Trojaner-Board - lästige werbefenster bei mozilla

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - lästige werbefenster bei mozilla (https://www.trojaner-board.de/57324-laestige-werbefenster-mozilla.html)

lästige werbefenster bei mozilla

Hallo an alle. hab wie viele andere ein problem mit unerwünschen werbeseiten (neckermann, vodafone, quelle etc. ) im mozilla. ich poste mal die log file und würde mich über eure hilfe sehr freuen. würde vielleicht ein systemwiederherstellungspunkt helfen? habe das problem erst seit 3 tagen.vielen dank im voraus

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:46, on 04.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Programme\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\Java\jre1.6.0_05\bin\jusched.exe

C:\Programme\HP\HP Software Update\HPWuSchd.exe

C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programme\HP\hpcoretech\hpcmpmgr.exe

C:\Programme\Winamp\winampa.exe

C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe

C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Windows Live\Messenger\MsnMsgr.Exe

C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\dokumente und einstellungen\carpe diem\lokale einstellungen\anwendungsdaten\aocpdxl.exe

C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\Programme\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\Programme\Java\jre1.6.0_05\bin\jucheck.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
 

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [updateMgr] c:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [aocpdxl] c:\dokumente und einstellungen\carpe diem\lokale einstellungen\anwendungsdaten\aocpdxl.exe aocpdxl

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 

--

End of file - 10518 bytes

Code:

C:\dokumente und einstellungen\carpe diem\lokale einstellungen\anwendungsdaten\aocpdxl.exe

Bitte bei Virustotal auswerten lassen und alle Ergebnisse posten! (inkl. Angaben zur Dateigröße und Prüfsummen)

Mach danach mal einen Durchlauf mit DSS und Malwarebytes. Danach sehen wir weiter. Poste alle Logfiles mit Codetags umschlossen also so

HTML-Code:

[code] Hier das Logfile rein! [/code]

also als erstes mal danke für die antwort heir die angefordeten logs:

der bericht von virustotal:

Code:

Antivirus          Version          letzte aktualisierung          Ergebnis

AhnLab-V3        2008.8.5.0        2008.08.05        -

AntiVir        7.8.1.15        2008.08.05        -

Authentium        5.1.0.4        2008.08.04        -

Avast        4.8.1195.0        2008.08.05        -

AVG        8.0.0.156        2008.08.05        -

BitDefender        7.2        2008.08.05        -

CAT-QuickHeal        9.50        2008.08.04        -

ClamAV        0.93.1        2008.08.05        -

DrWeb        4.44.0.09170        2008.08.05        -

eSafe        7.0.17.0        2008.08.05        -

eTrust-Vet        31.6.6009        2008.08.05        -

Ewido        4.0        2008.08.04        -

F-Prot        4.4.4.56        2008.08.04        -

F-Secure        7.60.13501.0        2008.08.05        -

Fortinet        3.14.0.0        2008.08.04        -

GData        2.0.7306.1023        2008.08.04        -

Ikarus        T3.1.1.34.0        2008.08.05        Trojan.Win32.Skintrim.B

K7AntiVirus        7.10.403        2008.08.04        -

Kaspersky        7.0.0.125        2008.08.05        -

McAfee        5353        2008.08.04        -

Microsoft        1.3807        2008.08.05        Trojan:Win32/Skintrim.gen!B

NOD32v2        3327        2008.08.05        -

Norman        5.80.02        2008.08.04        -

Panda        9.0.0.4        2008.08.04        -

PCTools        4.4.2.0        2008.08.04        -

Prevx1        V2        2008.08.05        -

Rising        20.56.11.00        2008.08.05        -

Sophos        4.31.0        2008.08.05        -

Sunbelt        3.1.1537.1        2008.08.01        -

Symantec        10        2008.08.05        -

TheHacker        6.2.96.393        2008.08.04        -

TrendMicro        8.700.0.1004        2008.08.05        -

VBA32        3.12.8.2        2008.08.04        -

ViRobot        2008.8.4.1322        2008.08.04        -

VirusBuster        4.5.11.0        2008.08.04        -

Webwasher-Gateway        6.6.2        2008.08.05        -

weitere Informationen

File size: 249856 bytes

MD5...: 291587e0e838031c19eaef75d469a52a

SHA1..: 54a5db69be97ffa8f1d620e2f5cc21cb48ddb1de

SHA256: 9ea7d5ac2de7b9650f4d38100f8ae331fd4d1f4441fbe0967a03c5a4aff1c899

SHA512: 49f46c0d18e0e1dfb4d1c808d3c98916c97db57710ac3121bb7e477680eb4337

d0c3a8fbca41aac46c6ab86a593bbd06e85a4d3a811da0190dd3a8fa1614fbd9

PEiD..: -

PEInfo: PE Structure information
 

( base data )

entrypointaddress.: 0x401000

timedatestamp.....: 0x47d67f36 (Tue Mar 11 12:46:46 2008)

machinetype.......: 0x14c (I386)
 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xf80 0x1000 6.40 b6ccd974ab665dec29e6ffd3963ee02e

.rdata 0x2000 0xfaa 0x1000 5.27 dfad50a1a3ef15e6fbe9803235e2328f

.data 0x3000 0x39508 0x3a000 7.39 463831c3388bacade31c83bc94236387
 

( 7 imports )

> KERNEL32.dll: FlushFileBuffers, WaitNamedPipeA, GetSystemTimeAdjustment, GetTempPathW, GetDiskFreeSpaceW, SuspendThread, lstrcmpA, GetCompressedFileSizeW, VirtualProtect, lstrlenA, GetCommandLineA, GetVersionExA, ExitProcess, GetLocaleInfoW, SetConsoleCursorPosition, PurgeComm, GetCurrentProcess, _lclose, SetEvent, CompareStringA, FillConsoleOutputCharacterA, GetStringTypeExW, SetConsoleActiveScreenBuffer, ExpandEnvironmentStringsW, GetVolumeInformationW, GetProfileStringA, GetConsoleMode, CreateIoCompletionPort, GetDateFormatA, EnumCalendarInfoA, CreatePipe, GetConsoleCursorInfo, GlobalGetAtomNameW, OutputDebugStringW, MoveFileW, FreeLibrary, GetDiskFreeSpaceExA, SetTimeZoneInformation, SetCommMask, GetStartupInfoA, GetLogicalDriveStringsA, VirtualAlloc

> USER32.dll: ChangeDisplaySettingsA, wvsprintfA, GetMessageW, MenuItemFromPoint, DialogBoxIndirectParamA, GetUserObjectSecurity, MapVirtualKeyA, ExcludeUpdateRgn, CreateAcceleratorTableW, GetClassNameW, CascadeWindows, OemKeyScan, ChildWindowFromPoint, MonitorFromRect, OpenDesktopA, SendMessageW, GetMenuCheckMarkDimensions, BroadcastSystemMessageA, GetSystemMenu, ToUnicodeEx, IsZoomed, EnableMenuItem, SetRectEmpty, OpenInputDesktop, IsChild, CountClipboardFormats, SetFocus, MapVirtualKeyW, DragDetect, GetWindowTextLengthW, EnumDisplaySettingsA, IsCharAlphaA, FindWindowExA, CharUpperBuffW, GetCursorPos, GetQueueStatus

> GDI32.dll: DeleteEnhMetaFile, CloseEnhMetaFile, SetBkMode, FillPath, PolyDraw, MaskBlt, CreateCompatibleBitmap, InvertRgn, BeginPath, SaveDC, SetAbortProc, CreateDiscardableBitmap, CreateEnhMetaFileA, GetNearestColor, GetEnhMetaFileDescriptionA, PtInRegion, SetWorldTransform, CreateCompatibleDC, GetTextExtentPointA, StrokePath, GetFontLanguageInfo, OffsetViewportOrgEx

> ADVAPI32.dll: GetSecurityDescriptorDacl, CreateProcessAsUserA, GetExplicitEntriesFromAclW, EnumServicesStatusW, RegisterServiceCtrlHandlerW, BuildTrusteeWithSidW, OpenServiceA, RegDeleteValueW, CreateProcessAsUserW, GetSecurityInfo, SetNamedSecurityInfoA, OpenProcessToken, InitializeSid, GetNamedSecurityInfoA, CryptExportKey, InitiateSystemShutdownA, DuplicateTokenEx, RegRestoreKeyA, OpenSCManagerA, RegQueryValueExA, RegDeleteValueA, RegNotifyChangeKeyValue

