Ich hab mir per drive-by-download hauffenweise scheiss aufn PC geladen und ich bin sonst einer der praktisch nie Malware hat bzw sich relativ gut auskennt diese zu entfernen, aber dieser hier hab ich das gefühl, dass noch nich 100% gut ist irgendwie....

ich fand bei google nich wirklich eine vertrauneswürdige möglichkeit den prozess & seine dazugehörigen auswirkungen wieder zu fixen.

Logfile of HijackThis v1.99.1
Scan saved at 22:19:59, on 31.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
E:\Programme\Scramby\voicetunerserver.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Brother\ControlCenter2\brctrcen.exe
C:\Programme\Razer\Diamondback 3G\razerhid.exe
C:\Programme\Razer\Lycosa\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Razer\Lycosa\razertra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
E:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Razer\Diamondback 3G\razertra.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Razer\Lycosa\OSD.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
E:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Dokumente und Einstellungen\******\Desktop\Sicherheitsprogs\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "E:\Programme\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Diamondback] C:\Programme\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Programme\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ICQ] "E:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: ikowin32.exe
O4 - Startup: ikowin32.rar
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Programme\ICQ6.5\ICQ.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-CH/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Wenn ich die ikowin32.exe löschen will (hab sie manuell aus dem autostart herausgenommen mit msconfig) kommt die meldung das es eine systemdatei wäre und ohni sie bestimmte programme nicht funktionieren würde....

Löschen kann ich die Datei aber, aber weiss halt nicht ob das schlau ist es auf diese weise zu machen....

Hallo und

Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab. Poste alle Logs in dieses Thema.

ciao, andreas

bei Malwarebytes-Anti-Malware bekomm ich beim update fehler 732...

Zitat:

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2551
Windows 5.1.2600 Service Pack 2

01.09.2009 00:17:12
mbam-log-2009-09-01 (00-17-12).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|N:\|)
Durchsuchte Objekte: 341339
Laufzeit: 50 minute(s), 19 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{t5tbb77l-4678-0mkc-421q-14416031dyu6} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{67450775-3b18-49b1-aa83-0e010f07f4df} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69b3ebfa-0015-4914-9312-e7758eacfac1} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30de9920-2e84-40a2-88a5-b8d256e15101} (Trojan.Dropper) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Gemeinsame Dateien\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\Gemeinsame Dateien\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\Programme\Gamers.IRC\bin\dll\dmu.dll (Trojan.Bot) -> Quarantined and deleted successfully.
E:\Programme\Gamers.IRC\bin\dll\SysTray.dll (Trojan.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

log.txt .................................

Zitat:

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2009-09-01 00:27:26
Microsoft Windows XP Home Edition Service Pack 2

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Programme\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"RivaTunerStartupDaemon"=E:\Programme\RivaTuner v2.0 RC 15.8\RivaTuner.exe [2005-12-01 2285568]
"SetDefPrt"=C:\Programme\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter2.0"=C:\Programme\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]
"Diamondback"=C:\Programme\Razer\Diamondback 3G\razerhid.exe [2007-08-01 147456]
"Lycosa"=C:\Programme\Razer\Lycosa\razerhid.exe [2007-11-20 147456]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"amd_dc_opt"=C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"AVP"=C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-27 208616]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"VC9Player"=E:\Programme\Virtual CD v9\System\VC9Play.exe [2009-04-21 202056]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 160768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ICQ"=E:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]
"DAEMON Tools Lite"=E:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^ikowin32.exe]
C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ikowin32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2
"rpcapd"=3
"PnkBstrA"=2
"Apple Mobile Device"=2
"VMware NAT Service"=2
"VMnetDHCP"=2
"VMAuthdService"=2
"ufad-ws60"=3
"iPod Service"=3
"InCDsrv"=2
"ClipInc001"=2
"a2free"=2
"WMPNetworkSvc"=3
"WLSetupSvc"=3
"voicetuner"=2
"TuneUp.ProgramStatisticsSvc"=2
"TuneUp.Defrag"=3
"RichVideo"=2
"O&O Defrag"=2
"LVSrvLauncher"=2
"LVPrcSrv"=2
"JavaQuickStarterService"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=E:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-12-23 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\America's Army\System\ArmyOps.exe"="C:\Programme\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"E:\Microsoft Games\Zoo Tycoon 2\zt.exe"="E:\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\Programme\iTunes\iTunes.exe"="E:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Programme\FlashFXP\flashfxp.exe"="E:\Programme\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Programme\FlashFXP\flashfxp.exe"="E:\Programme\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{268729c9-5c55-11da-9ab7-0013d499a5bd}]
shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b7eb931-5f66-11da-9abe-0013d499a5bd}]
shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b7eb932-5f66-11da-9abe-0013d499a5bd}]
shell\AutoRun\command - L:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eb504d8-5dc1-11da-9ab9-0013d499a5bd}]
shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2265ae-5850-11da-9aac-806d6172696f}]
shell\AutoRun\command - I:\setup.exe


