20 Tan Trojaner eingefangen

Mozart · 31.08.2009, 23:34

Hallo erstmal, bin neu hier im Forum und hab mich hier angemelded weil ich mir wohl einen bösen Trojaner aufen Rechner geladen hab. Aber ich denk mal das ihr mir hoffentlich helfen könnt.

So jetzt zu meinem Problem. Wenn ich mich auf meinen Online-Banking Account der Sparkasse einloggen möchte geht ein Fenster auf wo mir gesagt wird das mehrfach der falsch Pin eingegeben wurde und der Account gespert ist. Nun soll ich 20 Tan´s in eine Liste eingeben um den Account wieder frei zu schalten. Hab ich natürlich nich gemacht.

Ich hab hier im Forum zwar einen Beitrag gefunden mit der selben Problematik, aber derjenige wurde aufgefordert Log Files zu poste das ihm geholfen wird. Ich hoffe es ist OK das ich einen neuen Beitrag eröffnet habe.

Was ich bis jetzt unternommen habe ist folgendes. Wie verlangt habe die Programme CCleaner, Malwarebytes-Anti-Malware, RSIT - Randoms System Information Tool ausgeführt.
Und ich habe einen Versuch unternommen die MBR zu fixen wo ich mir aber nicht sicher bin ob ich da Erfolg hatte.

Nun bin ich mir abzulut unsicher wie ich weiter vorgehen sollte. Ich hoffe ihr könnt mir helfen.
Hier sind alle Log´s, kommt einiges zusammen.

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2720
Windows 5.1.2600 Service Pack 3

31.08.2009 23:31:30
mbam-log-2009-08-31 (23-31-30).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 479270
Laufzeit: 1 hour(s), 20 minute(s), 23 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 8
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ipwins (Trojan.Rond) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e0620241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\IpWindows (Trojan.Rond) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\DAEMON Tools Pro\Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Everest Poker\var\Everest Casino.exe (Rogue.AdorableCasino) -> Quarantined and deleted successfully.
C:\Programme\IpWindows\ipwins.dll (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Programme\IpWindows\Uninst.exe (Trojan.Rond) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\TobiasB\Anwendungsdaten\Macromedia\Common\9e0620241.dll (Hijack.Sound) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.

