| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.FraudPack.gtvWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.06.2010, 10:11
| #1 |
| |  Trojan.Win32.FraudPack.gtv Hallo, habe seit 2 Tagen das Problem, dass Kaspersky (CBE) beim Windowsstart folgendes meldet: Modul enthält trojanisches Programm Trojan.Win32.FraudPack.gtv Modul: siszpe.exe/siszpe.exe Wenn ich Kaspersky dies löschen lassen will, wird gemeldet, dass eine Desinfektion nicht möglich ist. Habe es daraufhin im abgesicherten Modus versucht, was daran scheiterte, dass sämtliche Menübuttons nicht mehr existent waren. Ausserdem meldet Kaspersky/Proaktiver Schutz ständig: Invader, Prozess (PID: 460), C:\Windows\Explorer.EXE Eindringender Prozess versucht in folgenden Prozess einzudringen: C:\Windows\system32\verclsid.exe (PID:2412) Wenn ich auf 'Verbieten' klicke versucht der Invader sofort in einen anderen Prozess einzudringen, z.B.: ...\rundll32.exe (PID: 1484) ...\ctfmon.exe (PID: 3736) Ausserdem ist mir aufgefallen, dass zwar der Ordner Mozilla Firefox noch existiert, in diesem aber die Firefox.exe fehlt. Bei einer Web-Suche habe ich zu diesem Problem nur Seiten auf russisch gefunden. Eine Suche hier im Forum ergab keine Treffer. Habe daraufhin die empfohlenen Scans durchgeführt. Hier die Ergebnisse: Hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:46:12, on 08.06.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\xampp\apache\bin\apache.exe C:\WINDOWS\Explorer.EXE C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\MagicTune Premium\MagicTuneEngine.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\MagicTune Premium\MagicTune.exe C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe C:\xampp\apache\bin\apache.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe C:\Programme\MagicTune Premium\GammaTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~2.0\bin\ZENDIE~1.DLL O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: siszpe32.exe O4 - Global Startup: GammaTray.lnk = ? O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Programme\Zend\ZendStudioClient-5.0.0\bin\ZendIEToolbar.dll/DebugCurrent.html O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Programme\Zend\ZendStudioClient-5.0.0\bin\ZendIEToolbar.dll/DebugNext.html O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - h**p://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra 'Tools' menuitem: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - h**p://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~2.0\bin\ZENDIE~1.DLL O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~2.0\bin\ZENDIE~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (file missing) O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MagicTuneEngine - Unknown owner - C:\Programme\MagicTune Premium\MagicTuneEngine.exe O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE -- End of file - 8268 bytes Malwarebytes Malwarebytes' Anti-Malware 1.46 w*w.malwarebytes.org Datenbank Version: 4178 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.06.2010 08:28:32 mbam-log-2010-06-09 (08-28-32).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 270313 Laufzeit: 14 Stunde(n), 45 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: D:\Installationsprogramme\Filmmakers Package\Final Draft 7\activation keymaker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. D:\Installationsprogramme\quark\QuarkXpress 7.02\Quark_Xpress_7_Keygen PARADOX.exe (Trojan.Agent) -> Quarantined and deleted successfully. D:\Installationsprogramme\webtools\Zend.Studio.Enterprise.Edition.v5.0.0.183 w ZendStudioServer\keygen.exe (Malware.Packer) -> Quarantined and deleted successfully. D:\RECYCLER\S-1-5-21-474158596-908595130-1765605958-1007\Dd85\Guitar Rig 1.2\guitar_rig_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. RSIT RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random)
Run by Administrator at 2010-06-09 08:35:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (6%) free of 30 GB
Total RAM: 1279 MB (56% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Klick-Wartung.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95188727-288F-4581-A48D-EAB3BD027314} - Zend Studio - C:\PROGRA~1\Zend\ZENDST~2.0\bin\ZENDIE~1.DLL [2005-11-03 139264]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVP"=C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"AcronisTimounterMonitor"=C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-06 1957180]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
GammaTray.lnk - C:\Programme\MagicTune Premium\GammaTray.exe
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
siszpe32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-02-08 219664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=C:\Programme\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 38400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDriveAutoRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1cd4810-a029-11db-a2c9-806d6172696f}]
shell\AutoRun\command - E:\AutoRun\setup32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4d0587c-ec33-11dc-a04d-000c6eee324f}]
shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf1a9786-5b1c-11de-bc67-000c6eee324f}]