======List of files/folders created in the last 1 months======

2009-09-01 00:27:26 ----D---- C:\rsit
2009-09-01 00:27:26 ----D---- C:\Programme\trend micro
2009-08-31 23:19:06 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2009-08-31 23:18:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-25 00:31:10 ----A---- C:\WINDOWS\system32\NMSDVDX.dll
2009-08-24 18:50:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2009-08-24 18:50:07 ----D---- C:\Programme\DAEMON Tools Toolbar
2009-08-24 18:46:06 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
2009-08-19 16:11:11 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Move Networks
2009-08-02 03:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-08-02 03:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-02 03:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-02 03:43:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-09-01 00:27:26 ----RD---- C:\Programme
2009-09-01 00:25:22 ----D---- C:\Programme\Mozilla Firefox
2009-09-01 00:22:30 ----D---- C:\WINDOWS\Temp
2009-09-01 00:21:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-09-01 00:21:21 ----D---- C:\WINDOWS
2009-09-01 00:21:03 ----D---- C:\WINDOWS\system32\drivers
2009-09-01 00:19:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-01 00:17:12 ----D---- C:\WINDOWS\system32
2009-08-31 23:20:09 ----D---- C:\WINDOWS\Prefetch
2009-08-31 23:14:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-08-31 23:14:25 ----D---- C:\WINDOWS\Debug
2009-08-31 23:09:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-31 22:11:09 ----RSH---- C:\boot.ini
2009-08-31 22:11:09 ----A---- C:\WINDOWS\win.ini
2009-08-31 22:11:09 ----A---- C:\WINDOWS\SYSTEM.INI
2009-08-31 22:11:01 ----D---- C:\WINDOWS\pss
2009-08-31 21:50:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-25 00:31:31 ----HD---- C:\WINDOWS\inf
2009-08-25 00:31:29 ----D---- C:\WINDOWS\LastGood
2009-08-25 00:31:03 ----HD---- C:\Programme\InstallShield Installation Information
2009-08-25 00:30:23 ----SHD---- C:\WINDOWS\Installer
2009-08-25 00:30:23 ----SHD---- C:\Config.Msi
2009-08-24 18:27:21 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Vso
2009-08-24 18:27:17 ----A---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ezpinst.exe
2009-08-20 19:47:54 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\teamspeak2
2009-08-03 19:17:41 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2009-08-03 17:56:10 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
2009-08-03 00:33:57 ----A---- C:\WINDOWS\iun6002.exe
2009-08-02 03:46:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-02 03:46:15 ----D---- C:\WINDOWS\system32\de-de
2009-08-02 03:46:15 ----D---- C:\Programme\Internet Explorer
2009-08-02 03:43:22 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\E:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-06-10 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-06-10 28160]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-19 226832]
R1 SSHDRV86;SSHDRV86; \??\C:\WINDOWS\system32\drivers\SSHDRV86.sys []
R2 athsgt;athsgt; C:\WINDOWS\system32\DRIVERS\athsgt.sys [2005-12-05 164992]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-06-09 165376]
R2 limsgt;limsgt; C:\WINDOWS\system32\DRIVERS\limsgt.sys [2005-12-05 12544]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-06-09 18048]
R2 litsgt;litsgt; C:\WINDOWS\system32\DRIVERS\litsgt.sys [2006-01-05 137344]
R2 tansgt;tansgt; C:\WINDOWS\system32\DRIVERS\tansgt.sys [2006-01-05 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 LycoFltr;Lycosa Keyboard; C:\WINDOWS\System32\Drivers\Lycosa.sys [2007-09-27 21888]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-02-11 47360]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\WINDOWS\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 RivaTuner32;RivaTuner32; \??\E:\Programme\RivaTuner v2.0 RC 16\RivaTuner32.sys []
R3 scramby;Scramby Microphone; C:\WINDOWS\system32\drivers\scramby.sys [2007-02-13 25896]
R3 Tetris;Tetris driver; C:\WINDOWS\System32\Drivers\Tetris.sys [2007-02-23 48928]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-06-10 99584]
S1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
S3 a2po8dcr;a2po8dcr; C:\WINDOWS\system32\drivers\a2po8dcr.sys []
S3 augmkpx2;augmkpx2; C:\WINDOWS\system32\drivers\augmkpx2.sys []
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 cpuz130;cpuz130; \??\C:\DOKUME~1\***\LOKALE~1\Temp\cpuz130\cpuz_x32.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-02-11 94080]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOKUME~1\***\LOKALE~1\Temp\KXD143.tmp []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-06-03 25280]
S3 HH9Help.sys;HH9Help.sys; \??\C:\WINDOWS\system32\drivers\HH9Help.sys []
S3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953]
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\System32\Drivers\LCcFltr.Sys [2004-03-03 14095]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2004-03-03 37887]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2002-04-09 39552]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2008-09-18 25600]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-03-16 223128]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zlportio;zlportio; \??\N:\UltraStar Deluxe\zlportio.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-27 208616]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 VC9SecS;Virtual CD v9 Management Service; E:\Programme\Virtual CD v9\System\VC9SecS.exe [2009-04-21 132424]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; E:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; E:\Programme\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 a2free;a-squared Free Service; E:\PROGRAMME\A-SQUARED FREE\a2service.exe [2008-06-26 380016]
S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-07-09 106496]
S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; E:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-12-23 312880]
S4 InCDsrv;InCD Helper; C:\Programme\Ahead\InCD\InCDsrv.exe [2005-06-10 869888]
S4 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2007-07-10 501048]
S4 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-23 152984]
S4 LVPrcSrv;Process Monitor; c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
S4 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S4 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-25 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-25 107832]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2007-01-25 93048]
S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-05-03 361216]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-05-03 604416]
S4 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe []
S4 voicetuner;Voice Tuner; E:\Programme\Scramby\voicetunerserver.exe [2009-05-26 391168]
S4 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]

-----------------EOF-----------------

info.txt teil1 ..........................

Zitat:

info.txt logfile of random's system information tool 1.06 2009-09-01 00:27:30

======Uninstall list======

!xSpeed-->E:\!xSpeed\uninstal.exe
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->E:\Programme\DivX\ConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 3.13-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 9.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Age of Empires III - The WarChiefs-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar-->"C:\Programme\AskBarDis\unins000.exe"
Astraware Sudoku for Pocket PC-->C:\Programme\Astraware\Astraware Sudoku for Pocket PC\uninst.exe
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
Audacity 1.2.6-->"E:\Programme\Audacity\unins000.exe"
AVG Anti-Spyware 7.5-->E:\Programme\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Ballance-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{42E0783D-3BA4-454B-B58A-BF26E49EB7DE}\setup.exe"
Böse Nachbarn 2-->MsiExec.exe /X{706EC84C-6966-45EB-AEB9-EE6DCEA8CA3A}
Bowling Master-->C:\Programme\Microsoft ActiveSync\Bowling Master\Uninstall.exe Bowling Master
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x7 Brunin03.dllBrunin03.dll
Call of Duty - United Offensive-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty-->E:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u E:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Camtasia Studio 3-->E:\Programme\TechSmith\Camtasia Studio 3\CSuninst.EXE
Catch the Sperm II-->E:\Programme\CatchTheSperm2\Uninstall.exe "E:\Programme\CatchTheSperm2\install.log"
Catch the Sperm Unlimited-->"E:\Programme\CatchTheSpermUnlimited\Uninstall.exe" "E:\Programme\CatchTheSpermUnlimited\install.log"
CCleaner (remove only)-->"E:\Programme\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ClickBall Freeware Edition-->C:\Programme\Microsoft ActiveSync\ClickBall Freeware Edition\Uninstall.exe ClickBall Freeware Edition
COD2 Demo-->C:\Programme\Microsoft ActiveSync\COD2 Demo\Uninstall.exe COD2 Demo
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Condition Zero Deleted Scenes-->"E:\Programme\Steam\steam.exe" steam://uninstall/100
Condition Zero-->"E:\Programme\Steam\steam.exe" steam://uninstall/80
Counter-Strike: Source-->"E:\Programme\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"E:\Programme\Steam\steam.exe" steam://uninstall/10
Crazy Machines - Neue Herausforderungen-->MsiExec.exe /X{294EF51E-1453-4F42-8792-77DBFB47D0EC}
Crazy Machines - Neues aus dem Labor-->MsiExec.exe /X{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}
Crazy Machines-->MsiExec.exe /X{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}
DATA BECKER Handy Pack 6.0-->C:\WINDOWS\IsUn0407.exe -fe:\programme\HandyPack6.0\Uninst.isu
dBpowerAMP Monkeys Audio Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"E:\Dev-Cpp\uninstall.exe"
Digitale Bibliothek 2.70-->C:\WINDOWS\unin0407.exe -fc:\Digibib2\DeIsL1.isu -cc:\Digibib2\_ISREG32.DLL
DivX Codec-->E:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->E:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->E:\Programme\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->E:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
DotAzilla-->E:\Programme\DotAzilla\Uninstall.exe
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
Duke Nukem 3D HRP 2005-11-01-->E:\Programme\duke3d\uninst.exe
EA SPORTS online 2008-->E:\Programme\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EO Video 1.36-->C:\WINDOWS\iun6002.exe "E:\Programme\EO Video\irunin.ini"
EVEREST Home Edition v2.20-->"E:\Lavalys\EVEREST Home Edition\unins000.exe"
Exact Audio Copy 0.95b4-->E:\Programme\Exact Audio Copy\uninst.exe
F.E.A.R. Mission Perseus-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{99889189-C739-4A46-BA02-3B271A118957}\setup.exe" -l0x7 -removeonly
Far Cry-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
FEAR-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x7 /zU -removeonly
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
FlashFXP v3-->E:\Programme\FlashFXP\unins000.exe
foobar2000 v0.9-->"E:\Programme\foobar2000\uninstall.exe"
Fraps (remove only)-->"E:\Fraps\uninstall.exe"
Free FLV Converter V 6.4.1-->"E:\Programme\Free FLV Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"E:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Futuremark SystemInfo-->"C:\Programme\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gamers.IRC 5.21-->E:\Programme\Gamers.IRC\uninstall.exe
Garena-->C:\Programme\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Video Player-->"E:\Programme\Google\Google Video Player\Uninstall.exe"
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Hamsterball Gold 3.10-->"E:\Programme\Raptisoft\Hamsterball3.1\unins000.exe"
Hex Workshop v6-->MsiExec.exe /X{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}
HijackThis 1.99.1-->C:\Dokumente und Einstellungen\***\Desktop\Sicherheitsprogs\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB924441)-->"C:\WINDOWS\$NtUninstallKB924441$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HT Ultra Long DVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A63A48BD-914D-43DE-A976-CD3022C49C9B}\Setup.exe" -l0x9
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Internet Adressen-->C:\WINDOWS\unin0407.exe -f"E:\Programme\SSG\Internet Adressen\DeIsL2.isu" -cE:\PROGRA~1\SSG\INTERN~1\_ISREG32.DLL
iPod for Windows 2005-03-23-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1031
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Left 4 Dead-->"C:\WINDOWS\Left 4 Dead\uninstall.exe" "/U:E:\Programme\Left 4 Dead\Uninstall\uninstall.xml"
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x7 -removeonly
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech® Camera-Treiber-->"C:\Programme\Gemeinsame Dateien\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic ISO Maker v5.4 (build 0251)-->E:\PROGRA~1\MagicISO\UNWISE.EXE E:\PROGRA~1\MagicISO\INSTALL.LOG
Magic ISO Maker v5.5 (build 0276)-->E:\PROGRA~1\MagicISO\UNWISE.EXE E:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"E:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Maus Trophy-->C:\WINDOWS\system32\_setupu.exe /u/dE:\Programme\Maus Trophy
MetFileRegenerator v3.014.2-->"E:\Programme\MetFileRegenerator\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30407-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MITs Wizard 3.0 for Device-->MsiExec.exe /X{0143CF89-5CF2-4F2D-80D5-BFAE64E1BA00}
Moorhuhn - Im Anflug (remove only)-->E:\Programme\phenomedia\Moorhuhn - Im Anflug\Uninstall.exe
Moorhuhn 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A6473724-A851-11D5-986D-00500443CF9F}\Setup.exe"
Moorhuhn Invasion Vollversion-->E:\PROGRA~1\PHENOM~1\MO35E7~1\UNWISE.EXE E:\PROGRA~1\PHENOM~1\MO35E7~1\INSTALL.LOG
Moorhuhn Remake-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{52210D57-0B1F-4681-90DD-8659DF4BCC40}\Setup.exe" -l0x7
Moorhuhn Soccer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{59DC43FF-8F26-40B2-A566-C69C9457BF7D}\setup.exe" -l0x7
Moorhuhn Wanted XXL-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A116D023-A3BC-4C70-A8B8-9FE77850F0D9}\Setup.exe" -l0x7 DUIM
Moorhuhn Winter-Edition-->C:\WINDOWS\IsUn0407.exe -f"E:\Programme\phenomedia\Moorhuhn Winter-Edition\Uninst.isu"
Moorhuhn X - XXL-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D0D3C193-7052-4DE4-8BF4-3954D2021FF2}\Setup.exe" -l0x7
Moorhuhn-->C:\WINDOWS\IsUn0407.exe -fE:\Programme\Phenomedia\Moorhuhn1\Uninst.isu
Mozilla Firefox (3.5.2)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->E:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MP3 Folders-->MsiExec.exe /I{5CE09320-7745-11D8-B964-00B0D02C43C4}
MPEG-VCR-->E:\PROGRA~1\MPEGED~1\UNWISE.EXE E:\PROGRA~1\MPEGED~1\INSTALL.LOG
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Need for Speed™ Most Wanted-->E:\Programme\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero OEM-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NHL06-->E:\Programme\EA SPORTS\NHL06\EAUninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
OmniGSoft Snow Rally Canada 1.1 for Pocket PC-->C:\Programme\Microsoft ActiveSync\OmniGSoft Snow Rally Canada 1.1 for Pocket PC\Uninstall.exe OmniGSoft Snow Rally Canada 1.1 for Pocket PC
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PokerStars.net-->E:\Programme\PokerStars.NET\Uninstall.EXE /u:"PokerStars.net"
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.1 combined Win32 extensions-->E:\Python21\UNWISE~1.EXE E:\Python21\w32inst.log
Python 2.1-->E:\Python21\\Python21\UNWISE.EXE E:\Python21\\Python21\INSTALL.LOG
Python 2.6-->MsiExec.exe /I{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}
QIP Uninstall-->E:\Programme\QIP\UnQip.exe
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Razer Diamondback 3G-->C:\Programme\InstallShield Installation Information\{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}\Setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Retriever 1.1.4.0-->"E:\Programme\Retriever\unins000.exe"
Return to Castle Wolfenstein-->E:\PROGRA~1\RETURN~1\Uninstall\Unwise.exe /u E:\PROGRA~1\RETURN~1\Uninstall\Install.log
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Riva FLV Player-->"E:\Programme\Riva FLV Player\unins000.exe"
RivaTuner v2.0 RC 16-->"E:\Programme\RivaTuner v2.0 RC 16\uninstall.exe"
RM Converter 3-->E:\Programme\RM Converter 3\Uninstall.exe
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0003]-->"E:\Programme\S.T.A.L.K.E.R\unins000.exe"
Schatzjäger 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1D0DD240-7752-48B5-A6EF-AC6509E16ABE}\Setup.exe" -l0x7
Scramby 1.5.0.6-->"E:\Programme\Scramby\unins000.exe"
Security Task Manager 1.6f-->E:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
ShortKeys Lite-->E:\SHORTK~1\UNWISE.EXE E:\SHORTK~1\INSTALL.LOG
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" kam ca. 1000 mal hab ich auf einmal reduziert ansonsten hätte ich 20 posts machen müssen...

info.txt teil 2........