Mozart · 31.08.2009, 23:35

info.txt logfile of random's system information tool 1.06 2009-08-31 23:40:48

======Uninstall list======

-->"C:\Programme\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"F:\Programme\utorent\uninstall.exe"
18 Wheels of Steel: American Long Haul -->D:\Spiele\18wos\18 Wheels of Steel American Long Haul\uninst.exe
3D-Pinball-->D:\Spiele\3D-PIN~1\UNWISE.EXE D:\Spiele\3D-PIN~1\INSTALL.LOG
AAVUpdateManager-->MsiExec.exe /X{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}
ABIT uGuru-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\Setup.exe" -l0x9
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70000000000}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Aerosoft's - F-16 Fighting Falcon-->C:\Programme\InstallShield Installation Information\{A663BED9-978C-4A04-82A3-3029245055BE}\setup.exe -runfromtemp -l0x0007 -removeonly
Aerosoft's - German Airfields 1-->C:\Programme\InstallShield Installation Information\{61C63F60-152B-4D28-B357-6DB81837FA9B}\setup.exe -runfromtemp -l0x0007 -uninst -removeonly
aerosoft's - Madeira X-->C:\Programme\InstallShield Installation Information\{17440258-DB48-49DE-8391-79900477490C}\setup.exe -runfromtemp -l0x0007 -removeonly
Aerosoft's - PBY Catalina X-->C:\Programme\InstallShield Installation Information\{00606438-902C-4280-84DD-E665911DFBE1}\setup.exe -runfromtemp -l0x0007 -removeonly
Aerosoft's - Piper Cheyenne FSX-->C:\Programme\InstallShield Installation Information\{B7429839-9FAE-448E-8413-4888DCFE064F}\setup.exe -runfromtemp -l0x0007 -uninst -removeonly
aerosoft's - Tahiti X-->C:\Programme\InstallShield Installation Information\{4C7F54EE-DC36-431F-9978-DA678D77C4BA}\setup.exe -runfromtemp -l0x0007 -removeonly
Aerosoft's - VFR Germany 2-->C:\Programme\InstallShield Installation Information\{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}\setup.exe -runfromtemp -l0x0007 -uninst -removeonly
Airbus Collection Long Haul (FSX)-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{59CCB343-BD1D-41E9-8617-CB8E6E4E3881}\Airbus Collection Long Haul.exe" REMOVE=TRUE MODIFY=FALSE
Airbus Collection Long Haul (FSX)-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{59CCB343-BD1D-41E9-8617-CB8E6E4E3881}\Airbus Collection Long Haul.exe
ANNO 1404-->"C:\Programme\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\Setup.exe" -runfromtemp -l0x0007 -removeonly
AnyDVD-->"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Baphomets Fluch - Der Engel des Todes-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F41C11EC-7C13-47A7-A07C-251D96EC3879}\setup.exe" -l0x7 -removeonly
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7 -removeonly
Call of Duty(R) - World at War(TM)-->C:\Programme\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Juarez - Bound in Blood-->C:\Programme\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\Setup.exe -runfromtemp -l0x0407
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
Condor: The Competition Soaring Simulator 1.1.2-->D:\Spiele\condor-\Condor\uninst.exe
Coral Clock 3D Screensaver 1.0-->"C:\Programme\Coral Clock 3D Screensaver\unins000.exe"
Crashday-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}\SETUP.EXE" -l0x7 -removeonly
Crayon Physics Deluxe - release 51-->"D:\Spiele\Crayon Physics Deluxe\unins000.exe"
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7 /remove
Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove
Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7 /remove
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove
Crysis WARHEAD(R)-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD(R)-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA downloader-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1D171963-9063-4423-898B-8EC4F1F190B7} /l1031
Earth 3D Screensaver 1.0-->"C:\Programme\Earth 3D Screensaver\unins000.exe"
ElsterFormular 2006/2007-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}\setup.exe" -l0x7 -removeonly
ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7 -removeonly
Euro Truck Simulator 1.00-->D:\Spiele\truck\Euro Truck Simulator\uninst.exe
Everest Casino (Remove Only)-->C:\Programme\Everest Casino\cstart.exe /uninstall
Everest Poker (Remove Only)-->C:\Programme\Everest Poker\cstart.exe /uninstall
EVEREST Ultimate Edition v2.01-->"C:\Programme\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fallout 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x7 -removeonly
Fireplace 3D Screensaver 1.0-->"C:\Programme\Fireplace 3D Screensaver\unins000.exe"
FlusiFix-2006-->C:\Programme\FlusiFix-2006\uninstall.exe
FOX Video Studio 8.0.8.24-->"D:\Programme\FOX Video Studio\unins000.exe"
Fraps (remove only)-->"F:\Programme\fraps\uninstall.exe"
Free Download Manager 2.5-->"D:\Programme\Free Download Manager\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
GameShadow-->MsiExec.exe /I{D98C9637-93DA-44DB-B73A-B11A1192AB26}
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Talk (remove only)-->"C:\Programme\Google\Google Talk\uninstall.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Gothic III-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
Grand Theft Auto IV-->"C:\Programme\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
GTR 2 1.0.0.0-->"F:\Spiele\GTR2\Support\unins000.exe"
GTR Evolution-->"D:\Spiele\gtr evolution\Uninstall\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB931756)-->"C:\WINDOWS\$NtUninstallKB931756$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ICARUSGOLD PITTS S-2B-->C:\Programme\Microsoft Games\Microsoft Flight Simulator X\ICARUSGOLD PITTS S-2B.exe
IL-2 Sturmovik 1946-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1031
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Lock On: Modern Air Combat-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}\setup.exe" -l0x7
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}\setup.exe" -l0x7 -removeonly
LucasArts Star Wars: Episode I Racer-->C:\WINDOWS\unin0407.exe -fd:\spiele\podracer\DeIsL1.isu
Mailsoft's - Switzerland Professional X-->C:\Programme\InstallShield Installation Information\{C0E7FAD8-F8AE-4819-AEBF-D92562315EEE}\setup.exe -runfromtemp -l0x0007 -uninst -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Mechanical Clock 3D Screensaver 1.0-->"C:\Programme\Mechanical Clock 3D Screensaver\unins000.exe"
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X - Fotoszenerie-Anzeigeupdate-->MsiExec.exe /I{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}
Microsoft Flight Simulator X: Acceleration-->C:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimUninstall.log" /uninstall {A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Flight Simulator X-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Monopoly Deluxe-->"D:\Spiele\monopoly\Monopoly Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Mozilla Firefox (3.5.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser und SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nature 3D Screensaver 1.1-->"C:\Programme\Nature 3D Screensaver\unins000.exe"
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
NoLimits Coasters 1.7 (remove only)-->"D:\Spiele\rollerc\NoLimits Coasters v1.6\uninstall.EXE"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1031
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}

