|
Plagegeister aller Art und deren Bekämpfung: win32.tdss.rtkWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.04.2010, 13:32 | #1 |
| win32.tdss.rtk Hallo hallo, Spybot findet immerwieder den Trojaner win32.tdss.rtk. Zudem gab's ein paar Probleme mit Mozilla, der hängenbleibt und ich dann meinen Rechner nicht mehr runterfahren konnte. Affengriff (str+alt+entf) ging ebenfalls nicht. Da dies erst seitdem ich win32.tdss.rtk entdeckt habe auftritt, schreib ich's mal dazu. Hier sind die Logs: Malwarebytes' Anti-Malware 1.45 wxxw.malwarebytes.org Datenbank Version: 4036 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 26.04.2010 14:05:56 mbam-log-2010-04-26 (14-05-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 103965 Laufzeit: 2 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 5 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system\svchost.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (userinit.exe,C:\WINDOWS\system\svchost.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully. _______________________________________________________________ Logfile of random's system information tool 1.06 (written by random/random) Run by Fernando Poo at 2010-04-26 14:16:05 Microsoft Windows XP Professional Service Pack 2 System drive C: has 23 GB (18%) free of 128 GB Total RAM: 2815 MB (82% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:16:11, on 26.04.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WTouch\WTouchService.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\Explorer.EXE C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Programme\WTouch\WTouchUser.exe C:\Programme\SyncroSoft\Pos\H2O\cledx.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe C:\Programme\Googlemail Notifier\gnotify.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Dokumente und Einstellungen\Fernando Poo\Desktop\RSIT.exe C:\Programme\trend micro\Fernando Poo.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about.blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about.blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about.blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe O4 - Startup: gnotify.lnk = C:\Programme\Googlemail Notifier\gnotify.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Programme\WTouch\WTouchService.exe -- End of file - 4031 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "H2O"=C:\Programme\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] "nwiz"=nwiz.exe /install [] "DivXUpdate"=C:\Programme\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-27 788880] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service] C:\Programme\Replay Media Catcher\FLVSrvc.exe [2009-09-22 156672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Programme\D-Tools\daemon.exe [2004-08-22 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] C:\WINDOWS\Dit.exe [2004-07-20 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2007-01-25 154112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\QTTask.exe [2009-01-05 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952] C:\Dokumente und Einstellungen\Fernando Poo\Startmenü\Programme\Autostart Dropbox.lnk - C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe gnotify.lnk - C:\Programme\Googlemail Notifier\gnotify.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMHelp"=01000000 "NoLogoff"=0 "NoActiveDesktop"=01000000 "NoSMMyDocs"=01000000 "StartMenuLogOff"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{674c33ca-a2d9-11de-8ac2-000c76710209}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FRECHBUBU.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8715acb0-7792-11de-8a87-000c76710209}] shell\AutoRun\command - N:\MI.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4ffac94-0860-11df-8b79-000c76710209}] shell\AutoRun\command - ·Ë shell\explore\command - K:\RECYCLER\INFO.exe shell\open\command - K:\RECYCLER\INFO.exe ======List of files/folders created in the last 1 months====== 2010-04-26 14:16:06 ----D---- C:\Programme\trend micro 2010-04-26 14:16:05 ----D---- C:\rsit 2010-04-26 13:58:10 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Malwarebytes 2010-04-26 13:58:02 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-26 13:58:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-04-26 13:51:29 ----D---- C:\Programme\CCleaner 2010-04-24 22:01:50 ----A---- C:\WINDOWS\system32\TURegOpt.exe 2010-04-24 22:01:49 ----A---- C:\WINDOWS\system32\uxtuneup.dll 2010-04-24 22:01:33 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\TuneUp Software 2010-04-24 22:01:19 ----D---- C:\Programme\TuneUp Utilities 2010 2010-04-24 22:00:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software 2010-04-24 22:00:32 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-04-22 04:26:21 ----D---- C:\Programme\Wbcm and Screen Recorder 2010-04-22 03:59:44 ----D---- C:\Programme\Zeallsoft 2010-04-21 21:31:50 ----D---- C:\videooutput 2010-04-21 21:31:47 ----D---- C:\Programme\FLV to AVI MPEG WMV Converter 2010-04-21 21:31:47 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2010-04-21 21:31:47 ----A---- C:\WINDOWS\system32\xvidcore.dll 2010-04-21 21:31:47 ----A---- C:\WINDOWS\system32\NCMedia2.dll 2010-04-21 21:27:43 ----D---- C:\Programme\Webcam Simulator 2010-04-21 21:27:43 ----D---- C:\Programme\Gemeinsame Dateien\wcs 2010-04-18 01:22:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX ======List of files/folders modified in the last 1 months====== 2010-04-26 14:16:06 ----D---- C:\Programme 2010-04-26 14:13:51 ----D---- C:\WINDOWS\Prefetch 2010-04-26 14:09:41 ----SD---- C:\WINDOWS\Tasks 2010-04-26 14:09:07 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox 2010-04-26 14:08:59 ----D---- C:\WINDOWS\Temp 2010-04-26 14:08:58 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\WTablet 2010-04-26 14:08:52 ----D---- C:\WINDOWS 2010-04-26 14:07:37 ----D---- C:\WINDOWS\system32\drivers 2010-04-26 14:07:37 ----D---- C:\WINDOWS\pchealth 2010-04-26 14:06:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-04-26 14:05:56 ----D---- C:\WINDOWS\system 2010-04-26 