shell\AutoRun\command - G:\pushinst.exe
======File associations======
.js - edit - "C:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
======List of files/folders created in the last 1 months======
2010-06-09 08:35:54 ----D---- C:\rsit
2010-06-08 14:52:39 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-06-08 14:51:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-08 14:51:58 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-06-08 13:26:21 ----D---- C:\Programme\CCleaner
2010-06-08 11:54:46 ----D---- C:\Programme\Trend Micro
2010-06-03 20:37:35 ----AH---- C:\WINDOWS\system32\cidanmgr.dll
======List of files/folders modified in the last 1 months======
2010-06-09 08:35:11 ----D---- C:\WINDOWS\Prefetch
2010-06-09 08:28:33 ----D---- C:\WINDOWS
2010-06-08 17:26:37 ----D---- C:\WINDOWS\Temp
2010-06-08 14:52:01 ----D---- C:\WINDOWS\system32\drivers
2010-06-08 14:51:58 ----D---- C:\Programme
2010-06-08 14:06:56 ----D---- C:\WINDOWS\Debug
2010-06-08 13:54:31 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-08 12:36:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-08 12:35:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-06-08 12:31:41 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-06-08 11:54:51 ----SHD---- C:\WINDOWS\Installer
2010-06-08 11:54:49 ----HD---- C:\Config.Msi
2010-06-08 11:54:48 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
2010-06-03 21:21:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-03 21:04:41 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus
2010-06-03 21:04:04 ----D---- C:\WINDOWS\system32
2010-06-03 21:04:04 ----D---- C:\Programme\Mozilla Firefox
2010-06-03 20:13:54 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2010-05-21 12:26:53 ----D---- C:\Programme\Azureus
2010-05-17 11:03:24 ----A---- C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt
2010-05-17 10:36:31 ----A---- C:\WINDOWS\win.ini
2010-05-17 10:33:55 ----A---- C:\WINDOWS\DUSB2AR.INI
2010-05-17 10:33:55 ----A---- C:\WINDOWS\AUSBA2.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-04-05 29568]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-04-05 33792]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys [2007-09-06 12928]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2000-03-18 17784]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-01-10 39264]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 NVENET;NVIDIA nForce Networking Legacy Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-11-11 94276]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2004-08-03 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2004-08-03 13240]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-04-05 102016]
S1 as6eio;as6eio; C:\WINDOWS\System32\drivers\as6eio.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 GT680x;USB Flatbed Scanner; C:\WINDOWS\System32\Drivers\GT680x.SYS [2000-03-01 16892]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-11 622172]
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-01-26 4352]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
S3 GigasetGenericUSB;GigasetGenericUSB; C:\WINDOWS\system32\DRIVERS\GigasetGenericUSB.sys [2009-02-20 44032]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-09-06 12928]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys []
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys []
S3 phil2vid;Philips VGA-Kamera (USB); C:\WINDOWS\system32\DRIVERS\philcam2.sys []
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys []
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys []
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys []
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys []
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys []
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys []
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys []
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys []
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys []
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2006-10-06 225280]
R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 AVP;Kaspersky Security Suite CBE; C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 InCDsrv;InCD Helper; C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe [2006-04-05 791040]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2001-10-08 278016]
R2 MagicTuneEngine;MagicTuneEngine; C:\Programme\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 mysql;mysql; C:\xampp\mysql\bin\mysqld-nt.exe [2008-04-17 5750784]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-04-28 603904]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 EmmaDevMgmtSvc;Emma Device Management; C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe []
S2 EmmaUpdMgmtSvc;Emma Update Management; C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe []
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-30 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-04-28 360192]
S3 wfxsvc;WinFax PRO; C:\WINDOWS\system32\WFXSVC.EXE [2000-03-07 128512]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.06 2010-06-09 08:36:15
======Uninstall list======