Mozart · 31.08.2009, 23:37

Pacman EX2-->MsiExec.exe /X{00B03FAC-7ADC-42E4-ABD9-49748332BADE}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PhoenixRC Demo-->MsiExec.exe /X{BBEC6005-0B93-440D-BABD-0DC1F91407F9}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PMDG 747-400/400F for FSX-->C:\Programme\InstallShield Installation Information\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}\setup.exe -runfromtemp -l0x0009 -removeonly
Poker-Spy-->MsiExec.exe /X{E40A3D79-D389-4DBA-8A94-204A12D3844F}
PokerStars-->"C:\Programme\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerTracker 3 (remove only)-->"D:\Programme\PokerTracker 3\uninstall.exe"
Porrasturvat - Stair Dismount-->C:\Programme\Porrasturvat - Stair Dismount\uninstall.exe
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealFlight G4 R/C Simulator-->C:\Programme\Gemeinsame Dateien\KnifeEdge\LauncherHelperG4.exe -task=UninstallProduct -productname="RealFlight G4"
REFLEX Modellflugsimulator-->MsiExec.exe /X{ED05E9DF-45D8-4FA3-86C6-A3704FA21B37}
RivaTuner v2.23-->"C:\Programme\RivaTuner v2.23\uninstall.exe"
Rockstar Games Social Club-->"C:\Programme\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
RouterControl 1.91-->C:\WINDOWS\RCoUn.EXE /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"
SAAB 91 Safir X-->"C:\Programme\Microsoft Games\Microsoft Flight Simulator X\unins000.exe"
Scribus 1.3.3.13-->C:\Programme\Scribus 1.3.3.13\uninst.exe
ScummVM 0.9.1-->"C:\Programme\ScummVM\unins000.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SideWinder Force Feedback Wheel (USB)-->C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninst.isu" -c"C:\Programme\Microsoft Hardware\Game Controllers\Force Feedback Wheel (USB)\Uninstall.dll"
Simplyzip (remove only)-->C:\Programme\Simplyzip\Uninst.exe
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7 /remove
Steuer-Spar-Erklärung 2009-->MsiExec.exe /X{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}
STK02H 2.0-->C:\Programme\InstallShield Installation Information\{DA48EC21-CC7C-4808-A6B9-2BE06044D2FA}\setup.exe -runfromtemp -l0x0007 -removeonly
STK02N 2.0-->C:\Programme\InstallShield Installation Information\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}\setup.exe -runfromtemp -l0x0007 -removeonly
Super Bubble Blob-->C:\The Games Page\Super Bubble Blob\Uninstal.exe
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
The Lost Watch 3D Screensaver 1.0-->"C:\Programme\The Lost Watch 3D Screensaver\unins000.exe"
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker[1].exe" /uninstall
TomTom HOME 2.6.2.1586-->D:\Programme\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Truck Dismount (remove only)-->"C:\Programme\Truck Dismount\uninst.exe"
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Update für Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VLC media player 0.9.6-->C:\Programme\VideoLAN\VLC\uninstall.exe
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall
Wuala-->D:\Daten\wula\uninstall.exe
XP Codec Pack-->C:\Programme\XP Codec Pack\Uninstall.exe

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

======System event log======

Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "lirsgt" gesendet.

Record Number: 1439
Source Name: Service Control Manager
Time Written: 20090627142958.000000+120
Event Type: Informationen
User: ***

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Installer" befindet sich jetzt im Status "Ausgeführt".

Record Number: 1438
Source Name: Service Control Manager
Time Written: 20090627142721.000000+120
Event Type: Informationen
User:

Computer Name: ***
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Windows Installer" gesendet.

Record Number: 1437
Source Name: Service Control Manager
Time Written: 20090627142721.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 8003
Message: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "***",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{C96C212B-DDCE-46B5-9-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Record Number: 1436
Source Name: MRxSmb
Time Written: 20090627124015.000000+120
Event Type: Fehler
User:

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows-Bilderfassung (WIA)" befindet sich jetzt im Status "Ausgeführt".