13:54:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-04-26 13:54:00 ----D---- C:\WINDOWS\Minidump 2010-04-26 13:54:00 ----D---- C:\WINDOWS\Debug 2010-04-26 02:56:59 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\uTorrent 2010-04-26 02:21:58 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\vlc 2010-04-24 22:11:57 ----D---- C:\WINDOWS\AppPatch 2010-04-24 22:01:53 ----SHD---- C:\WINDOWS\Installer 2010-04-24 22:01:51 ----D---- C:\WINDOWS\system32\config 2010-04-24 22:01:50 ----D---- C:\WINDOWS\system32 2010-04-23 18:34:55 ----D---- C:\WINDOWS\system32\CatRoot2 2010-04-22 04:57:16 ----D---- C:\Programme\Replay Media Catcher 2010-04-22 04:51:16 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll 2010-04-22 04:51:16 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe 2010-04-21 21:27:43 ----D---- C:\Programme\Gemeinsame Dateien 2010-04-21 15:26:58 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Skype 2010-04-21 15:23:36 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\skypePM 2010-04-18 02:21:12 ----D---- C:\Programme\DivX 2010-04-18 02:20:37 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared 2010-04-16 15:11:28 ----D---- C:\Programme\Mozilla Firefox 2010-03-28 15:11:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 DELTA;Service for Delta Driver (WDM); C:\WINDOWS\system32\DRIVERS\delta.sys [2007-01-25 302336] R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-10-27 43008] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312] R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2009-05-20 13736] R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440] S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [] S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS [] S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 21888] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 15656] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328] R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208] R2 NIHardwareService;NIHardwareService; C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2009-09-08 4410152] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 WTouchService;WTouch Service; C:\Programme\WTouch\WTouchService.exe [2009-09-08 112936] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-25 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-04-24 435016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- ________________________________________________________________ info.txt logfile of random's system information tool 1.06 2010-04-26 14:16:13 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -f\"C:\Programme\Final Fantasy VII\Uninst.isu" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe" ACDSee Photo Manager 2009-->MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463} Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02} Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D} Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A} Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C} Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5} Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67} Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD} Adobe Photoshop CS4-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494} Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623} Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA} Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7} Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF} Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739} AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} Amazing Slow Downer (remove only)-->"C:\Programme\Amazing Slow Downer\uninstall.exe" AmpegSVX-->C:\Programme\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly AmpliTube Jimi Hendrix-->C:\Programme\InstallShield Installation Information\{66BA35B0-1911-47EF-B170-1DCFFDA362F1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly AmpliTube2-->C:\Programme\InstallShield Installation Information\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Applian Director-->"C:\WINDOWS\Applian Director\uninstall.exe" "/U:C:\Programme\Applian Director\Uninstall\uninstall_director.xml" Arturia Modular System v1.0-->C:\PROGRA~1\Arturia\MODULA~1\UNWISE.EXE C:\PROGRA~1\Arturia\MODULA~1\INSTALL.LOG Atmosphere-->C:\Programme\Spectrasonics\Atmosphere\unins000.exe Audio Damage DubStation VST v1.0.2.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\INSTALL.LOG Bass Audio Decoder (remove only)-->"C:\Programme\Bass Audio Decoder\uninstall.exe" BigTick Rhino v1.01-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\Rhino\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\Rhino\INSTALL.LOG CamStudio-->C:\Programme\CamStudio\uninstall.exe CCleaner-->"C:\Programme\CCleaner\uninst.exe" CD Audio Reader Filter (remove only)-->"C:\Programme\CD Audio Reader Filter\uninstall.exe" C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Color Efex Pro 3.0 Complete-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Color Efex Pro 3.0 Complete\uninstall.exe Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D} DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} Daphne 1.46-->C:\Programme\Daphne\uninst.exe DCoder Image Source (remove only)-->"C:\Programme\DCoder Image Source\uninstall.exe" DeepBurner v1.9.0.228-->"C:\Programme\DeepBurner\Uninstall.exe" "C:\Programme\DeepBurner\install.log" -u Delta-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe" -l0x9 -removeonly Deus Ex-->C:\Programme\DeusEx\System\Setup.exe uninstall "Deus Ex" Dfine 2.0-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Dfine 2.0\uninstall.exe DirectVobSub (remove only)-->"C:\Programme\DirectVobSub\uninstall.exe" Discord 2 VST plug-in-->C:\WINDOWS\Discord 2 VST plug-in Uninstaller.exe DivX Codec-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe /CODEC DivX Player-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS DivX-Setup-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com DScaler 5 Mpeg Decoders-->"C:\Programme\DScaler5\unins000.exe" DVD Shrink 3.2 deutsch (DeCSS-frei)-->"C:\Programme\DVD