> OLEAUT32.dll: -, -, -, -, -, -, -

> COMCTL32.dll: CreateToolbarEx, ImageList_GetIcon

> SHLWAPI.dll: PathRemoveBlanksA, PathQuoteSpacesA, PathGetDriveNumberA, wnsprintfW, PathRenameExtensionW, SHCreateStreamOnFileW, StrCatBuffW, StrCmpNW, UrlCombineW, StrChrW
 

(0 exports)

hier der main.txt von DSS:

Code:

Deckard's System Scanner v20071014.68

Run by Carpe Diem on 2008-08-05 20:11:37

Computer is in Normal Mode.

--------------------------------------------------------------------------------
 

-- System Restore --------------------------------------------------------------
 

Successfully created a Deckard's System Scanner Restore Point.
 
 

-- Last 5 Restore Point(s) --

61: 2008-08-05 18:11:43 UTC - RP394 - Deckard's System Scanner Restore Point

60: 2008-08-01 18:40:36 UTC - RP393 - Systemprüfpunkt

59: 2008-07-29 19:58:32 UTC - RP392 - Systemprüfpunkt

58: 2008-07-28 19:33:55 UTC - RP391 - Systemprüfpunkt

57: 2008-07-27 09:47:37 UTC - RP390 - Systemprüfpunkt
 
 

-- First Restore Point -- 

1: 2008-05-04 20:26:03 UTC - RP334 - Systemprüfpunkt
 
 

Backed up registry hives.

Performed disk cleanup.
 
 
 

-- HijackThis (run as Carpe Diem.exe) ------------------------------------------
 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:17:46, on 05.08.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Programme\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe

C:\Programme\Java\jre1.6.0_05\bin\jusched.exe

C:\Programme\HP\HP Software Update\HPWuSchd.exe

C:\Programme\HP\hpcoretech\hpcmpmgr.exe

C:\Programme\Winamp\winampa.exe

C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe

C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE

C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Windows Live\Messenger\MsnMsgr.Exe

C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\dokumente und einstellungen\carpe diem\lokale einstellungen\anwendungsdaten\aocpdxl.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\Programme\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Programme\AntiVir PersonalEdition Classic\sched.exe

C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\Programme\ATI Technologies\ATI.ACE\cli.exe

C:\Programme\Java\jre1.6.0_05\bin\jucheck.exe

C:\Dokumente und Einstellungen\Carpe Diem\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Carpe Diem.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [updateMgr] c:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [aocpdxl] c:\dokumente und einstellungen\carpe diem\lokale einstellungen\anwendungsdaten\aocpdxl.exe aocpdxl

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
 

--

End of file - 10599 bytes
 

-- File Associations -----------------------------------------------------------
 

All associations okay.
 
 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
 

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys

R2 DritekPortIO (Dritek General Port I/O) - c:\programme\launch manager\dportio.sys <Not Verified; Dritek System Inc.; DPortIO>

R2 int15 - c:\windows\system32\drivers\int15.sys

R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

R2 tvicport - c:\windows\system32\drivers\tvicport.sys <Not Verified; EnTech Taiwan; TVicPort Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

R2 zntport - c:\windows\system32\drivers\zntport.sys <Not Verified; Zeal SoftStudio; NTPort Library>

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
 

S2 eLock2BurnerLockDriver - c:\windows\system32\elock2burnerlockdriver.sys (file missing)

S2 eLock2FSCTLDriver - c:\windows\system32\elock2fsctldriver.sys (file missing)

S3 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >

S3 w810bus (Sony Ericsson W810 Driver driver (WDM)) - c:\windows\system32\drivers\w810bus.sys (file missing)

S3 w810mdfl (Sony Ericsson W810 USB WMC Modem Filter) - c:\windows\system32\drivers\w810mdfl.sys (file missing)