Zitat:

Ski Alpin Racing 2007-->"E:\Programme\Ski Alpin Racing 2007\setup.exe" -u
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soldat 1.4.2-->"E:\Soldat\unins000.exe"
Sommerspiele Deinstallieren-->E:\Programme\Sommerspiele\uninstall.exe
Sony Media Manager 2.2-->MsiExec.exe /X{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}
Sony Vegas 7.0-->MsiExec.exe /X{251C3815-7A55-4607-A82D-C3B98F0FBAB8}
SpeedFan (remove only)-->"E:\Programme\SpeedFan\uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"E:\Programme\Spybot - Search & Destroy\unins001.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sudoku-->"C:\Programme\Gemeinsame Dateien\MimarSinan\Installation Information\{FB5055E4-9BE1-425F-B40A-33E43E9460DA}\{C8A522A9-9CBA-4AD3-80E9-EE3DD9BCA3A2}\SudokuSetup.exe" REMOVE=TRUE MODIFY=FALSE
TeamSpeak 2 RC2-->E:\Programme\Teamspeak2_RC2\unins000.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TiEmu 2.08-->"E:\Programme\TiEmu\unins000.exe"
TmNationsForever-->"E:\Programme\TmNationsForever\unins000.exe"
TommyK-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2CC9A4AB-9E07-460F-B643-8F810859BCCD}\Setup.exe" -l0x9
Top Spin 2-->MsiExec.exe /I{4D5B5CDD-77BD-48FB-8E2C-42A41ADC7CEC}
TrackMania Original 1.5.0-->"E:\TrackMania\unins000.exe"
TrackMania United DVD Patch 2006-12-15-->"E:\Programme\TrackMania United\unins000.exe"
TreeSize Professional 3.3-->"C:\Programme\JAM Software\TreeSize Professional\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Ulead COOL 360 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}\Setup.exe" -l0x7 -uninst
Ulead Photo Explorer 8.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\setup.exe" -l0x7
Ulead PhotoImpact 11-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C8550C86-A712-4219-AD4C-038C9FD1D149}\setup.exe" -l0x7
UltraStar Deluxe-->N:\UltraStar Deluxe\Uninstall.exe
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB900930)-->"C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Update für Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update für Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VDMSound 2.0.4-->MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.5-->E:\Programme\VLC\uninstall.exe
Virtual CD v9-->C:\Programme\InstallShield Installation Information\{98A64C75-BFD6-4212-8746-8BADC7ABA79E}\setup.exe -runfromtemp -l0x0007 -removeonly
Vodei Multimedia Processor 2.00-->E:\Programme\Vodei\uninst.exe
WER WIRD MILLIONÄR VIERTE EDITION-->MsiExec.exe /I{9781A96F-71AC-4738-984B-5AB597DFE678}
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\db3g_17CEA01FB508D63DE2A978D03A05C3D4BC0BA4B7\db3g.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Mobile®-Gerätehandbuch-->C:\Programme\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinPcap 4.0-->C:\Programme\WinPcap\uninstall.exe
WinRAR archiver-->E:\Programme\WinRar\uninstall.exe
Worms Armageddon-->C:\WINDOWS\IsUn0407.exe -fe:\WormsArmageddon\Uninst.isu
Worms World Party-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
Worms.IP.Override 2.0-->"E:\Programme\Worms.IP.Override\unins000.exe"
Worms.IP.Override-->MsiExec.exe /X{3E517D96-F713-4563-AB57-E8FA6EE1C7DD}
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xfire (remove only)-->"E:\Programme\Xfire\uninst.exe"
XP Codec Pack-->C:\Programme\XP Codec Pack\Uninstall.exe
xp-AntiSpy 3.96-2-->E:\Programme\xp-AntiSpy\Uninstall.exe
YAWLE 0.5b-->C:\WINDOWS\iun6002.exe "E:\Programme\Warcraft III\YAWLE\irunin.ini"
YETISPORTS Pingu Throw D.C.-->"C:\Programme\Yetisports\Uninstall.exe" "C:\Programme\Yetisports\install.log"
Zattoo 3.3.4 Beta-->E:\Programme\Zattoo\uninst.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2006-03-26]
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2006-05-10]
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing) [2006-05-10]
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot [2006-06-02]
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing) [2006-06-02]
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing) [2006-06-03]
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe [2006-06-03]
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - E:\Programme\ewido anti-spyware 4.0\guard.exe [2006-08-02]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.70.193.56:8080 [2006-08-11]
O4 - HKLM\..\Run: [RemoteControl] E:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2006-08-28]
O4 - HKCU\..\Run: [RealPlayer] "C:\Programme\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot [2006-08-28]
O4 - HKLM\..\Run: [LanguageShortcut] E:\Programme\CyberLink\PowerDVD\Language\Language.exe [2006-08-28]
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab [2006-08-28]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [2006-08-28]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab [2006-08-28]
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe [2006-08-28]
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe [2006-08-28]
O4 - HKCU\..\RunOnce: [FFTI] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\eyw73nzy.Alain2\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles/eyw73nzy.Alain2\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" [2007-03-26]
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe [2009-01-05]
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe [2009-01-05]
O4 - HKCU\..\Run: [Free Download Manager] E:\Programme\Free Download Manager\fdm.exe -autorun [2009-01-05]
O4 - Startup: ikowin32.exe [2009-08-31]
O4 - Startup: ikowin32.exe [2009-08-31]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

======System event log======

Computer Name: ****
Event Code: 7023
Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


Record Number: 8976
Source Name: Service Control Manager
Time Written: 20090612102508.000000+120
Event Type: Fehler
User:

Computer Name: ******
Event Code: 7036
Message: Dienst "Anwendungsverwaltung" befindet sich jetzt im Status "Beendet".

Record Number: 8975
Source Name: Service Control Manager
Time Written: 20090612102508.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Anwendungsverwaltung" gesendet.

Record Number: 8974
Source Name: Service Control Manager
Time Written: 20090612102508.000000+120
Event Type: Informationen
User: *******************

Computer Name: ********
Event Code: 7023
Message: Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.


Record Number: 8973
Source Name: Service Control Manager
Time Written: 20090612102508.000000+120
Event Type: Fehler
User:

Computer Name: ********
Event Code: 7036
Message: Dienst "Anwendungsverwaltung" befindet sich jetzt im Status "Beendet".

Record Number: 8972
Source Name: Service Control Manager
Time Written: 20090612102508.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ***********
Event Code: 102
Message: MsnMsgr (2296) \\.\C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\*********@hotmail.com\SharingMetadata\Working\database_6458_3CB6_583C_88B6\dfsr.db: Das Datenbankmodul hat eine neue Instanz gestartet (0).

Record Number: 31775
Source Name: ESENT
Time Written: 20090505165847.000000+120
Event Type: Informationen
User:

Computer Name: *********
Event Code: 100
Message: MsnMsgr (2296) Das Datenbankmodul 5.01.2600.2780 ist gestartet.

Record Number: 31774
Source Name: ESENT
Time Written: 20090505165847.000000+120
Event Type: Informationen
User:

Computer Name: **********
Event Code: 12001
Message:
Record Number: 31773
Source Name: usnjsvc
Time Written: 20090505165842.000000+120
Event Type:
User:

Computer Name: **********
Event Code: 4127
Message: Inhaltsindex auf c:\system volume information\catalog.wci konnte nicht initialisiert werden. Fehler 3221225477.