Shrink\unins000.exe" East West Stormdrum Kompakt-->C:\PROGRA~1\STORMD~1\UNWISE.EXE C:\PROGRA~1\STORMD~1\INSTALL.LOG Edirol SuperQuartet v1.5-->C:\PROGRA~1\Edirol\SUPERQ~1\UNWISE.EXE C:\PROGRA~1\Edirol\SUPERQ~1\INSTALL.LOG Exact Audio Copy 0.99pb5-->C:\Programme\Exact Audio Copy\uninst.exe FabFilter One 3.05-->C:\Programme\FabFilter\One\Uninst.exe FabFilter Pro-C VST RTAS v1.10-->"C:\Programme\FabFilter\unins000.exe" FabFilter Simplon VST RTAS v1.01-->"C:\Programme\Steinberg\Cubase SX 3\Vstplugins\FabFilter\Simplon\Uninstall\unins000.exe" FabFilter Timeless v1.00 VST-->C:\PROGRA~1\FABFIL~1\Timeless\UNWISE.EXE C:\PROGRA~1\FABFIL~1\Timeless\INSTALL.LOG FabFilter Volcano 2.00-->C:\Programme\FabFilter\Volcano 2\Uninst.exe Fallout-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\Fallout\uninst.log FileZilla Client 3.2.4.1-->C:\Programme\FileZilla FTP Client\uninstall.exe Final Fantasy VII - Ultima Edition-->"C:\Programme\Final Fantasy VII\unins000.exe" Focusrite Saffire Bundle VST v2.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\SAFFIR~1.0\UNINST~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\SAFFIR~1.0\UNINST~1\INSTALL.LOG Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\YouTube to Mp3\unins000.exe" Freez FLV to AVI/MPEG/WMV Converter-->"C:\Programme\FLV to AVI MPEG WMV Converter\unins000.exe" Futuremark SystemInfo-->"C:\Programme\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly Gabest MPEG Splitter (remove only)-->"C:\Programme\Gabest MPEG Splitter\uninstall.exe" Garritan Jazz Big Band-->C:\PROGRA~1\GARRIT~1\UNWISE.EXE C:\PROGRA~1\GARRIT~1\INSTALL.LOG Generic USB CardReader 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst Guitar Pro 5.2-->"C:\Programme\Guitar Pro 5\unins000.exe" High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall ILLUSION Sexy???3~????????DISC~-->MsiExec.exe /X{F5DCB11C-8F09-4C71-B952-B96DBB4E6584} ILLUSION Sexy???3-->MsiExec.exe /X{6E7F60B4-F1E9-473F-A6BA-1C1C73A63592} iZotope Alloy-->"C:\Programme\iZotope\Alloy\unins000.exe" iZotope Ozone 4-->"C:\Programme\iZotope\Ozone 4\unins000.exe" JPGVideo 1.05.0.0-->C:\Programme\JPGVideo\unins000.exe kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} Lexicon PSP42 1.4-->C:\PROGRA~1\PSP\LEXICO~1\UNWISE.EXE C:\PROGRA~1\PSP\LEXICO~1\INSTALL.LOG LightZone 3.8-->C:\Programme\LightZone 3\uninstall.exe Lounge Lizard EP-2 v2.0-->C:\PROGRA~1\LOUNGE~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\LOUNGE~1\UNINST~1\INSTALL.LOG LucasArts' Grim Fandango-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Grim\DeIsL1.isu" Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" M-Audio Series II MIDI-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly Melodyne 3.1-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Programme\MONOGRAM AMR SplitterDecoder\uninstall.exe" Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} N.I. Guitar Rig v2.0.2-->C:\Programme\Native Instruments\Guitar Rig 2\uninstall.exe Native Instruments B4 II-->C:\PROGRA~1\NATIVE~1\B4II~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\B4II~1\INSTALL.LOG Native Instruments Controller Editor-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe" REMOVE=TRUE MODIFY=FALSE Native Instruments Controller Editor-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~2\INSTALL.LOG Native Instruments Guitar Rig 4-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE Native Instruments Guitar Rig 4-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe Native Instruments Massive v1.0.1.008 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\Massive\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Massive\INSTALL.LOG Native Instruments Service Center-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe" REMOVE=TRUE MODIFY=FALSE Native Instruments Service Center-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG Nomad Factory Blue Tubes Bundle v2.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\BLUETU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\BLUETU~1\NOMADF~1\INSTALL.LOG Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\NOMADF~1\INSTALL.LOG NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall OpenAL-->"C:\Programme\OpenAL\OpenALwEAX.exe" /U OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740} OpenSource DTS/AC3/DD+ Source Filter (remove only)-->"C:\Programme\OpenSource DTSAC3DD+ Source Filter\uninstall.exe" OpenSource Flash Video Splitter (remove only)-->"C:\Programme\OpenSource Flash Video Splitter\uninstall.exe" PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} Photomatix Pro version 3.2-->"C:\Programme\PhotomatixPro3\unins000.exe" Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8} PSP 84 v1.0-->C:\PROGRA~1\PSP\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP\PSP84~1\INSTALL.LOG PSP EasyVerb 1.5.4-->"C:\Programme\PSP\PSP EasyVerb\uninstall.exe" "/U:C:\Programme\PSP\PSP EasyVerb\irunin.xml" PSP MasterQ 1.5.0-->"C:\Programme\PSP\PSP MasterQ 1.5.0\uninstall.exe" "/U:C:\Programme\PSP\PSP MasterQ 1.5.0\irunin.xml" PSP Nitro 1.1.0-->C:\WINDOWS\iun6002.exe "C:\Programme\PSP\PSP Nitro\irunin.ini" PSP PianoVerb 1.0-->C:\WINDOWS\iun506.exe C:\Programme\PSP\PianoVerb\irunin.ini PSP VintageWarmer 2.0.0-->"C:\Programme\PSP\PSP VintageWarmer 2.0.0\uninstall.exe" "/U:C:\Programme\PSP\PSP VintageWarmer 2.0.0\irunin.xml" PTLens-->MsiExec.exe /I{23773C74-EBEE-41FB-86ED-58B599A2B586} QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} RealMedia (remove only)-->"C:\Programme\RealMedia\uninstall.exe" Replay Converter 3-->"C:\WINDOWS\Replay Converter 3\uninstall.exe" "/U:C:\Programme\Applian Director\Replay Converter\Uninstall\ReplayConverrter3Uninstall.xml" Replay Media Catcher-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml" Requiem: Avenging Angel(TM)-->C:\WINDOWS\IsUninst.exe -fC:\Programme\3DO\Requiem\Uninst.isu Royale Remixed Theme-->MsiExec.exe /I{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE} Samsung_MonSetup-->C:\Programme\InstallShield Installation Information\{8EA79DBF-D637-448A-89D6-410A087A4493}\setup.exe -runfromtemp -l0x0009 -removeonly Sharpener Pro 