Record Number: 1435
Source Name: Service Control Manager
Time Written: 20090627123037.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: ***
Event Code: 7
Message: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer wurde erfolgreich durchgeführt von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Record Number: 1002
Source Name: crypt32
Time Written: 20080512022229.000000+120
Event Type: Informationen
User:

Computer Name: ***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1001
Source Name: SecurityCenter
Time Written: 20080510033033.000000+120
Event Type: Informationen
User:

Computer Name: ***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 1000
Source Name: SecurityCenter
Time Written: 20080509195123.000000+120
Event Type: Informationen
User:

Computer Name: ***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 999
Source Name: SecurityCenter
Time Written: 20080507204643.000000+120
Event Type: Informationen
User:

Computer Name: ***
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 998
Source Name: SecurityCenter
Time Written: 20080507193906.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\QuickTime\QTSystem\;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RGSCLauncher"=D:\Spiele\gta\Rockstar Games Social Club
"RGSC"=D:\Spiele\gta\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------

Mozart · 31.08.2009, 23:39

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2009-08-31 23:40:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (21%) free of 71 GB
Total RAM: 3327 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:45, on 31.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\ABIT\uGuru\uGuru.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\STK02H\STK02HM.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\FREEDO~1\fdm.exe
C:\Dokumente und Einstellungen\TobiasB\Desktop\RSIT.exe
C:\Programme\trend micro\TobiasB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Programme\ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RGSC] D:\Spiele\gta\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\TobiasB\Anwendungsdaten\Macromedia\Common\9e06202419.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-776561741-179605362-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: STK02H 2.0 PNP Monitor.lnk = ?
O4 - Global Startup: STK02N 2.0 PNP Monitor.lnk = ?
O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Datei mit FDM herunterladen - file://D:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161266784387
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programme\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate1c9ad48cd5ecd04) (gupdate1c9ad48cd5ecd04) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Programme\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 11284 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-05-25 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - D:\Programme\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-08-28 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Programme\free-downloads.net\tbfree.dll [2008-02-14 1555480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Programme\free-downloads.net\tbfree.dll [2008-02-14 1555480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SideWinderTrayV4"=C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe [1999-11-18 24650]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-03 13680640]
"nwiz"=nwiz.exe /install []
"RouterControl"=C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE [2008-04-14 3179520]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-02-20 19456]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2008-02-20 19968]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-02-16 282624]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-03 86016]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"AVP"=C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-05-25 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TuneUp MemOptimizer"=C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe [2006-10-02 305152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]
""= []
"ABIT uGuruIII"=C:\Programme\ABIT\uGuru\uGuru.exe [2006-10-24 417792]
"AnyDVD"=C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2008-10-31 2259904]
"RGSC"=D:\Spiele\gta\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-13 306088]
"TomTomHOME.exe"=D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
"DAEMON Tools Pro Agent"=C:\Programme\DAEMON Tools Pro\DTProAgent.exe [2008-01-15 277960]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"WAB"=C:\Dokumente und Einstellungen\TobiasB\Anwendungsdaten\Macromedia\Common\9e06202419.exe [2009-08-31 3584]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
STK02H 2.0 PNP Monitor.lnk - C:\WINDOWS\STK02H\STK02HM.exe
STK02N 2.0 PNP Monitor.lnk - C:\WINDOWS\STK02N\STK02NM.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Programme\Anno 1701\Anno1701.exe"="C:\Programme\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701"
"C:\Programme\Steam\steamapps\kartman36\counter-strike source\hl2.exe"="C:\Programme\Steam\steamapps\kartman36\counter-strike source\hl2.exe:*:Enabled:hl2"

Mozart · 31.08.2009, 23:40

"C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Programme\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"="C:\Programme\Microsoft Games\Microsoft Flight Simulator X\fsx.exe:*:Enabled:Microsoft Flight Simulator®"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"F:\Spiele\BF2\BF2.exe"="F:\Spiele\BF2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Programme\Steam\steamapps\kartman36\race\Race_Steam.exe"="C:\Programme\Steam\steamapps\kartman36\race\Race_Steam.exe:*:Enabled:Race"
"F:\Programme\utorent\utorrent.exe"="F:\Programme\utorent\utorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Steam\steamapps\kartman36\day of defeat source\hl2.exe"="C:\Programme\Steam\steamapps\kartman36\day of defeat source\hl2.exe:*:Enabled:hl2"
"F:\Demo\bsp\Battlestationsmidway.exe"="F:\Demo\bsp\Battlestationsmidway.exe:*:Enabled:Battlestationsmidway"
"C:\Programme\Steam\steamapps\kartman36\source sdk base\hl2.exe"="C:\Programme\Steam\steamapps\kartman36\source sdk base\hl2.exe:*