Record Number: 31772
Source Name: Ci
Time Written: 20090505165439.000000+120
Event Type: Fehler
User:

Computer Name: ************
Event Code: 4127
Message: Inhaltsindex auf c:\system volume information\catalog.wci konnte nicht initialisiert werden. Fehler 3221225477.

Record Number: 31771
Source Name: Ci
Time Written: 20090505165439.000000+120
Event Type: Fehler
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD;%VDMSPath%;E:\Programme\Gemeinsame Dateien\GTK\2.0\bin;C:\Programme\QuickTime\QTSystem\;C:\Programme\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VDMSPath"=E:\Programme\VDMSound\
"LANG"=de
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

Oha, da weiß man ja nicht, wo man anfangen soll.

Lassen wir erstmal die Scanner laufen, bevor wir rumscripten.

1.) http://www.trojaner-board.de/51871-a...tispyware.html

2.) Kaspersky - Onlinescanner

Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick über die vorhandene Malware.

---> hier herunterladen => Kaspersky Online Scanner
=> Hinweise zu älteren Versionen beachten!
=> Voraussetzung: Internet Explorer 6.0 oder höher
=> die nötigen ActiveX-Steuerelemente installieren => Update der Signaturen => Weiter
=> Scan-Einstellungen => Standard wählen => OK => Link "Arbeitsplatz" anklicken
=> Scan beginnt automatisch => Untersuchung wurde abgeschlossen => Protokoll speichern als
=> Dateityp auf .txt umstellen => auf dem Desktop als Kaspersky.txt speichern => Log hier posten
=> Deinstallation => Systemsteuerung => Software => Kaspersky Online Scanner entfernen

3.) Überprüfe den Rechner mit PrevXCSI. Poste ein Screenshot falls etwas gefunden werden sollte oder poste Namen und Pfade.

ciao, andreas

1) Super Anti Spyware findet überhaupt nix

2) Kasperksy hab ich selber auf dem Rechner und gestern schon nen surchdurchlauf gemacht, der fand einiges und das hab ich auch removed.

3) Prevx findet folgendes:

no23recorder.exe in e:Programme\no23 recorder | High Risk worm
N°23 Recorder.lnk in C:dokumenteundeinstellungen\***\Desktop
agp440.sys in c:windows\system32\drivers | Medium Risk Malware

die ersten 2 dürften falschmeldungen sein, das 3. hab ich keine ahnung

Hallo ,ich hab das auch !!!
nun hab ich auf löschen gedrückt ,ist es damit denn jetzte nich auch weg ???
GlG first


In der Datei 'C:\Dokumente und Einstellungen\Lion-King\Anwendungsdaten\TuneUp Software\TuneUp Utilities\StartUp Manager\Deaktivierte Objekte\ikowin32.exe'
wurde ein Virus oder unerwünschtes Programm 'BDS/Bredolab.OW' [backdoor] gefunden.
Ausgeführte Aktion: Datei löschen

@firstlionkin

Hallo und

Erstelle bitte dein eigenes Thema. Dieses hier gehört Harn33.

Zitat:

nun hab ich auf löschen gedrückt ,ist es damit denn jetzte nich auch weg ???

Doch, schon, aber der kommt nicht alleine sondern immer in Begleitung.

@Harn33

Zitat:

Also das mit der XP Pro CD wird schwierig... Ich kenn niemanden der die hat

Hast du Tools wie XP-Antispy oder XPHome2Prof benutzt?

Zitat:

1. Die Schriftart im Browser, Desktop etc. ist plötzlich anders

Das liegt an TuneUp Utilities. Vermutlich hast du ein geändertes Design benutzt. Mache dir darüber keine Sorgen.

Zitat:

2. Die Treiber/Software von Tatatur/Maus sind weg

Was meinst du damit? Funktionieren Tastatur und Maus nicht mehr? Dann muss ich es genau wissen? Sind die per Funk oder per Kabel verbunden? Sind das PS/2 oder USB-Geräte? Falls dir die Begriffe nichts sagen, ist der Stecker rund oder rechteckig?

Du machst dir Sorgen wegen geänderter Schriftart? Du hast noch immer das Problem nicht erkannt. Lies hier => Win32/Cutwail Family - CA

Ja, nette Kombination aus Rootkit, Downloader und Spambot. In anderen Foren hätten sie dich schon längst Neuaufsetzen lassen (was bestimmt nicht falsch ist). Trenne grundsätzlich die Verbindung zum Internet, falls du es nicht benötigst.

1.) Deinstalliere:

• Daemon Tools Toolbar
• µTorrent (Virenschleuder)

2.) Lade die Datei

Zitat:

c:\windows\system32\drivers\vdrv9000.sys

bitte bei uns hoch.

3.) Scripten mit Combofix

• Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code: Alles auswählenAufklappen

ATTFilter

KILLALL::

Driver::
InCDPass
incdrm
InCDfs
a2po8dcr
augmkpx2
ACEDRV05
cpuz130
vsdatant
a2free
AVG Anti-Spyware Guard
InCDsrv
JavaQuickStarterService
TuneUp.Defrag
TuneUp.ProgramStatisticsSvc
zlportio

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{268729c9-5c55-11da-9ab7-0013d499a5bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b7eb931-5f66-11da-9abe-0013d499a5bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b7eb932-5f66-11da-9abe-0013d499a5bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eb504d8-5dc1-11da-9ab9-0013d499a5bd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2265ae-5850-11da-9aac-806d6172696f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"nwiz"=-
"SoundMan"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[-HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]
[-HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Martin^Startmenü^Programme^Autostart^ikowin32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=-
"InCDsrv"=-
"a2free"=-
"TuneUp.ProgramStatisticsSvc"=-
"TuneUp.Defrag"=-
"JavaQuickStarterService"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

Folder::
E:\Programme\Gamers.IRC
C:\Programme\DAEMON Tools Toolbar
C:\Config.Msi
C:\Programme\AskBarDis
C:\rsit
c:\dokumente und einstellungen\Martin\Anwendungsdaten\uTorrent
d:\Bittorrent
N:\nicht verwendete Desktopverknüpfungen\Unsecure
c:\found.000

File::
C:\WINDOWS\system32\drivers\OLD1A7.tmp
C:\WINDOWS\LastGood\system32\drivers\agp440.sys
c:\windows\system32\drivers\agp440.sys
c:\windows\pss\ikowin32.exeStartup
E:\FirefoxDownload\rld-tunt.rar
E:\Programme\Garena\plugins\FixedUpdatePlugin.dll
E:\Programme\Ocean Technology\GG E-Sports Platform\plugins\FixedUpdatePlugin.dll
C:\WINDOWS\Prefetch\IKOWIN32.EXE-1E2F12F0.pf

DirLook::
         

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

• Nun die Datei cfscript.txt auf das Sysmbol von Combofix ziehen!

• Danach das Log von Combofix ohne zu Editieren posten. Nur wenn dein Vor- und Nachname ersichtlich ist, dann entferne ihn.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

-wegen Maus: nein die maus reagiert nur sehr schnell halt ohne software, die software muss irgendwie nach all den deinstallationen wohl abhanden gekommen sein.