3.0-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Sharpener Pro 3.0\uninstall.exe SHOUTcast Source (remove only)-->"C:\Programme\SHOUTcast Source\uninstall.exe" Silver Efex Pro-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Silver Efex Pro\uninstall.exe Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype·4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SpeedFan (remove only)-->"C:\Programme\SpeedFan\uninstall.exe" Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe" Steinberg Cubase SX 3-->"C:\Programme\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Programme\Steinberg\Cubase SX 3\install.log" Stifttablett-->C:\Programme\Tablet\Pen\Remove.exe /u Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434} SyncroSoft Emu (Remove only)-->C:\Programme\SyncroSoft\Pos\H2O\Uninst.exe Syncrosofts Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG Trespasser-->C:\Programme\DreamWorks Interactive\Trespasser\setup95.exe /uninstall Trilogy-->C:\Programme\Spectrasonics\Trilogy\unins000.exe TuneUp Utilities-->C:\Programme\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Vanguard Demo 1.03-->"C:\Programme\Steinberg\Cubase SX 3\Vstplugins\unins000.exe" VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Viveza-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Viveza\uninstall.exe VLC media player 1.0.5-->C:\Programme\VLC\uninstall.exe WaveLab 6-->"C:\Programme\Steinberg\WaveLab 6\Uninstall.exe" "C:\Programme\Steinberg\WaveLab 6\install.log" Waves API Collection-->C:\PROGRA~1\Waves\Logs\WAVESA~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESA~1\INSTALL.LOG Waves GTR 3-->C:\PROGRA~1\Waves\Logs\WAVESG~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESG~1\INSTALL.LOG Waves L3 LL-->C:\PROGRA~1\Waves\Logs\WAVESL~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESL~1\INSTALL.LOG Waves Mercury Bundle-->C:\PROGRA~1\Waves\Logs\WAVESM~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESM~1\INSTALL.LOG Waves SSL Collection v1.2-->C:\PROGRA~1\Waves\AIRLOG~1\WAVESS~1.2\UNWISE.EXE C:\PROGRA~1\Waves\AIRLOG~1\WAVESS~1.2\INSTALL.LOG Webcam and Screen Recorder 4.5.6-->"C:\Programme\Wbcm and Screen Recorder\unins000.exe" Webcam Simulator 6.3-->"C:\Programme\Webcam Simulator\unins000.exe" Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe Wizoo WizooVerb W2 VST RTAS v1.0-->C:\PROGRA~1\Wizoo\WIZOOV~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\Wizoo\WIZOOV~1\UNINST~1\INSTALL.LOG XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" Zeallsoft Super Webcam Recorder 4.0-->"C:\Programme\Zeallsoft\Super Webcam Recorder\unins000.exe" ======Hosts File====== 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com ======System event log====== Computer Name: HAGBARD Event Code: 7000 Message: Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet: Das System kann die angegebene Datei nicht finden. Record Number: 21313 Source Name: Service Control Manager Time Written: 20100419223248.000000+120 Event Type: Fehler User: Computer Name: HAGBARD Event Code: 51 Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\CdRom2. Record Number: 21312 Source Name: Cdrom Time Written: 20100419223234.000000+120 Event Type: Warnung User: Computer Name: HAGBARD Event Code: 4201 Message: Netzwerkadapter "VIA...Fast Ethernet Adapter - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das System wurde über das Netzwerk im normalen Zustand gestartet. Record Number: 21311 Source Name: Tcpip Time Written: 20100419223234.000000+120 Event Type: Informationen User: Computer Name: HAGBARD Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 21310 Source Name: EventLog Time Written: 20100419223221.000000+120 Event Type: Informationen User: Computer Name: HAGBARD Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free. Record Number: 21309 Source Name: EventLog Time Written: 20100419223221.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: HAGBARD Event Code: 11707 Message: Product: Microsoft AppLocale -- Installation completed successfully. Record Number: 2082 Source Name: MsiInstaller Time Written: 20091118020239.000000+060 Event Type: Informationen User: HAGBARD\Fernando Poo Computer Name: HAGBARD Event Code: 101 Message: wuauclt (3528) Das Datenbankmodul wurde beendet. Record Number: 2081 Source Name: ESENT Time Written: 20091117134930.000000+060 Event Type: Informationen User: Computer Name: HAGBARD Event Code: 103 Message: wuaueng.dll (3528) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet. Record Number: 2080 Source Name: ESENT Time Written: 20091117134930.000000+060 Event Type: Informationen User: Computer Name: HAGBARD Event Code: 102 Message: wuaueng.dll (3528) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0). Record Number: 2079 Source Name: ESENT Time Written: 20091117134429.000000+060 Event Type: Informationen User: Computer Name: HAGBARD Event Code: 100 Message: wuauclt (3528) Das Datenbankmodul 5.01.2600.2180 ist gestartet. Record Number: 2078 Source Name: ESENT Time Written: 20091117134429.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\Gemeinsame Dateien\iZotope\Runtimes "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0304 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Programme\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Programme\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Auf jeden Fall tat es schon mal gut CCleaner und die anderen Sachen laufen zu lassen. Ein sauberer Rechner ist schon was feines. Ich habe davor nur ab und an Spybot und Ad-Aware benutzt. Beide fanden meißt nur ein paar Cookies und so. TuneUp Utilitties habe ich vor ein paar Tagen (aber nach dem ich den Trojaner entdeckt habe) laufen lassen, das hat extrem viele Probleme gefunden und behoben. Der Rechner ist stark fragmentiert, das könnte vielleicht auch ein Grund sein, warum er sich manchmal aufhängt(?). Also also, was meint ihr Profis zu den Logs? Wie soll ich vorgehen? Besten Dank! Ihr habt mir schon mal geholfen. Atoll Geändert von Atoll (26.04.2010 um 13:37 Uhr) Grund: zwar inaktive Links, aber dennoch mit www. durch wxxw. ersezt |