-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Fretboard Trainer PRO-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Programme\AFT software\UnInst.log" "/APPNAME=Absolute Fretboard Trainer PRO"
Acronis True Image Home-->MsiExec.exe /X{3D2975E7-DD28-4145-811A-225140FF87F0}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Programme\Gemeinsame Dateien\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\ccb135070a90ff24d6e7cc4bc5a59cb\Setup.exe --uninstall=1
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Photoshop Lightroom 2.3-->MsiExec.exe /I{7CBD8A89-45F4-4203-9923-673F72603747}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Setup-->MsiExec.exe /I{28773E11-6E44-46DC-90BD-273A3FA2CAC1}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Amazing Slow Downer (remove only)-->"C:\Programme\Roni Music\Amazing Slow Downer\uninstall.exe"
Audiograbber 1.83 SE -->"C:\Programme\Audiograbber\Uninstall.exe"
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Everest Poker.net (Remove Only)-->C:\Programme\Everest Poker.net\cstart.exe /uninstall
Flachbettscanner-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\TWAIN_32\Flachbettscanner\Uninst.isu
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Gigaset QuickSync-->MsiExec.exe /I{58A12D43-D312-4995-9D8F-9E654694C113}
GSM 1.1.4.2-->"C:\Programme\Guitar Scales Method\uninst\unins000.exe"
GST 1.38.0.4-->"C:\Programme\Guitar Speed Trainer\uninst\unins000.exe"
Guitar Calculator Pro v3.0.3-->C:\Audio\GUITAR~1\UNWISE.EXE C:\Audio\GUITAR~1\INSTALL.LOG
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intellex Player-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}\setup.exe" -l0x7 anything -removeonly
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Macromedia Dreamweaver 8-->MsiExec.exe /I{44025BD7-AD10-4769-99AE-6378FD0303D6}
Macromedia Extension Manager-->MsiExec.exe /I{0F022A2E-7022-497D-90A5-0F46746D8275}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
MagicTune Premium-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe" -l0x7
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Mathe1x1-->"C:\Programme\Mathe1x1\unins000.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->L:\thunderbird 2.0.0.14\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->L:\ThunderbirdPortable\App\thunderbird\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->M:\ThunderbirdPortable\App\thunderbird\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Dokumente und Einstellungen\Administrator\Desktop\ThunderbirdPortable\App\thunderbird\uninstall\helper.exe
Mp3tag v2.44-->C:\Programme\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Natural Color Pro-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Nero 7 Ultra Edition-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1031}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nForce Treiber für Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush
NVIDIA nForce Utilities-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PokerTH-->C:\Programme\PokerTH\uninstall.exe
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuarkXPress 7.31-->MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sony Ericsson PC Suite 6.009.00-->"C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Steinberg Cubase VST32-->C:\PROGRA~1\STEINB~1\CUBASE~1.0\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASE~1.0\Install.log
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Symantec WinFax PRO 10.0-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Symantec\WinFax\WFXUNIST.ISU -c"C:\Programme\Symantec\WinFax\UNINSTUB.DLL"
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TEFView 2.62-->C:\Programme\TablEdit32\unins000.exe
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Turbo Lister 2-->MsiExec.exe /X{8927E07C-97F7-4A54-88FB-D976F50DD46E}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VLC media player 1.0.2-->C:\Programme\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Programme\Azureus\uninstall.exe
Windows Driver Package - PIE Image 10/22/2002 1.1.1-->C:\WINDOWS\system32\DRVSTORE\Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e\DpInst.exe /u Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.43-->"C:\Programme\WinHTTrack\unins000.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XAMPP 1.6.7-->"c:\xampp\uninstall.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
xp-AntiSpy 3.96-3-->C:\Programme\xp-AntiSpy\Uninstall.exe
Zend Studio Server-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3708CAA8-AEC2-47DE-A71F-8C1C537F0FA4}\setup.exe" -l0x9 -removeonly
ZendStudioClient-5.0.0-->"C:\Programme\Zend\ZendStudioClient-5.0.0\Uninstall ZendStudioClient-5.0.0\Uninstall ZendStudioClient-5.0.0.exe"
======Hosts File======
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
======Security center information======
AV: Kaspersky Security Suite CBE (outdated)
FW: Kaspersky Security Suite CBE
======System event log======
Computer Name: WINDOWSPC
Event Code: 7036
Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 50776
Source Name: Service Control Manager
Time Written: 20100415080542.000000+120
Event Type: Informationen
User:
Computer Name: WINDOWSPC
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet.