-Ich habe xp-antispy oft gebraucht ja...

-Daemon Tools Toolbar finde ich keine in der "Software" zum deinstallieren

-c:\windows\system32\drivers\vdrv9000.sys ist ebenfalls nicht auffindbar

- cfscript:
(Wichtig: Ich hab mir erlaubt den teil mit allen"c:\found.000" zu kürzen, da ansonsten das log über 80'0000 zeichen gewesen wäre.)

Zitat:

ComboFix 09-09-02.02 - *** 03.09.2009 18:22.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.2047.1438 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\cfscript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\LastGood\system32\drivers\agp440.sys"
"c:\windows\Prefetch\IKOWIN32.EXE-1E2F12F0.pf"
"c:\windows\pss\ikowin32.exeStartup"
"c:\windows\system32\drivers\agp440.sys"
"c:\windows\system32\drivers\OLD1A7.tmp"
"e:\firefoxdownload\rld-tunt.rar"
"e:\programme\Garena\plugins\FixedUpdatePlugin.dll"
"e:\programme\Ocean Technology\GG E-Sports Platform\plugins\FixedUpdatePlugin.dll"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Config.Msi
c:\config.msi\7ac31.rbf
c:\config.msi\7ac9a.rbf
c:\config.msi\841410.rbf
c:\dokumente und einstellungen\***\Anwendungsdaten\uTorrent
c:\found.000
c:\found.000\dir0001.chk\index_showuseronline.tpl
c:\found.000\dir0001.chk\sicher\index_showuseronline.tpl
c:\found.000\dir0002.chk\13892
c:\found.000\dir0002.chk\701
c:\found.000\dir0002.chk\725
c:\found.000\dir0002.chk\admins.gif
c:\found.000\dir0002.chk\aim.gif
c:\found.000\dir0002.chk\announce.gif
c:\found.000\dir0002.chk\armageddon\645
.....
.....
c:\programme\AskBarDis
c:\programme\AskBarDis\bar\bin\askBar.dll
c:\programme\AskBarDis\bar\bin\askPopStp.dll
c:\programme\AskBarDis\bar\bin\AskSplash.exe
c:\programme\AskBarDis\bar\bin\AskTBApp.exe
c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe
c:\programme\AskBarDis\bar\bin\psvince.dll
c:\programme\AskBarDis\bar\Settings\AskLogo.ico
c:\programme\AskBarDis\bar\Settings\config.dat
c:\programme\AskBarDis\bar\Settings\config.dat.bak
c:\programme\AskBarDis\unins000.dat
c:\programme\AskBarDis\unins000.exe
c:\programme\DAEMON Tools Toolbar
C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
c:\windows\LastGood\system32\drivers\agp440.sys
c:\windows\pss\ikowin32.exeStartup
c:\windows\system32\drivers\agp440.sys
c:\windows\system32\drivers\OLD1A7.tmp
d:\Bittorrent
e:\firefoxdownload\rld-tunt.rar
e:\programme\Gamers.IRC
e:\programme\Garena\plugins\FixedUpdatePlugin.dll
e:\programme\Ocean Technology\GG E-Sports Platform\plugins\FixedUpdatePlugin.dll
n:\nicht verwendete desktopverknüpfungen\Unsecure
n:\nicht verwendete desktopverknüpfungen\Unsecure\ReadMe.txt
n:\nicht verwendete desktopverknüpfungen\Unsecure\uns12.doc
n:\nicht verwendete desktopverknüpfungen\Unsecure\Uns12.exe
n:\nicht verwendete desktopverknüpfungen\Unsecure\unsdic.txt

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_A2FREE
-------\Legacy_ACEDRV05
-------\Legacy_CPUZ130
-------\Legacy_INCDFS
-------\Legacy_INCDSRV
-------\Legacy_VSDATANT
-------\Service_a2free
-------\Service_ACEDRV05
-------\Service_cpuz130
-------\Service_vsdatant
-------\Service_zlportio
-------\Legacy_ASKUpgrade
-------\Service_ASKUpgrade


((((((((((((((((((((((( Dateien erstellt von 2009-08-03 bis 2009-09-03 ))))))))))))))))))))))))))))))
.

2009-09-02 23:20 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-02 23:20 . 2009-09-02 23:20 -------- d-----w- c:\programme\Panda Security
2009-09-01 21:36 . 2009-09-01 21:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-09-01 21:36 . 2009-09-03 11:16 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
2009-08-31 22:27 . 2009-08-31 22:27 -------- d-----w- c:\programme\trend micro
2009-08-31 21:19 . 2009-08-31 21:19 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2009-08-31 21:19 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-31 21:18 . 2009-08-31 21:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-31 21:18 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 19:42 . 2004-08-03 21:07 42368 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2009-08-24 16:50 . 2009-08-24 16:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2009-08-24 16:46 . 2009-08-24 16:46 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
2009-08-19 14:11 . 2009-08-19 14:11 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Move Networks