26.04.2010, 13:50 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.tdss.rtk Hallo und
__________________bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
26.04.2010, 18:29 | #3 |
| win32.tdss.rtk Hab leider vor deiner Antwort noch mal mit Spybot den win32.tdss.rtk gelöscht, vielleicht bringt jetzt die Logdatei nicht ganz so viel...
__________________Malwarebytes' Anti-Malware 1.45 Malwarebytes Datenbank Version: 4036 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 26.04.2010 19:13:46 mbam-log-2010-04-26 (19-13-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|M:\|N:\|O:\|) Durchsuchte Objekte: 543540 Laufzeit: 1 Stunde(n), 41 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 22 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Spectrasonics.Omnisphere.v1.0\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Spectrasonics.Omnisphere.v1.0\Updates\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Programme\Lounge Lizard\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Audio Damage\dubuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Blue Tubes Bundle\Nomad Factory Blue Tubes Bundle Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Nomad Factory RAL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Saffire Bundle v2.0\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Programme\Edirol\Super Quartet Log\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Programme\PSP\Lexicon PSP42\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Programme\Wizoo\WizooVerb\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. O:\Auslagerung\2008 und früher\Gary.Garritan.Jazz.and.Big.Band\Keygen\Key Gen\KONTAKT.v2.02.KEYGEN.EXE (Malware.Packer.Gen) -> Quarantined and deleted successfully. O:\Auslagerung\2008 und früher\Native.Instruments.B4.II.v2.0.HYBRiD.ISO-DELiRiUM\B4_II_KEYGEN.EXE (Trojan.Agent.CK) -> Quarantined and deleted successfully. O:\Auslagerung\2008 und früher\Native.Instruments.Traktor.DJ.Studio.3.ISO-DELiRiUM\TRAKTOR_DJ_STUDIO_3_KEYGEN.EXE (Trojan.Goldun) -> Quarantined and deleted successfully. O:\Auslagerung\2009\Home Studio Bundle\Novation.Bass-Station\Novation.Bass-Station.VSTi.v1.10-H2O\Novation.Bass-Station.VSTi.v1.10-H2O\nbst11kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. O:\Auslagerung\2009\PTLens.Standalone.And.Photoshop.Plugin.v8.5.2.Multilingual-DVT\DVT\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully. O:\Auslagerung\2009\PTLens.Standalone.And.Photoshop.Plugin.v8.5.2.Multilingual-DVT\Setup\ptlens.msi (Trojan.Downloader) -> Quarantined and deleted successfully. O:\Auslagerung\2009\PTLens.Standalone.And.Photoshop.Plugin.v8.5.2.Multilingual-DVT\Setup\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. O:\Auslagerung\2009\XLN.Audio.Addictive.Drums.DVDR.HYBRID-AiRISO\keygen#\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. O:\Auslagerung\2010\Celemony Melodyne Studio Edition v3.1.2.0 Incl Keygen\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. O:\Auslagerung\2010\East West Quantum Leap Stormdrum Kompakt Edition\stormdrum_kompakt_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. O:\Auslagerung\2010\Easy Paint tool SAI\crack\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. O:\Auslagerung\2010\PS\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Nachdem ich mit Malwarebytes den Riesenscan gemacht hab ist der Rechner beim Hochfahren immer häbngengeblieben. 4 Versuche und dann gings wieder. Jetzt läuft OTL: OTL logfile created on: 26.04.2010 19:25:31 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Fernando Poo\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 125,46 Gb Total Space | 22,51 Gb Free Space | 17,94% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 12,94 Gb Free Space | 13,26% Space Free | Partition Type: NTFS Drive E: | 9,76 Gb Total Space | 9,76 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive F: | 7,63 Gb Total Space | 3,40 Gb Free Space | 44,50% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HAGBARD Current User Name: Fernando Poo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\WTouch\WTouchUser.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.) PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) PRC - C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe () PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) PRC - C:\Programme\Googlemail Notifier\gnotify.exe (Google Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WTouchService) -- C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.) SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (NIHardwareService) -- C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV - (MA_CMIDI_InstallerService) -- C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe () ========== Driver Services (SafeList) ========== DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology) DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio) DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.) DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( ) DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( ) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about.blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about.blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/watch?v=y8qtJ2aPqWI&feature=related" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.23 18:32:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.18 02:21:09 | 000,000,000 | ---D | M] [2009.03.30 20:53:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Extensions [2010.04.26 02:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions [2010.04.15 17:13:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.03.22 21:56:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.12.31 19:13:40 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.01.19 18:00:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.14 20:17:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.12 18:52:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 18:52:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 18:52:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 