HKCU\..\Run: [pridl] "C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\pridl\pridl.exe" 61A847B5BBF72811309B3C466188719AB689201522886B092CBD44BD8689220221DD3257 [2009-08-08]

======Hosts File======

127.0.0.1 microsoft
127.0.0.1 forum.kas
127.0.0.1 auto-acti
127.0.0.1 auto-acti
127.0.0.1 https://a
127.0.0.1 https://a
127.0.0.1 auto-acti
127.0.0.1 https://a
127.0.0.1 https://a
127.0.0.1 auto-acti

======Security center information======

AV: Panda Internet Security 2007 (disabled)
FW: Platinum 2007 Personal Firewall (disabled)

======System event log======

Computer Name: MIRKO
Event Code: 10005
Message: Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 31324
Source Name: DCOM
Time Written: 20090809115404.000000+120
Event Type: Fehler
User: MIRKO\McOey

Computer Name: MIRKO
Event Code: 7000
Message: Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


Record Number: 31323
Source Name: Service Control Manager
Time Written: 20090809115344.000000+120
Event Type: Fehler
User:

Computer Name: MIRKO
Event Code: 10005
Message: Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 31322
Source Name: DCOM
Time Written: 20090809115344.000000+120
Event Type: Fehler
User: MIRKO\McOey

Computer Name: MIRKO
Event Code: 7000
Message: Der Dienst "NMIndexingService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


Record Number: 31321
Source Name: Service Control Manager
Time Written: 20090809115324.000000+120
Event Type: Fehler
User:

Computer Name: MIRKO
Event Code: 10005
Message: Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "NMIndexingService" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Record Number: 31320
Source Name: DCOM
Time Written: 20090809115324.000000+120
Event Type: Fehler
User: MIRKO\McOey

=====Application event log=====

Computer Name: MIRKO
Event Code: 1
Message:
Record Number: 3340
Source Name: Bonjour Service
Time Written: 20081129192257.000000+060
Event Type: Informationen
User:

Computer Name: MIRKO
Event Code: 4000
Message: The Panda Anti-virus Service has started successfully.

Record Number: 3339
Source Name: Sentinel
Time Written: 20081129192238.000000+060
Event Type: Informationen
User:

Computer Name: MIRKO
Event Code: 1517
Message: Die Registrierung des Benutzers "MIRKO\McOey" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird.


Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Record Number: 3338
Source Name: Userenv
Time Written: 20081129135305.000000+060
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

Computer Name: MIRKO
Event Code: 0
Message:
Record Number: 3337
Source Name: NMIndexingService
Time Written: 20081129130047.000000+060
Event Type: Informationen
User:

Computer Name: MIRKO
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 3336
Source Name: SecurityCenter
Time Written: 20081129125942.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Panda Software\Panda Internet Security 2007\;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Teleca Shared;C:\Programme\Windows Imaging\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
"VS90COMNTOOLS"=O:\Test\Common7\Tools\
"SAN_DIR"=C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1

-----------------EOF-----------------

Dann kommt jetzt die log.txt:

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by McOey at 2009-08-09 19:09:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 30 GB (18%) free of 172 GB
Total RAM: 2046 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:56, on 09.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Brother\ControlCenter2\brctrcen.exe
c:\programme\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Sticky Password\stpass.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Programme\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\Dokumente und Einstellungen\McOey\Eigene Dateien\9yh0o93k.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ICQ6\ICQ6.5\ICQ.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\McOey\Eigene Dateien\ICQ\308241253\ReceivedFiles\958506 Ö\PGA_1.1.1\PGA 111\PGA\PGA 115\PGA 115\PGA\PGA.exe
C:\Programme\Microsoft Private Folder 1.0\ShellHelper.exe
C:\Dokumente und Einstellungen\McOey\Eigene Dateien\RSIT.exe
C:\Programme\Trend Micro\HijackThis\McOey.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.iseekyou.im/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [StickyPassword] C:\Programme\Sticky Password\stpass.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220618166437
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Programme\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: hpdj3600 - Unknown owner - C:\DOKUME~1\McOey\LOKALE~1\Temp\hpdj3600.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programme\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11220 bytes

DAs sieht extremst uebel aus. Es hat dich u.a. ein Zbot erwischt, der dir so ziemlich alles an Passworte und sonstige Informationen geklaut, die auf deinem Rechner gespeichert und eingegeben wurden:
lowsec (Stolen.data)

Im Grunde ist das einzig Hilfreiche hier den Rechner neuaufzusetzen...