isabled:hl2"
"C:\Programme\Google\Google Talk\googletalk.exe"="C:\Programme\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Windows Media(TM) Audio (wma)"
"F:\Spiele\test drive\TestDriveUnlimited.exe"="F:\Spiele\test drive\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Programme\Condor\Condor.exe"="C:\Programme\Condor\Condor.exe:*:Enabled:Condor"
"C:\Programme\Condor\CondorDedicated.exe"="C:\Programme\Condor\CondorDedicated.exe:*:Enabled:CondorDedicated"
"D:\Spiele\condor-\Condor\Condor.exe"="D:\Spiele\condor-\Condor\Condor.exe:*:Enabled:Condor"
"D:\Spiele\condor-\Condor\CondorDedicated.exe"="D:\Spiele\condor-\Condor\CondorDedicated.exe:*:Enabled:CondorDedicated"
"D:\Daten\wula\Wuala.exe"="D:\Daten\wula\Wuala.exe:*:Enabled:Wuala"
"C:\Programme\Java\jre1.6.0_01\launch4j-tmp\JD-WinLauncher.exe"="C:\Programme\Java\jre1.6.0_01\launch4j-tmp\JD-WinLauncher.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Programme\Java\jre1.6.0_01\launch4j-tmp\JDownloader.exe"="C:\Programme\Java\jre1.6.0_01\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Spiele\condor-\Condor\CondorServer.exe"="D:\Spiele\condor-\Condor\CondorServer.exe:*:Enabled:CondorServer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\VentSrv\ventrilo_srv.exe"="C:\Programme\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"D:\Spiele\Brothers in Arms - Hell's Highway\Binaries\biahh.exe"="D:\Spiele\Brothers in Arms - Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Spiele\cofd5\CoDWaWmp.exe"="D:\Spiele\cofd5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\Spiele\cofd5\CoDWaW.exe"="D:\Spiele\cofd5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\Spiele\gta\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Spiele\gta\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Spiele\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"D:\Spiele\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="D:\Spiele\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"D:\Spiele\edge\Binaries\MirrorsEdge.exe"="D:\Spiele\edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"D:\Spiele\battlefield 2\BF2.exe"="D:\Spiele\battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"D:\Spiele\tdu\TestDriveUnlimited.exe"="D:\Spiele\tdu\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"D:\Spiele\western\CoJBiBGame_x86.exe"="D:\Spiele\western\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood"
"D:\Spiele\anno\Anno4.exe"="D:\Spiele\anno\Anno4.exe:*:Enabled:ANNO 1404"
"D:\Spiele\anno\tools\Anno4Web.exe"="D:\Spiele\anno\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da333ec-e2fd-11dd-ad7c-00508d9c45b2}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5808842f-ffff-11dc-8430-806d6172696f}]
shell\AutoRun\command - D:\Autorun.exe root.ini