18:52:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 18:52:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.11.25 12:33:43 | 000,001,302 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - Startup: C:\Dokumente und Einstellungen\Fernando Poo\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Dokumente und Einstellungen\Fernando Poo\Startmenü\Programme\Autostart\gnotify.lnk = C:\Programme\Googlemail Notifier\gnotify.exe (Google Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\ACD Systems\ACDSee\ACD Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\ACD Systems\ACDSee\ACD Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.30 20:03:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.04.26 14:05:52 | 000,000,121 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{674c33ca-a2d9-11de-8ac2-000c76710209}\Shell - "" = AutoRun O33 - MountPoints2\{674c33ca-a2d9-11de-8ac2-000c76710209}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8715acb0-7792-11de-8a87-000c76710209}\Shell\AutoRun\command - "" = N:\MI.exe -- File not found O33 - MountPoints2\{d4ffac94-0860-11df-8b79-000c76710209}\Shell\AutoRun\command - "" = ·Ë O33 - MountPoints2\{d4ffac94-0860-11df-8b79-000c76710209}\Shell\explore\Command - "" = K:\RECYCLER\INFO.exe -- File not found O33 - MountPoints2\{d4ffac94-0860-11df-8b79-000c76710209}\Shell\open\Command - "" = K:\RECYCLER\INFO.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.26 17:19:31 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe [2010.04.26 14:16:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.26 14:16:05 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.26 13:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Malwarebytes [2010.04.26 13:58:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.26 13:58:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 13:58:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.26 13:58:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.04.26 13:53:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Recent [2010.04.26 13:51:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.04.24 22:01:50 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.04.24 22:01:49 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.04.24 22:01:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\TuneUp Software [2010.04.24 22:01:19 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.04.24 22:00:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.04.24 22:00:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.04.22 04:26:21 | 000,000,000 | ---D | C] -- C:\Programme\Wbcm and Screen Recorder [2010.04.22 04:10:00 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll [2010.04.22 03:59:44 | 000,000,000 | ---D | C] -- C:\Programme\Zeallsoft [2010.04.21 21:31:50 | 000,000,000 | ---D | C] -- C:\videooutput [2010.04.21 21:31:47 | 000,139,264 | ---- | C] (Xvid.org: Home of the Xvid Codec) -- C:\WINDOWS\System32\xvid.ax [2010.04.21 21:31:47 | 000,000,000 | ---D | C] -- C:\Programme\FLV to AVI MPEG WMV Converter [2010.04.21 21:27:43 | 000,000,000 | ---D | C] -- C:\Programme\Webcam Simulator [2010.04.21 21:27:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\wcs [2010.04.21 16:31:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\Downloads [2010.04.18 02:21:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\Eigene Videos [2010.04.18 01:22:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.04.18 01:21:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\DivX Movies [2010.03.31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010.03.29 07:17:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\My Recordings [2010.03.28 16:00:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\Addictive Drums [2009.04.15 22:35:48 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2009.04.15 22:35:48 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.26 19:24:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.04.26 19:24:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.04.26 19:24:02 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.04.26 19:24:02 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.04.26 19:24:01 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.04.26 19:22:40 | 000,244,806 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.04.26 19:22:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.04.26 19:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.04.26 19:14:19 | 010,223,616 | -H-- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\NTUSER.DAT [2010.04.26 19:14:19 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\ntuser.ini [2010.04.26 17:19:39 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe [2010.04.26 14:15:04 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\RSIT.exe [2010.04.26 13:58:06 | 000,000,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.26 13:55:56 | 000,048,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\cc_20100426_135540.reg [2010.04.26 13:51:30 | 000,001,513 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\CCleaner.lnk [2010.04.26 13:41:52 | 003,923,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\ComboFix.exe [2010.04.26 12:59:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.04.26 02:18:42 | 000,181,248 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.24 22:01:48 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.04.22 04:51:16 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2010.04.22 04:51:16 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe [2010.04.21 21:31:47 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Freez FLV to AVI MPEG WMV Converter.lnk [2010.04.21 15:23:30 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.04.20 17:50:22 | 000,001,487 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Rechner.lnk [2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.03.31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.03.28 15:11:04 | 001,043,836 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.03.28 15:11:04 | 000,448,918 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.03.28 