Also Daten sichern, neuaufsetzen und vor allem zuegiges Passwortwechseln von einer sauberen Quelle(Rechner) aus!
Ich wuerde hier ungerne weiter "rumreinigen", solltest du es trotzdem riskieren, sag bescheid!

Die Fortsetzung von der log.txt:

Zitat:

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{7EE1B52E-12D9-4CC9-BB7E-02481C6D42F5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-04-03 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-15 352256]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme\Orbitdownloader\GrabPro.dll [2009-04-03 650360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"APVXDWIN"=C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE [2007-04-27 628272]
"SCANINICIO"=C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe [2007-04-17 27696]
"SSBkgdUpdate"=C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"SetDefPrt"=C:\Programme\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter2.0"=C:\Programme\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StickyPassword"=C:\Programme\Sticky Password\stpass.exe [2008-03-10 1478144]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.ex [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Programme\GameSpy\Comrade\Comrade.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.ex [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe [2007-08-29 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Booster]
C:\Programme\inKline Global\PC Booster\pcbooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2006-11-24 487424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Programme\Valve\Steam\Steam.exe [2009-07-10 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System: PPFSYS.EXE Don`t remove it!]
C:\WINDOWS\system32\ppfsys.exe [2004-06-01 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Programme\Veoh Networks\Veoh\VeohClient.exe [2008-08-13 3660848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEB.DE_WEB.DE MultiMessenger]
C:\Programme\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe [2008-01-16 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk]
C:\PROGRA~1\ORBITD~1\orbitdm.exe [2009-04-03 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Video Link Instant Record Edition.lnk]
C:\PROGRA~1\NEOTION\VIDEOL~1\Bin\ASLaunch.exe [2004-11-29 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinManager.lnk]
C:\PROGRA~1\FUJITS~1\WINMAN~1\WINMAN~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^McOey^Startmenü^Programme^Autostart^Dragon NaturallySpeaking.lnk]
C:\PROGRA~1\Nuance\NATURA~1\Program\natspeak.exe [2007-05-11 2524776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^McOey^Startmenü^Programme^Autostart^ICQ-Tools.de Launcher.lnk]
C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\Microsoft\Installer\{247E0933-1877-4208-BF6A-B39E3015B148}\_1578728319E91872ECA3D5.exe [2009-03-30 10134]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\system32\avldr.dll [2007-02-15 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-05-23 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=
"BackupNoCDBurning"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"L:\Mirko alles\RedFaction\RedFaction.exe"="L:\Mirko alles\RedFaction\RedFaction.exe:*:Enabled:Red Faction Launcher"
"L:\Mirko alles\RedFaction\rf.exe"="L:\Mirko alles\RedFaction\rf.exe:*:Enabled:Red Faction"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\PPMate\ppmate.exe"="C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Programme\ICQ6\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49e7d5ec-e710-11dd-a470-001617c22e2e}]
shell\AutoRun\command - N:\Autostart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52453b1-12e4-11dd-a21e-001617c22e2e}]
shell\AutoRun\command - G:\Autorun.exe

Fortsetzung Nr.2 der log.txt:

Zitat:

======List of files/folders created in the last 1 months======

2009-08-09 19:09:43 ----D---- C:\rsit
2009-08-09 11:29:42 ----D---- C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\Malwarebytes
2009-08-09 11:29:37 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-08-09 11:29:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-09 11:26:28 ----A---- C:\WINDOWS\system32\UserRequest_1249809988.tmp
2009-08-08 17:17:16 ----A---- C:\WINDOWS\wininit.ini
2009-08-08 16:52:55 ----D---- C:\Programme\Spybot - Search & Destroy
2009-08-08 16:52:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-08-08 16:38:21 ----D---- C:\Programme\Trend Micro
2009-08-08 15:32:59 ----A---- C:\WINDOWS\Replay Converter 3 Uninstall Log.txt
2009-08-08 15:25:28 ----D---- C:\WINDOWS\Replay Converter 3
2009-08-08 15:25:28 ----D---- C:\Programme\Replay Converter 3
2009-08-08 15:25:23 ----A---- C:\WINDOWS\Replay Converter Setup Log.txt
2009-08-08 15:02:58 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2009-08-08 15:02:58 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2009-08-08 14:59:15 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-08-08 14:59:08 ----D---- C:\WINDOWS\Replay Media Catcher
2009-08-08 14:59:08 ----D---- C:\Programme\Replay Media Catcher
2009-08-08 14:11:37 ----D---- C:\Programme\SDP Multimedia
2009-08-06 22:05:09 ----D---- C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\RouterControl
2009-08-05 10:32:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-05 10:32:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-05 10:32:54 ----A---- C:\WINDOWS\system32\java.exe
2009-07-28 14:33:21 ----D---- C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\Red Alert 3
2009-07-27 15:36:38 ----D---- C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\AVS4YOU
2009-07-27 15:36:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU
2009-07-27 15:35:37 ----D---- C:\Programme\Gemeinsame Dateien\AVSMedia
2009-07-27 15:35:33 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-07-27 15:35:32 ----D---- C:\Programme\AVS4YOU
2009-07-27 15:35:32 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-07-24 03:57:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-07-21 10:46:51 ----D---- C:\Programme\Microsoft Private Folder 1.0
2009-07-21 10:43:13 ----D---- C:\Programme\Password Protect Folders
2009-07-15 18:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 17:59:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 17:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-09 17:06:14 ----D---- C:\Programme\Mozilla Firefox
2009-08-09 13:25:16 ----D---- C:\WINDOWS\system32\drivers
2009-08-09 13:12:23 ----D---- C:\WINDOWS\Temp
2009-08-09 13:09:16 ----D---- C:\Programme\Sticky Password
2009-08-09 13:08:47 ----D---- C:\WINDOWS\system32
2009-08-09 13:07:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-09 13:07:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-09 13:06:09 ----RD---- C:\Programme
2009-08-08 23:59:44 ----D---- C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\Xfire
2009-08-08 17:17:16 ----AD---- C:\WINDOWS
2009-08-08 15:23:24 ----A---- C:\WINDOWS\win.ini
2009-08-08 14:21:50 ----D---- C:\WINDOWS\Prefetch
2009-08-08 14:11:38 ----SHD---- C:\WINDOWS\Installer
2009-08-07 21:44:43 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-07 21:40:04 ----HD---- C:\WINDOWS\inf
2009-08-07 09:05:42 ----D---- C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\Orbit
2009-08-06 22:05:58 ----D---- C:\Programme\RouterControl
2009-08-06 12:05:33 ----SD---- C:\Programme\Xfire
2009-08-06 11:44:39 ----D---- C:\WINDOWS\Minidump
2009-08-05 11:03:47 ----RSH---- C:\boot.ini
2009-08-05 11:03:47 ----A---- C:\WINDOWS\system.ini
2009-08-05 10:32:46 ----D---- C:\Programme\Java
2009-08-03 11:21:18 ----D---- C:\Programme\Bonjour
2009-08-03 10:50:46 ----D---- C:\WINDOWS\pss
2009-08-03 10:49:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-02 23:10:28 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xmlC4.tmp
2009-08-02 23:10:28 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xmlC3.tmp
2009-08-02 23:10:28 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xmlC2.tmp
2009-08-01 10:14:00 ----D---- C:\Programme\Microsoft Silverlight
2009-07-29 17:55:30 ----D---- C:\Programme\Internet Explorer
2009-07-29 17:55:22 ----D---- C:\WINDOWS\ie8updates
2009-07-29 17:54:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 17:53:55 ----D---- C:\WINDOWS\WinSxS
2009-07-28 13:57:23 ----D---- C:\WINDOWS\system32\DirectX
2009-07-28 13:57:23 ----D---- C:\Programme\Electronic Arts
2009-07-27 15:35:37 ----D---- C:\Programme\Gemeinsame Dateien
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-22 23:32:15 ----RSD---- C:\WINDOWS\Fonts
2009-07-20 23:43:33 ----D---- C:\Dokumente und Einstellungen\McOey\Anwendungsdaten\Adobe
2009-07-19 18:41:10 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:11:12 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 09:25:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-15 18:00:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-07-15 18:00:03 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 09:32:09 ----D---- C:\Programme\ICQ6
2009-07-14 15:28:48 ----D---- C:\WINDOWS\system
2009-07-14 15:28:48 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []
R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []
R1 ShldDrv;Panda File Shield Driver; \??\C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
R1 SMSFLT;SMS Filter Plugin; \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS []
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys []
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys []
R2 cpoint;Panda CPoint Driver; C:\WINDOWS\system32\Drivers\cpoint.sys [2006-10-27 17792]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-01-23 71680]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-05-26 104384]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 142128]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-12 6188320]
R3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
S3 au9vfw3n;au9vfw3n; C:\WINDOWS\system32\drivers\au9vfw3n.sys []
S3 aujasnkj;aujasnkj; \??\C:\DOKUME~1\McOey\LOKALE~1\Temp\aujasnkj.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2004-12-01 22488]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2004-09-21 11604]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmudau32;C-Media USB UDA Sound Interface; C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-02-10 1391040]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 FETNDIS;VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTProcDrv;Process creation detector for NT.; \??\C:\Dokumente und Einstellungen\McOey\Eigene Dateien\CabalBotEU1.06b\NtProcDrv.sys []
S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys []
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-05-15 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UDTT2BDA;DTV-DVB USB2 DVB-T receiver; C:\WINDOWS\System32\Drivers\UDTT2BDA.sys [2007-02-28 81408]
S3 UDTT2HID;UDTT2HID - USB 2.0 HID Driver; C:\WINDOWS\system32\drivers\UDTT2HID.sys [2007-02-28 16128]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-02 128104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zlportio;zlportio; \??\C:\Programme\UltraStar Deluxe\zlportio.sys []
S3 ZSMC301b;Thrustmaster USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-04-26 90581]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