======List of files/folders created in the last 1 months======

2009-08-31 23:40:39 ----D---- C:\rsit
2009-08-31 23:40:39 ----D---- C:\Programme\trend micro
2009-08-31 12:22:25 ----D---- C:\Dokumente und Einstellungen\TobiasB\Anwendungsdaten\Malwarebytes
2009-08-31 12:22:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-31 12:22:16 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-08-31 12:14:15 ----D---- C:\Programme\CCleaner
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-08-30 22:18:35 ----N---- C:\WINDOWS\system32\px.dll
2009-08-30 22:18:17 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2009-08-30 22:18:17 ----D---- C:\Programme\DivX
2009-08-30 18:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-30 01:47:34 ----A---- C:\WINDOWS\unin0407.exe
2009-08-29 13:31:55 ----A---- C:\fix.bat
2009-08-29 13:24:36 ----A---- C:\mbr.exe
2009-08-28 18:16:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2009-08-27 15:27:11 ----A---- C:\WINDOWS\rasqervy.dll
2009-08-27 15:27:10 ----A---- C:\WINDOWS\sdfinacs.dll
2009-08-27 15:27:08 ----A---- C:\WINDOWS\sdfixwcs.dll
2009-08-26 22:59:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-23 13:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-22 22:27:31 ----A---- C:\boot.ini.backup
2009-08-22 13:02:43 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-20 22:16:39 ----D---- C:\Programme\Scribus 1.3.3.13
2009-08-13 13:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 13:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 13:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 13:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 13:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 13:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 13:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 13:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 13:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-03 13:07:32 ----D---- C:\WINDOWS\ie8updates
2009-08-03 13:06:47 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-08-31 23:40:39 ----RD---- C:\Programme
2009-08-31 23:40:39 ----D---- C:\WINDOWS\Temp
2009-08-31 23:36:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-08-31 23:36:50 ----A---- C:\WINDOWS\ModemLog_Kommunikationskabel zwischen zwei Computern.txt
2009-08-31 23:36:40 ----AD---- C:\WINDOWS
2009-08-31 23:35:34 ----D---- C:\WINDOWS\system32
2009-08-31 23:35:13 ----D---- C:\WINDOWS\system32\drivers
2009-08-31 23:34:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-31 23:34:24 ----D---- C:\Dokumente und Einstellungen\TobiasB\Anwendungsdaten\Free Download Manager
2009-08-31 23:34:22 ----D---- C:\WINDOWS\Prefetch
2009-08-31 12:17:40 ----D---- C:\WINDOWS\Debug
2009-08-31 12:17:39 ----D---- C:\WINDOWS\Minidump
2009-08-30 22:18:20 ----SHD---- C:\WINDOWS\Installer
2009-08-30 22:18:17 ----D---- C:\Programme\Gemeinsame Dateien
2009-08-30 18:47:19 ----HD---- C:\WINDOWS\inf
2009-08-30 18:47:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-29 17:11:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-28 20:03:12 ----D---- C:\windows downloads
2009-08-28 20:01:39 ----D---- C:\Programme\Gemeinsame Dateien\{A82466EA-0893-1031-0422-040310230031}
2009-08-28 20:01:34 ----D---- C:\Programme\Gemeinsame Dateien\{A82466EA-0892-1031-0422-040310230031}
2009-08-28 19:37:51 ----D---- C:\Programme\Smart MX ToolBox v1.1!
2009-08-28 18:41:46 ----D---- C:\Programme\mIRC
2009-08-28 18:21:09 ----D---- C:\Programme\Kaspersky Lab
2009-08-28 18:18:30 ----SD---- C:\WINDOWS\Tasks
2009-08-28 17:58:42 ----RSD---- C:\WINDOWS\Fonts
2009-08-28 17:58:39 ----D---- C:\WINDOWS\Help
2009-08-28 11:53:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-25 20:53:22 ----D---- C:\Programme\Everest Poker
2009-08-24 23:25:16 ----D---- C:\Dokumente und Einstellungen\TobiasB\Anwendungsdaten\Macromedia
2009-08-23 13:00:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-22 13:15:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-22 13:13:19 ----RSD---- C:\WINDOWS\assembly
2009-08-22 13:11:50 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-22 13:07:28 ----D---- C:\WINDOWS\WinSxS
2009-08-22 13:03:23 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-22 13:03:22 ----D---- C:\WINDOWS\system32\en-US
2009-08-21 00:09:53 ----D---- C:\WINDOWS\system32\DirectX
2009-08-21 00:01:57 ----HD---- C:\Programme\InstallShield Installation Information
2009-08-19 01:07:31 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-13 13:01:55 ----D---- C:\Programme\Outlook Express
2009-08-05 10:59:36 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 16:12:45 ----D---- C:\WINDOWS\network diagnostic
2009-08-03 13:09:06 ----D---- C:\WINDOWS\system32\de-de
2009-08-03 13:09:06 ----D---- C:\WINDOWS\Media
2009-08-03 13:09:06 ----D---- C:\Programme\Internet Explorer
2009-08-02 00:35:36 ----D---- C:\Programme\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-28 296976]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-08-07 110080]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 ACEDRV07;ACEDRV07; \??\C:\WINDOWS\system32\drivers\ACEDRV07.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-06-27 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-06-27 25888]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-10-23 99904]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2008-02-25 170520]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-02-25 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-02-25 524312]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2008-02-25 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2008-02-25 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-02-25 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-02-25 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-02-25 92696]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-03 6209536]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-08-07 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-08-07 18944]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-02-25 127000]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-02 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2006-06-06 11136]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2006-06-06 46208]
S1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 aiv3roaw;aiv3roaw; C:\WINDOWS\system32\drivers\aiv3roaw.sys []
S3 Bridge;MAC-Brücke; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC-Brückenminiport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2008-02-25 98328]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-02-25 346856]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 DCamUSBSTK02N;Standard Camera; C:\WINDOWS\system32\DRIVERS\STK02NW2.sys [2007-03-12 101520]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filtertreiber; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-02-25 797720]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-02-25 162840]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-02-25 189464]
S3 HIDSwvd;Microsoft SideWinder-Minitreiber für virtuelles HID-Gerät; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 mbr;mbr; \??\C:\DOKUME~1\TobiasB\LOKALE~1\Temp\mbr.sys []
S3 Memctl;Memctl; \??\C:\Programme\ABIT\FlashMenu\Memctl.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RivaTuner32;RivaTuner32; \??\C:\Programme\RivaTuner v2.23\RivaTuner32.sys []
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWUSBFLT;Microsoft SideWinder VIA-Filtertreiber; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Winflash;WINFLASH; \??\C:\Programme\ABIT\FlashMenu\WinFlash.sys []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2006-06-06 21632]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2006-06-06 20864]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2006-06-06 6400]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AAV UpdateService;AAV UpdateService; C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R2 AVP;Kaspersky Internet Security; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-05-25 303376]
R2 CTAudSvcService;Creative Audio Service; C:\Programme\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-08 172032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 nSvcIp;ForceWare IP service; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-08 172090]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-03 163908]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-28 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-04-29 189472]
R2 TomTomHOMEService;TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 gupdate1c9ad48cd5ecd04;Google Update Service (gupdate1c9ad48cd5ecd04); C:\Programme\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-24 72704]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Mozart · 31.08.2009, 23:47