Record Number: 50775
Source Name: Service Control Manager
Time Written: 20100415080540.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: WINDOWSPC
Event Code: 7036
Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 50774
Source Name: Service Control Manager
Time Written: 20100415080538.000000+120
Event Type: Informationen
User:
Computer Name: WINDOWSPC
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".
Record Number: 50773
Source Name: Service Control Manager
Time Written: 20100415080536.000000+120
Event Type: Informationen
User:
Computer Name: WINDOWSPC
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.
Record Number: 50772
Source Name: Service Control Manager
Time Written: 20100415080535.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
=====Application event log=====
Computer Name: WINDOWSPC
Event Code: 100
Message: C:\xampp\mysql\bin\mysqld-nt.exe: ready for connections.
Version: '5.0.51b-community-nt' socket: '' port: 3306 MySQL Community Edition (GPL)
For more information, see Help and Support Center at h**p://w*w.mysql.com.
Record Number: 7033
Source Name: MySQL
Time Written: 20090605130412.000000+120
Event Type: Informationen
User:
Computer Name: WINDOWSPC
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 7032
Source Name: SecurityCenter
Time Written: 20090605085635.000000+120
Event Type: Informationen
User:
Computer Name: WINDOWSPC
Event Code: 100
Message: C:\xampp\mysql\bin\mysqld-nt.exe: ready for connections.
Version: '5.0.51b-community-nt' socket: '' port: 3306 MySQL Community Edition (GPL)
For more information, see Help and Support Center at h**p://w*w.mysql.com.
Record Number: 7031
Source Name: MySQL
Time Written: 20090605085632.000000+120
Event Type: Informationen
User:
Computer Name: WINDOWSPC
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 7030
Source Name: SecurityCenter
Time Written: 20090604175919.000000+120
Event Type: Informationen
User:
Computer Name: WINDOWSPC
Event Code: 100
Message: C:\xampp\mysql\bin\mysqld-nt.exe: ready for connections.
Version: '5.0.51b-community-nt' socket: '' port: 3306 MySQL Community Edition (GPL)
For more information, see Help and Support Center at h**p://w*w.mysql.com.
Record Number: 7029
Source Name: MySQL
Time Written: 20090604175910.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Vielen Dank schon mal im Voraus! Geändert von ruudi (09.06.2010 um 10:23 Uhr) |
|
09.06.2010, 11:11
| #2 |
| /// Malware-holic   | Trojan.Win32.FraudPack.gtv ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "run Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt eventuell auf 2 oder mehr posts aufteilen. |
|
09.06.2010, 15:14
| #3 |
| /// Helfer-Team   | Trojan.Win32.FraudPack.gtv Wenn ich kurz reinspringen darf
__________________ Code:
ATTFilter Infizierte Dateien:
D:\Installationsprogramme\Filmmakers Package\Final Draft 7\activation keymaker.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Installationsprogramme\quark\QuarkXpress 7.02\Quark_Xpress_7_Keygen PARADOX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Installationsprogramme\webtools\Zend.Studio.Enterprise.Edition.v5.0.0.183 w ZendStudioServer\keygen.exe (Malware.Packer) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-474158596-908595130-1765605958-1007\Dd85\Guitar Rig 1.2\guitar_rig_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
 Damit hast du dir leider selber die Grube gegraben! Heutzutage sind so gut wie ALLE Cracks, Keygens & Co. verseucht. Du siehst ja selbst das Resultat. Außerdem machst du dich dadurch strafbar Da wir uns ebenfalls strafbar machen würden, hier weiter zu supporten, wird denk ich mal markus jetzt den Support einstellen. Für dich geht es hier weiter: http://www.trojaner-board.de/51262-a...sicherung.html Wichtig: Ändere alle deine Passwörter von einem sauberen PC aus. Falls noch was unklar ist, Fragen kostet nichts Viel Erfolg! Gruß Handball10
__________________ |
|
11.06.2010, 10:50
| #4 |
| | Trojan.Win32.FraudPack.gtv OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.06.2010 10:46:15 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = E:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1920 3840 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 1,67 Gb Free Space | 5,71% Space Free | Partition Type: NTFS Drive D: | 74,23 Gb Total Space | 13,36 Gb Free Space | 17,99% Space Free | Partition Type: NTFS Drive E: | 245,59 Mb Total Space | 22,30 Mb Free Space | 9,08% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WINDOWSPC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\OTL.exe (OldTimer Tools) ========== Modules (SafeList) ========== MOD - E:\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\cidanmgr.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\scrchpg.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\miscr3.