Und Fortsetzung Nr. 3 der log.txt:

Zitat:

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 gearsec;gearsec; C:\WINDOWS\system32\gearsec.exe [2005-11-30 58952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
R2 Panda Software Controller;Panda Software Controller; C:\Programme\Panda Software\Panda Internet Security 2007\PsCtrls.exe [2007-04-04 165424]
R2 PAVFNSVR;Panda Function Service; C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe [2007-04-04 173616]
R2 PavPrSrv;Panda Process Protection Service; C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe [2007-02-19 41520]
R2 PAVSRV;Panda anti-virus service; C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe [2007-02-15 136752]
R2 pmshellsrv;Panda Antispam Engine; C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe [2007-01-15 67120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-22 66872]
R2 prfldsvc;Private Folder Service; C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 PSHost;Panda Host Service; c:\programme\panda software\panda internet security 2007\firewall\PSHOST.EXE [2007-04-04 226864]
R2 PSIMSVC;Panda IManager Service; C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe [2007-02-06 108080]
R2 TPSrv;Panda TPSrv; C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe [2007-04-16 405040]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-06-08 604416]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.ex [2007-07-24 229376]
S2 hpdj3600;hpdj3600; C:\DOKUME~1\McOey\LOKALE~1\Temp\hpdj3600.exe -servicerunning=true -uninstall=hp deskjet 3600 series -product=3600 []
S3 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-24 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 NBService;NBService; C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.ex [2007-01-15 266240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [2008-11-03 98488]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-08 361216]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Ich versuche jetzt nochmal "gmer". Den Link schicke ich dir jetzt per PN.

Danke im Voraus. mfg McOey

Und nochmal sry, für die ganzen Posts. Aber ging ja nicht anders

Siehe mein Posting, was sich irgendwo zwischen deinen befindet!