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 16:56 . 2008-11-05 20:17 8844 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-03 16:56 . 2008-11-05 20:17 7314976 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-03 16:56 . 2008-11-05 20:17 62420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-03 16:56 . 2008-11-05 20:17 1351712 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-03 11:16 . 2005-11-20 20:58 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-09-03 07:51 . 2004-08-04 12:00 84710 ----a-w- c:\windows\system32\perfc007.dat
2009-09-03 07:51 . 2004-08-04 12:00 439796 ----a-w- c:\windows\system32\perfh007.dat
2009-09-03 06:50 . 2008-11-05 20:17 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-09-02 22:48 . 2005-11-14 14:20 -------- d--h--w- c:\programme\InstallShield Installation Information
2009-09-02 22:34 . 2005-12-09 23:10 -------- d-----w- c:\programme\Java
2009-09-02 22:32 . 2007-03-24 19:38 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-09-02 22:32 . 2006-10-06 13:16 -------- d-----w- c:\programme\Skype
2009-09-02 22:19 . 2006-01-13 12:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-09-02 22:04 . 2005-11-14 14:21 -------- d-----w- c:\programme\Ahead
2009-08-25 19:45 . 2008-07-25 12:44 149535 ----a-w- c:\windows\War3Unin.dat
2009-08-24 16:46 . 2005-11-23 17:36 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-24 16:27 . 2007-02-11 19:24 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Vso
2009-08-24 16:27 . 2007-02-11 19:24 94080 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\ezplay.sys
2009-08-24 16:27 . 2007-02-11 19:24 81920 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\ezpinst.exe
2009-08-20 17:47 . 2005-12-28 19:32 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\teamspeak2
2009-08-03 17:17 . 2006-10-06 13:16 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Skype
2009-08-03 15:56 . 2008-02-05 14:08 -------- d-----w- c:\dokumente und einstellungen\**\Anwendungsdaten\skypePM
2009-08-02 22:33 . 2006-09-29 22:49 729088 ----a-w- c:\windows\iun6002.exe
2009-07-27 13:23 . 2008-11-05 20:17 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-27 13:23 . 2008-11-05 20:17 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-21 20:38 . 2007-08-25 13:01 -------- d-----w- c:\programme\DivX
2009-07-16 20:52 . 2009-07-16 19:07 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Bioshock
2009-07-12 17:32 . 2009-07-12 17:32 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared
2009-07-03 05:51 . 2005-11-15 08:00 108824 ----a-w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-06-16 14:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-02_21.10.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2004-08-04 12:00 37888 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-09-03 07:51 71328 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-09-02 20:18 71328 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2004-08-04 12:00 97792 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 57344 c:\windows\system32\mshtmler.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\mshta.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 22016 c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 96768 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\imgutil.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 64000 c:\windows\system32\iesetup.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 49152 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 81920 c:\windows\system32\ieencode.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2007-10-11 06:12 55808 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 37888 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 97792 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 57344 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 22016 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 96768 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\dllcache\imgutil.dll
+ 2005-11-14 13:00 . 2004-08-04 12:00 93184 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 64000 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 49152 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2005-11-20 19:11 . 2007-10-10 11:16 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\dllcache\ie4uinit.exe
+ 2005-11-14 13:00 . 2004-08-04 12:00 38912 c:\windows\system32\dllcache\hmmapi.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 55808 c:\windows\system32\dllcache\extmgr.dll
- 2005-11-14 13:00 . 2007-08-13 17:54 33792 c:\windows\system32\dllcache\custsat.dll
+ 2005-11-14 13:00 . 2006-06-02 19:31 33792 c:\windows\system32\dllcache\custsat.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35328 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 35328 c:\windows\system32\corpol.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\admparse.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 665088 c:\windows\system32\wininet.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 281088 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 417792 c:\windows\system32\vbscript.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 617472 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-09-03 07:51 424466 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-09-02 20:18 424466 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2007-10-11 06:12 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\msls31.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2007-11-14 07:26 450560 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 323584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 237568 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 220672 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 139264 c:\windows\system32\ieakeng.dll
+ 2005-11-14 11:30 . 2009-09-03 06:49 336256 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2007-10-11 06:12 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 665088 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 281088 c:\windows\system32\dllcache\webcheck.dll
+ 2005-11-14 13:00 . 2007-06-26 13:55 851968 c:\windows\system32\dllcache\vgx.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 417792 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 617472 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2007-11-14 07:26 450560 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 323584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 237568 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 220672 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 139264 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2007-10-11 06:12 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2005-01-28 07:53 164864 c:\windows\system32\dllcache\cewmdm.dll
+ 2005-11-14 11:34 . 2006-02-15 00:22 142464 c:\windows\system32\dllcache\aec.sys
+ 2004-08-04 12:00 . 2004-08-04 12:00 102400 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2005-01-28 07:53 164864 c:\windows\system32\cewmdm.dll
+ 2004-08-04 12:00 . 2004-08-04 12:00 102400 c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2007-10-30 10:15 3079680 c:\windows\system32\mshtml.dll
+ 2004-08-04 12:00 . 2007-10-30 10:15 3079680 c:\windows\system32\dllcache\mshtml.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programme\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ICQ"="e:\programme\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"DAEMON Tools Lite"="e:\programme\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"AlcoholAutomount"="e:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-27 208616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"ufad-ws60"=3 (0x3)
"iPod Service"=3 (0x3)
"ClipInc001"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"voicetuner"=2 (0x2)
"RichVideo"=2 (0x2)
"O&O Defrag"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"e:\\Programme\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 19:29 33808]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [03.09.2009 01:20 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [15.12.2005 18:04 81408]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [05.12.2005 21:17 164992]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [05.12.2005 21:17 12544]
R2 litsgt;litsgt;c:\windows\system32\drivers\litsgt.sys [05.01.2006 11:34 137344]
R2 tansgt;tansgt;c:\windows\system32\drivers\tansgt.sys [05.01.2006 11:34 12032]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 20:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 19:06 24592]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [16.07.2008 19:35 21888]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [16.07.2008 19:32 13225]
R3 Tetris;Tetris driver;c:\windows\system32\drivers\Tetris.sys [23.02.2007 22:30 48928]
S3 GarenaPEngine;GarenaPEngine;\??\c:\dokume~1\***\LOKALE~1\Temp\KXD143.tmp --> c:\dokume~1\***\LOKALE~1\Temp\KXD143.tmp [?]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [18.11.2005 18:17 14095]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.01.2007 19:31 42000]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [15.09.2006 16:50 3567]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [10.11.2008 00:12 25600]
S4 voicetuner;Voice Tuner;e:\programme\Scramby\VoicetunerServer.exe [16.07.2009 14:04 391168]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\programme\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\programme\AskBarDis\bar\bin\askBar.dll


.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\eyw73nzy.***2\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch
FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\eyw73nzy.***2\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npoctoshape.dll
FF - plugin: c:\programme\Octoshape Streaming Services\***\octoprogram-L03-N00-U00-C00_0712211_000\npoctoshape.dll
FF - plugin: e:\programme\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: e:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\programme\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: e:\programme\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: e:\programme\Real\RealPlayer\Netscape6\nprpjplug.dll

---- FIREFOX Richtlinien ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 19:02
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\dokume~1\***\LOKALE~1\Temp\KXD143.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-484763869-1177238915-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-484763869-1177238915-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,6e,bc,6e,0f,89,38,54,03,3c,ee,0f,46,4b,d9,ae,84,ea,5e,ea,e0,3c,1a,
f6,d8,f3,e6,8a,41,0a,41,c4,55,80,d4,ef,94,d5,27,87,39,03,e3,6e,3b,77,31,c1,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-484763869-1177238915-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:66,a1,8b,17,3d,d3,96,9b,6a,5f,82,3a,d4,94,dd,e6,fa,c4,75,d3,03,
16,f1,55,c3,01,75,08,49,29,6c,2e,98,77,0e,f3,8e,91,ff,5d,97,be,03,41,6a,dd,\
"rkeysecu"=hex:0a,73,de,58,a9,ac,33,9c,57,72,a8,24,49,3c,ad,32

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"70403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

teil2 vom log:.............

Zitat:

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="DC4FD6863692956633E0551CDE8C289B0DA35E38C56B775CCDAF6E31980FB050758DB48912030460D2B62ABF89C4E00FFB99ECAA5D16F9DC1A39 F3E8A2DB22BD88540FDFAC1772A3402437C8E0DF4411921F2F52D8FE7740395E73C9DB0B0EDB2F7CFA5F9F9D8EC3609848F05A95C7E4245FC8692F694B9B8920852FD807D12F747F2624B9 CC5CD80D2BBEB22404B0537526EDEB06FA20885D28D5B6DE201F45D9FED10EFD3B317E921210CF1B2D9C2AC1E66C9C3C3E7726FCBE23C1E4897D2AD03ED1BE226738D332AC45CBD474FA3A 37381FFEE0A1A615A2D4BFF71B59C4F043A60D1E9030FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2 F6E667A9C6AECB7A5D14075D575E7D6A3B9808C038D530D6EB3452F955537E6711AC7F030C5AF7675652D7210FA8BEFA8DF064A18794371EB5B041E6A96F3417BD762803E75A5F3747A5A8 A23BF634ECEC3566C377E28A1FAD94E9BD3305AE6250608919BE2891F76564543A2969FD1E58F41BDAD77263AF8B8EFECB2D873517054D13173C66CF0BB1B0946115EC7425302F2622169B 56B9301BA834D25DB212DFD897248E27FC64EE6183DEBEE3942A97178AAAA12E973CBE6BF4E868623648A550CEB868F3200CA381A255E8A100EA7716B3D6EF6B02C824E2D7B4B1637240E1 B455238148E71F9BCED636DB70FAB77B456E5FF88A13058A9AA73378A53F94623BA8849213224CE43D6847628B6F781375EBCF3AB3EB2D64DF9D560BDF95F538CDADD2DB39C4D8D3708225 CD26682374A941083385D38D663159E13BBC96A6B98A2AD99E93E49D00C5B7BC6FE49748961A68BAEA92B3090AC55C6EDDDA827E03C14B33236DBF06C24BF9D021DE5307B4B13EF066E09A 950C830DE9CDCC42E86F799ED4B207B513BBC1247A3E231393D011050735E9B83FED093614E69BE0E4A36C99039C13CAD7CF21EF23253373BA2E8AE02A679BE422F3A506028CBF8C068386 1256B33B257DA3148088B901365654265DE090599971A85E8F9B232B17723BE9C3BD4E9B1340A479D8BE64F840DA111E65824AF773F359EBC820153E79E5386BCEFA46C202700162E12C11 F599CA72644B393141B503953A8B9D50D14EB0AB16B5A37BB58872AA16E60CAF4AEFC04E1BC585E574C40E34EA977AC5AF53350E26E021D06DDBBDDA1019EB31BA9469BB19EB3C0D42AC95 CC508DEE6A18EB6A168E9AB22C535ADF0C7C0DAF90FE7B0797EB3D84CE5199313D7575883A3D1F5DC4731368774A82F77CC0BA8EC745BDED825199D9D83CDD8AA615382730C5182BDB2EDC A8A324783BAFF0FE12D52F98875F3D478B5A8F6FE06E21A5FED04D250861CC71AD21AA04716E59991941D06DD1D5D7EF3E894F6806BD3DEF1A9FE239BB9E912984E6"
"OODEFRAG10.00.00.01WORKSTATION"="6250DC14F3AFEF9203E9839E70D966F248D5C3B107106C905F3B989CB8ACE8523F37A475305676D8420B399DCBEC888215CFA4506E0EE605F2C6 52BEA4ACF592B0323B41992D4D8E193F29925E9BA0581C7EC1A278E9FA1FC9F36D704AC944C59C2C81FAC80799619AEA47C07C81F8B33D5FC5CCD7A8B64EB0F7E855DB9147315F346B670C 1DD603CF959C2E3220B157CD92EDB7F43200886A2C55D53DF7C898C77D7D12E28750AA336B43273D5B3C8C16DD8A0E6C568C452D8FDB2186D2E5C4985DD5490548AA93383CEE39107C5F1D D4AA02C10CC4E88223C23428845CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D2 13B555A6171C11EC38DE3DA9C6AECB7A5D14078F2900C725E2089B3ED1A5302106C5B5A3818A82C681C2436BE21D77B804BB45EAEF07000AB9F5735F3C1CC89AB425127368AE5CCDD41853 188CAACA8348C8C8ACC80060EF1A27E87752E2F637D0439DEFA352CCE09CBD69D4AB7BEB169511981417E1ABB20BA1868AA7DC36A76225EA801863A4298254400C16AB282ED6F338B5C414 46455AA2B7EE55DFA233B684EEE130C55ADFF5B27881A5CB6D1BBB8110743AF3382C96974FD278B57FB3DF4C05A659CF8BD529E0154ABBDFD1423604EC0E6AD22E8115A503B3319CB19633 9D6C31044CF46C119C7DCFB7DE8B9AFE727E11C674FAF16D246AE52347C2DF48CD453CA77BF99D68587C5183B67831117DD9DEC69412BE7C9D0512F8DBE1A4FDE39853BC0EA1732FB742DE 87C59626AA86F6AEE75D0D3CE15232B2DE72608FF41DCE57412E968CA316615F32600BAECF25328CA8F128558137B999041BB4DE91EAB77EB6F3A79C5081538C774F1D9146A14C568CE545 86037043E71FD677E3FCF0054F237049EAFBB970F24D4DB8AC9A7D6ABE1BC2E761D45CDC97E61C678725074D288FA51052B535F9F5AF0CEDED1B6A134CE106B90A2409F77399556641BBB9 8AB98A8AB7C3D09C934A9A2E705BDBCCB3D96DA0083C68BB699BF6DE7AA034CB9B87258BA0C0E2CE437A14CC180DB2C19D175476C2C2D6E9EA03C30C4DC7492F426CF4064B61455CF5E31F F2E0AF3C9783062C6200006C401AF1C923AC6DF68E2693944DE0D0968A79B8C9A0EB03574E7FFD11AF7769E91DF785D3DD8B5A7F4550FD9FA9A94E39D4837DA04B7B5A269F8CA8A3A00707 D3166AAA3469FD6F6763AF01B9D497AC5366A90E36D9771F11F40C8607E92E78F0F03A28BD69BF1CF7AD1745877DBA544EA1661622A76DCDC16BC068623414EC4DA91594CAF2AC683D9D3D C633C84CBFD99B9B987F070B76A8575576E19C002ABBF08DDA378FC86E895F3BD6EACB26FDE69F8B6A6BB9A63D793ED42AB4B45F0ACDA8173BE3BE385BF252109BDE"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(1088)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\nvsvc32.exe
e:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\programme\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-09-03 19:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-09-03 17:08
ComboFix2.txt 2009-09-02 21:16

Vor Suchlauf: 3'455'770'624 Bytes frei
Nach Suchlauf: 3'386'327'040 Bytes frei

7479 --- E O F --- 2009-08-02 01:46

Zitat:

-wegen Maus: nein die maus reagiert nur sehr schnell halt ohne software, die software muss irgendwie nach all den deinstallationen wohl abhanden gekommen sein.

Dazu brauchst du keine extra Software.

Start => Einstellungen => Systemsteuerung => Karte: Zeigeroptionen => Schieberegler bei Bewegung einstellen

Zitat:

-Ich habe xp-antispy oft gebraucht ja...

Das könnte die Ursache sein, warum sfc /scannow nicht funktioniert.

Starte XP-Antispy => Menüzeile: Spezial => Alle Einstellungen zurückstellen

Danach noch einmal mit deiner CD versuchen.

Zitat:

Daemon Tools Toolbar finde ich keine in der "Software" zum deinstallieren

Die kriegen wir auch anders klein.

Zitat:

c:\windows\system32\drivers\vdrv9000.sys ist ebenfalls nicht auffindbar

Versuche nicht die Datei zu finden, sondern markiere den Text in der Box, kopiere ihn und füge ihn im ersten Feld im Uploadchannel ein.

Code: Alles auswählenAufklappen

ATTFilter

c:\windows\system32\drivers\vdrv9000.sys
         

Deinstalliere:

• Panda Active Scan

ciao, andreas