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\fssync.dll (Kaspersky Lab) MOD - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab) ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1606980848-362288127-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1606980848-362288127-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.06 20:20:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.06 20:20:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Dokumente und Einstellungen\Administrator\Desktop\ThunderbirdPortable\App\thunderbird\components [2010.06.03 10:54:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.03.16 11:55:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.16 11:55:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.16 11:55:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.16 11:55:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.16 11:55:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.04.07 13:02:54 | 000,001,300 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Programme\Zend\ZendStudioClient-5.0.0\bin\ZendIEToolbar.dll () O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GammaTray.lnk = C:\Programme\MagicTune Premium\GammaTray.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKU\S-1-5-21-1606980848-362288127-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128 O7 - HKU\S-1-5-21-1606980848-362288127-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1606980848-362288127-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Zend Studio - Debug current page - C:\Programme\Zend\ZendStudioClient-5.0.0\bin\ZendIEToolbar.dll () O8 - Extra context menu item: Zend Studio - Debug next page - C:\Programme\Zend\ZendStudioClient-5.0.0\bin\ZendIEToolbar.dll () O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - File not found O9 - Extra 'Tools' menuitem : Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Programme\Zend\ZendStudioClient-5.0.0\bin\ZendIEToolbar.dll () O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE\adialhk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Programme\Symantec\WinFax\WFXSEH32.DLL (Symantec Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.01.09 23:31:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{a1cd4810-a029-11db-a2c9-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{a1cd4810-a029-11db-a2c9-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a1cd4810-a029-11db-a2c9-806d6172696f}\Shell\AutoRun\command - "" = E:\AutoRun\setup32.exe -- File not found O33 - MountPoints2\{b4d0587c-ec33-11dc-a04d-000c6eee324f}\Shell\AutoRun\command - "" = .Trashes -- [2007.02.16 20:23:00 | 000,000,000 | -H-D | M] O33 - MountPoints2\{cf1a9786-5b1c-11de-bc67-000c6eee324f}\Shell - "" = AutoRun O33 - MountPoints2\{cf1a9786-5b1c-11de-bc67-000c6eee324f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cf1a9786-5b1c-11de-bc67-000c6eee324f}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: ciphtdde - (C:\WINDOWS\system32\cidanmgr.dll) - C:\WINDOWS\system32\cidanmgr.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.01.09 23:31:18 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: Ndisuio - C:\WINDOWS\system32\drivers\ndisuio.sys.bak (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdpwd.sys - C:\WINDOWS\system32\drivers\RDPWD.sys.bak (Microsoft Corporation) SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: tdpipe.sys - C:\WINDOWS\system32\drivers\TDPIPE.sys.bak (Microsoft Corporation) SafeBootNet: tdtcp.sys - C:\WINDOWS\system32\drivers\TDTCP.sys.bak (Microsoft Corporation) SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366) ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010.06.09 08:35:54 | 000,000,000 | ---D | C] -- C:\rsit [2010.06.08 14:52:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.08 14:51:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.06.08 14:51:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.08 14:51:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.08 13:26:21 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.08 11:54:46 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.10 10:50:44 | 000,573,472 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.06.10 10:34:25 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.06.10 10:34:07 | 002,522,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010.06.10 10:33:41 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.06.10 10:33:38 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.06.10 10:30:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.10 10:30:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.09 12:08:11 | 000,243,764 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010.06.08 13:54:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.06.07 14:35:43 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.03 20:37:35 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\cidanmgr.dll [2010.05.17 10:36:31 | 000,000,838 | ---- | M] () -- C:\WINDOWS\win.ini [2010.05.17 10:33:55 | 000,011,365 | ---- | M] () -- C:\WINDOWS\DUSB2AR.INI [2010.05.17 10:33:55 | 000,002,040 | ---- | M] () -- C:\WINDOWS\AUSBA2.INI [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.03 20:37:35 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\cidanmgr.dll [2010.04.19 16:59:09 | 000,905,290 | R--- | C] () -- C:\WINDOWS\System32\libmmd.dll [2009.10.31 11:39:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\PF1800LC.Dll [2009.10.31 11:39:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PWiaExt.dll [2009.10.31 11:39:02 | 000,010,624 | ---- | C] () -- C:\WINDOWS\System32\GENEUSB.SYS [2009.10.31 11:39:02 | 000,010,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\GENEUSB.SYS [2009.10.31 11:39:01 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\daspi32u.dll [2009.10.31 11:39:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\IO_PORT.DLL [2009.10.31 11:39:01 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\FVC.DLL [2009.10.31 11:39:01 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SQ1394.DLL [2009.10.31 11:39:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Scanner.ini [2009.08.06 16:37:45 | 000,172,032 | ---- | C] () -- C:\WINDOWS\AUSBA2.DLL [2009.08.06 16:37:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\artcomm.dll [2009.08.06 16:37:45 | 000,011,365 | ---- | C] () -- C:\WINDOWS\DUSB2AR.INI [2009.08.06 16:37:45 | 000,002,040 | ---- | C] () -- C:\WINDOWS\AUSBA2.INI [2009.08.03 14:02:37 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\ARSetup.dll [2009.08.03 14:02:37 | 000,000,321 | R--- | C] () -- C:\WINDOWS\ARSetup.ini [2009.06.19 10:55:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI [2009.06.07 16:22:44 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.02.09 21:30:26 | 000,000,196 | ---- | C] () -- C:\WINDOWS\holdemg.ini [2009.02.06 17:26:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI [2008.11.09 13:13:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AudioEncoderEnum.dll [2008.11.09 13:07:54 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll [2008.09.22 12:44:20 | 000,000,058 | ---- | C] () -- C:\WINDOWS\my.ini [2008.06.30 21:13:56 | 000,000,382 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.06.25 14:47:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI [2008.06.25 14:42:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL [2008.06.25 14:42:51 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI [2008.06.25 14:42:46 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL [2008.05.03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.05.03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.05.03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008.01.09 11:02:13 | 000,001,575 | ---- | C] () -- C:\WINDOWS\tefview.ini [2007.10.27 13:38:23 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2007.10.27 13:38:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll [2007.10.21 15:27:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.02.13 04:21:28 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll [2007.01.10 10:49:48 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.01.10 10:49:47 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.01.10 10:45:33 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini [2007.01.10 10:44:45 | 000,003,274 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.01.10 10:44:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2004.11.11 14:00:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL [1998.09.01 18:10:20 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\LDEPCL32.DLL [1997.10.24 15:56:36 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [1997.06.17 16:07:50 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\DOSFNT32.DLL ========== LOP Check ========== [2010.01.26 19:32:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2007.10.21 14:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2010.01.19 15:40:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2009.06.07 13:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gigaset QuickSync [2009.02.06 17:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.02.06 17:37:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2010.06.10 10:33:38 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.11.11 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009.04.03 07:46:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009.04.03 07:46:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.11.11 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009.04.03 07:46:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009.04.03 07:46:43 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.11.11 14:00:00 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\Drivers\M\N\NvAtaBus.sys [2004.11.11 14:00:00 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\nvatabus.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VIAMRAID.SYS > [2004.11.11 14:00:00 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\Drivers\M\V\raid\viamraid.sys < MD5 for: VIASRAID.SYS > [2004.11.11 14:00:00 | 000,075,904 | ---- | M] (VIA Technologies inc,.ltd) MD5=1493F351E5A4B915FB5BBB735C14004B -- C:\Drivers\M\V\sata\viasraid.sys < MD5 for: WS2IFSL.SYS > [2004.11.11 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.01.10 00:17:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2007.01.10 00:17:34 | 000,671,744 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2007.01.10 00:17:34 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 04:22:14 | 001,028,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mfc42.dll [2004.11.11 14:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll [2008.04.14 04:22:18 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
11.06.2010, 10:55
| #5 |
| | Trojan.Win32.FraudPack.gtv OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.06.2010 10:46:15 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 1,67 Gb Free Space | 5,71% Space Free | Partition Type: NTFS
Drive D: | 74,23 Gb Total Space | 13,36 Gb Free Space | 17,99% Space Free | Partition Type: NTFS
Drive E: | 245,59 Mb Total Space | 22,30 Mb Free Space | 9,08% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WINDOWSPC
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
h**P [open] -- Reg Error: Key error.