15:11:04 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.03.28 15:11:04 | 000,080,464 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.03.28 15:11:04 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.26 14:15:03 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\RSIT.exe [2010.04.26 13:58:06 | 000,000,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.26 13:55:43 | 000,048,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\cc_20100426_135540.reg [2010.04.26 13:51:30 | 000,001,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\CCleaner.lnk [2010.04.26 13:41:43 | 003,923,062 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\ComboFix.exe [2010.04.24 22:01:48 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.04.21 21:31:47 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll [2010.04.21 21:31:47 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.04.21 21:31:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.04.21 21:31:47 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Freez FLV to AVI MPEG WMV Converter.lnk [2010.04.20 17:50:19 | 000,001,487 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Rechner.lnk [2010.01.15 03:29:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009.11.04 14:46:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009.05.28 00:55:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2009.05.20 03:00:15 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll [2009.04.27 19:07:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2009.04.27 18:42:23 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2009.03.30 20:46:47 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI [2009.03.30 20:46:04 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll [2009.02.18 14:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.02.18 14:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.02.18 14:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.02.18 14:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.03.09 10:15:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\ELVideoCapture.dll [2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [2004.08.04 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004.08.04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys < End of report > _________________________________________________________________ OTL Extras logfile created on: 26.04.2010 19:25:31 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Fernando Poo\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 125,46 Gb Total Space | 22,51 Gb Free Space | 17,94% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 12,94 Gb Free Space | 13,26% Space Free | Partition Type: NTFS Drive E: | 9,76 Gb Total Space | 9,76 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive F: | 7,63 Gb Total Space | 3,40 Gb Free Space | 44,50% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HAGBARD Current User Name: Fernando Poo Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Programme\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008 "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{23773C74-EBEE-41FB-86ED-58B599A2B586}" = PTLens "{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{66BA35B0-1911-47EF-B170-1DCFFDA362F1}" = AmpliTube Jimi Hendrix "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6E7F60B4-F1E9-473F-A6BA-1C1C73A63592}" = ILLUSION Sexyビーチ3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme "{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1 "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1 "{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4 "{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype・4.1 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Generic USB CardReader 2.0 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F5DCB11C-8F09-4C71-B952-B96DBB4E6584}" = ILLUSION Sexyビーチ3~キャラクター追加DISC~ "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Amazing Slow Downer" = Amazing Slow Downer (remove only) "Applian Director1.1" = Applian Director "Arturia Modular System v1.0" = Arturia Modular System v1.0 "Atmosphere_is1" = Atmosphere "Audio Damage DubStation VST v1.0.2.0" = Audio Damage DubStation VST v1.0.2.0 "Bass Audio Decoder" = Bass Audio Decoder (remove only) "BigTick Rhino v1.01" = BigTick Rhino v1.01 "CamStudio" = CamStudio "CCleaner" = CCleaner "CD Audio Reader Filter" = CD Audio Reader Filter (remove only) "C-Media Audio Driver" = C-Media High Definition Audio Driver "Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Daphne" = Daphne 1.46 "DCoder Image Source" = DCoder Image Source (remove only) "Deus Ex" = Deus Ex "Dfine 2.0" = Dfine 2.0 "DirectVobSub" = DirectVobSub (remove only) "Discord 2 VST plug-in" = Discord 2 VST plug-in "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "DreamWorks Interactive: Trespasser" = Trespasser "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "East West Stormdrum Kompakt" = East West Stormdrum Kompakt "Edirol SuperQuartet v1.5" = Edirol SuperQuartet v1.5 "Exact Audio Copy" = Exact Audio Copy 0.99pb5 "FabFilter One 3.05" = FabFilter One 3.05 "FabFilter Pro-C VST RTAS_is1" = FabFilter Pro-C VST RTAS v1.10 "FabFilter Simplon_is1" = FabFilter Simplon VST RTAS v1.01 "FabFilter Timeless v1.00 VST" = FabFilter Timeless v1.00 VST "FabFilter Volcano 2.00" = FabFilter Volcano 2.00 "Fallout" = Fallout "FileZilla Client" = FileZilla Client 3.2.4.1 "Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition "Focusrite Saffire Bundle VST v2.0" = Focusrite Saffire Bundle VST v2.0 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1 "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only) "Garritan Jazz Big Band" = Garritan Jazz Big Band "Guitar Pro 5_is1" = Guitar Pro 5.2 "HijackThis" = HijackThis 2.0.2 "iZotope Alloy_is1" = iZotope Alloy "iZotope Ozone 4_is1" = iZotope Ozone 4 "JPGVideo_is1" = JPGVideo 1.05.0.0 "Lexicon PSP42 1.4" = Lexicon PSP42 1.4 "LightZone 3.8" = LightZone 3.8 "Lounge Lizard EP-2 v2.0" = Lounge Lizard EP-2 v2.0 "LucasArts' Grim Fandango" = LucasArts' Grim Fandango "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5 "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only) "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Native Instruments B4 II" = Native Instruments B4 II "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Guitar Rig 2.0.2" = N.I. Guitar Rig v2.0.2 "Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3 "Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4 "Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS "Native Instruments Service Center" = Native Instruments Service Center "Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS" = Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS "Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0 "Nomad Factory Rock Amp Legends VST v1.0" = Nomad Factory Rock Amp Legends VST v1.0 "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only) "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only) "Pen Tablet Driver" = Stifttablett "PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2 "PSP 84 v1.0" = PSP 84 v1.0 "PSP EasyVerb 1.5.4" = PSP EasyVerb 1.5.4 "PSP MasterQ 1.5.0" = PSP MasterQ 1.5.0 "PSP PianoVerb1.0" = PSP PianoVerb 1.0 "PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0 "PSP_Nitro" = PSP Nitro 1.1.0 "RealMedia" = RealMedia (remove only) "Replay Converter 3" = Replay Converter 3 "Replay Media Catcher 3.11" = Replay Media Catcher "Requiem: Avenging Angel(TM)" = Requiem: Avenging Angel(TM) "Sharpener Pro 3.0" = Sharpener Pro 3.0 "SHOUTcast Source" = SHOUTcast Source (remove only) "Silver Efex Pro" = Silver Efex Pro "SpeedFan" = SpeedFan (remove only) "Steinberg Cubase SX 3" = Steinberg Cubase SX 3 "SyncroSoft Emu" = SyncroSoft Emu (Remove only) "Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle "Trilogy_is1" = Trilogy "TuneUp Utilities" = TuneUp Utilities "Tweak UI 2.10" = Tweak UI "Uninstall_is1" = Uninstall 1.0.0.1 "Vanguard Demo_is1" = Vanguard Demo 1.03 "Viveza" = Viveza "VLC media player" = VLC media player 1.0.5 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "WaveLabPro" = WaveLab 6 "Waves API Collection" = Waves API Collection "Waves GTR 3" = Waves GTR 3 "Waves L3 LL" = Waves L3 LL "Waves Mercury Bundle" = Waves Mercury Bundle "Waves SSL Collection v1.2" = Waves SSL Collection v1.2 "Webcam and Screen Recorder_is1" = Webcam and Screen Recorder 4.5.6 "Webcam Simulator_is1" = Webcam Simulator 6.3 "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format Runtime "WinRAR archiver" = WinRAR archiver "Wizoo WizooVerb W2 VST RTAS v1.0" = Wizoo WizooVerb W2 VST RTAS v1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Zeallsoft Super Webcam Recorder_is1" = Zeallsoft Super Webcam Recorder 4.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04.11.2009 14:08:45 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung flvplayer.exe, Version 0.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 04.11.2009 14:20:58 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung flvplayer.exe, Version 0.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 05.11.2009 02:00:50 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3576, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 05.11.2009 10:31:39 | Computer Name = HAGBARD | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00157983. Error - 08.11.2009 22:35:26 | Computer Name = HAGBARD | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00157983. Error - 24.11.2009 17:51:54 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung ACDSeeQV11.exe, Version 2.0.100.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 24.11.2009 17:51:58 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung ACDSeeQV11.exe, Version 2.0.100.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 25.11.2009 23:30:07 | Computer Name = HAGBARD | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung acdseeqv11.exe, Version 2.0.100.0, fehlgeschlagenes Modul ide_psd.apl, Version 5.0.49.0, Fehleradresse 0x000194ea. Error - 02.12.2009 16:53:00 | Computer Name = HAGBARD | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung photoshop.exe, Version 11.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x0b578f6b. Error - 03.12.2009 00:41:38 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.2180, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 25.04.2010 10:39:39 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 10:39:49 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 10:40:00 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 10:40:11 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 10:40:22 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 10:40:32 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 10:40:43 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 10:40:54 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 12:22:26 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 25.04.2010 17:49:29 | Computer Name = HAGBARD | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. < End of report > Soll ich mit OTL noch was anderes machen, wie Run Fix oder CleanUp? Naja, so weit erst mal. Besten Dank für die schnelle schnele Antwort!! |
26.04.2010, 20:13 | #4 | |
| win32.tdss.rtk Hi, wenn ich mich kurz einmischen darf, eigentlich dürfte er keinen support mehr erhalten(@ cosinus) WEIL : Zitat:
|
26.04.2010, 21:23 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | win32.tdss.rtk Jop, richtig erkannt! Denn: Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Atoll geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
27.04.2010, 12:23 | #6 |
| win32.tdss.rtk Ok, danke dennoch. |
Themen zu win32.tdss.rtk |
?????, ad-aware, ad-watch, adobe, applaus, askbar, bho, browser, c:\windows\system32\rundll32.exe, components, cubase, desktop, dropbox, einstellungen, explorer, flash player, fontcache, ftp, googlemail, hdaudio.sys, hijackthis, install.exe, lizenz, mozilla, mp3, msiexec.exe, nvidia, pdf, photoshop, plug-ins, programme, registry, rundll, security, service pack 1, shell32.dll, skype.exe, software, svchost.exe, system, trojaner, warum, win32.tdss.rtk, windows xp, wscript.exe, wuauclt |