Wiso ist eigentlich mein Erster Post ganz unten?

Mozart · 04.09.2009, 00:49

Na super hier wird eimem ja wirklich toll geholfen, seit drei Tagen keine Antwort.

Ich bin echt ein Neuling was forumaktivitäten angeht. Kann mir bitte jemand sagen was ich falsch mache?

MfG
MO

WinstonWolf · 04.09.2009, 05:25

Hallo,

Zitat:

Infizierte Dateien:
C:\Programme\DAEMON Tools Pro\Patch.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Dieser Fund deutet daraufhin,das du illegale Software benutzt.Es ist Boardpolitik,das bei einer solchen Infektion keine Hilfestellung gegeben wird.

Fast alles was du dir über Torrents ziehst,ist nicht das was es vorgiebt zu sein (wie du ja an dem Fund siehst).

Über die Boardsuche kannst du mal nach Crack/Patch suchen,das wird einiges erklären.

In diesem Sinne

WW

handball10 · 04.09.2009, 19:19

Hi Mozart und

Code:

ATTFilter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\***\ANWEND~1\MACROM~1\Common\9e062024 1.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Code:

ATTFilter

O4 - HKCU\..\Run: [WAB] C:\Dokumente und Einstellungen\TobiasB\Anwendungsdaten\Macromedia\C ommon\9e06202419.exe

Du hast die Silentbanker eingefangen!
Silent Banker: Online-Bankraub in aller Stille - PC-WELT

Für dich geht es hier weiter:
http://www.trojaner-board.de/51262-a...sicherung.html

Jedoch bevor du mit der Neuinstallation beginnst, führe bitte folgendes Programm aus:

Zitat:

Master Boot Record überprüfen:

Lade dir die mbr.exe von GMER auf den Desktop und führe die Datei aus.

Sollte ein MBR Rootkit gefunden worde sein, das wird im log durch den Ausdruck

Zitat:

MBR rootkit code detected !

indiziert, musst du eine Bereinigung vornehmen.

Downloade dir dafür die mbr.bat.txt von BataAlexander und speichere sie neben der mbr.exe auf dem Desktop.
Ändere die Endung der mbr.txt.bat in mbr.bat Eine vernünftige Ordneransicht ist dafür nötig.
Dann führe die mbr.bat. durch einen Doppelklick aus.
Dabei muss sich die mbr.exe von GMER ebenfalls auf dem Desktop befinden!

Der MBR wird bereinigt und es erscheint ein log. Dieses log solltest du hier posten!

Viel Erfolg

Gruß
Handball10

20 Tan Trojaner eingefangen

Log-Analyse und Auswertung: 20 Tan Trojaner eingefangen