h**Ps [open] -- Reg Error: Key error.
jsfile [edit] -- "C:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{28773E11-6E44-46DC-90BD-273A3FA2CAC1}" = Adobe Setup
"{2B618178-930B-46FA-9C93-0AE2EEB89EBC}" = DocProc
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3708CAA8-AEC2-47DE-A71F-8C1C537F0FA4}" = Zend Studio Server
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis True Image Home
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{58A12D43-D312-4995-9D8F-9E654694C113}" = Gigaset QuickSync
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}" = Intellex Player
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{70AB1576-7883-2313-C650-7A71270B1031}" = Nero 7 Ultra Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.31
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"8461-7759-5462-8226" = Vuze
"Absolute Fretboard Trainer PRO" = Absolute Fretboard Trainer PRO
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_ccb135070a90ff24d6e7cc4bc5a59cb" = Adobe Fireworks CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"Audiograbber" = Audiograbber 1.83 SE
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everest Poker.net" = Everest Poker.net (Remove Only)
"Flachbettscanner" = Flachbettscanner
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Guitar Calculator Pro v3.0.3" = Guitar Calculator Pro v3.0.3
"GuitarScalesMethod_is1" = GSM 1.1.4.2
"GuitarSpeedTrainer_is1" = GST 1.38.0.4
"ie8" = Windows Internet Explorer 8
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Security Suite CBE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathe1x1_is1" = Mathe1x1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Mp3tag" = Mp3tag v2.44
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA nForce Treiber für Windows 2000/XP
"Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e" = Windows Driver Package - PIE Image 10/22/2002 1.1.1
"PokerTH 0.6.3" = PokerTH
"SSUtils" = NVIDIA nForce Utilities
"Steinberg Cubase VST32" = Steinberg Cubase VST32
"SystemRequirementsLab" = System Requirements Lab
"TEFView_is1" = TEFView 2.62
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFax" = Symantec WinFax PRO 10.0
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.6.7
"xp-AntiSpy" = xp-AntiSpy 3.96-3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZendStudioClient-5.0.0" = ZendStudioClient-5.0.0
========== Last 10 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
|
|
11.06.2010, 11:08
| #6 |
| /// Malware-holic | Trojan.Win32.FraudPack.gtv den post von handball10 hast du schon gelesen oder? |
|
| Themen zu Trojan.Win32.FraudPack.gtv |
| bho, browser, browseui preloader, c:\windows\system32\rundll32.exe, calculator, components, converter, cubase, desktop, diagnostics, drvstore, firefox, firefox.exe, flash player, fontcache, helper, hijack, hijackthis, hkus\s-1-5-18, hotfix.exe, internet explorer, kaspersky, keygen, launch, mozilla, mp3, msiexec.exe, nicht möglich, plug-in, problem, prozess, realtek, registry, russisch, security, security suite, security update, server, software, starten, studio, symantec, system, trojan.win32.fraudpack.gtv, windows xp, windows-sicherheitscenterdienst |
Linear-Darstellung