S3 w810mdm (Sony Ericsson W810 USB WMC Modem Driver) - c:\windows\system32\drivers\w810mdm.sys (file missing)

S3 w810mgmt (Sony Ericsson W810 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\w810mgmt.sys (file missing)

S3 w810obex (Sony Ericsson W810 USB WMC OBEX Interface) - c:\windows\system32\drivers\w810obex.sys (file missing)

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
 
 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
 

R2 AcerMemUsageCheckService (Memory Check Service) - c:\acer\empowering technology\eperformance\memcheck.exe <Not Verified; Acer Inc.; >

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - c:\programme\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>
 

S3 Boonty Games - "c:\programme\gemeinsame dateien\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>
 
 

-- Device Manager: Disabled ----------------------------------------------------
 

No disabled devices found.
 
 

-- Files created between 2008-07-05 and 2008-08-05 -----------------------------
 

2008-08-04 23:09:36         0 d-------- C:\Programme\Trend Micro

2008-07-30 21:52:46         0 d-------- C:\Programme\InternetGameBox

2008-07-16 21:08:53         0 d-------- C:\Programme\Absolutist.com

2008-07-07 15:39:06         0 d-------- C:\Programme\Microsoft Works

2008-07-07 15:38:46         0 d-------- C:\Programme\MSBuild

2008-07-07 15:36:49         0 d-------- C:\Programme\Microsoft.NET

2008-07-07 15:29:17         0 d-------- C:\Programme\Microsoft Visual Studio 8

2008-07-07 15:22:03         0 dr-h----- C:\MSOCache
 
 

-- Find3M Report ---------------------------------------------------------------
 

2008-07-07 16:07:00     93912 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
 
 

-- Registry Dump ---------------------------------------------------------------
 

*Note* empty entries & legit default entries are not shown
 
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

04.10.2007 22:06        1135968        --a------        C:\Programme\Winamp Toolbar\winamptb.dll
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programme\Winamp Toolbar\winamptb.dll [04.10.2007 22:06 1135968]
 

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05.08.2005 13:34]

"LaunchApp"="" []

"AzMixerSel"="C:\Programme\Realtek\InstallShield\AzMixerSel.exe" [14.04.2006 22:35]

"ntiMUI"="C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [11.05.2005 17:15]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [31.03.2006 16:39]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10.08.2004 20:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [10.08.2004 20:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10.08.2004 20:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10.08.2004 20:00]

"RTHDCPL"="RTHDCPL.EXE" [27.06.2006 23:54 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [16.05.2006 03:04 C:\WINDOWS\SkyTel.exe]

"Alcmtr"="ALCMTR.EXE" [03.05.2005 03:43 C:\WINDOWS\Alcmtr.exe]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [30.05.2006 12:11]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [15.03.2006 22:12]

"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [03.03.2006 13:07]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [23.06.2006 06:59]

"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [10.05.2006 11:12]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [01.06.2006 14:40]

"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [17.07.2008 23:37]

"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]

"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd.exe" [04.08.2003 17:28]

"HP Component Manager"="C:\Programme\HP\hpcoretech\hpcmpmgr.exe" [22.12.2003 08:38]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

"WinampAgent"="C:\Programme\Winamp\winampa.exe" [10.10.2007 07:28]

"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]

"vspdfprsrv.exe"="C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe" [04.05.2006 06:58]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]

"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 00:47]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [10.08.2004 20:00]

"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 11:34]

"Mobipocket Reader Notifications"="C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe" [20.06.2006 16:54]

"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [21.03.2007 17:22]

"updateMgr"="c:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

"aocpdxl"="c:\dokumente und einstellungen\carpe diem\lokale einstellungen\anwendungsdaten\aocpdxl.exe" [30.07.2008 21:52]
 

C:\Dokumente und Einstellungen\Carpe Diem\Startmen\Programme\Autostart\

Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [29.09.2002 15:41:00]

Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [21.02.2005 15:56:00]
 

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [27.03.2006 11:37:58]

HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [16.09.2003 05:19:24]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
 
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43831f6a-7c0e-11db-b7ca-00038a000015}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43831f6b-7c0e-11db-b7ca-00038a000015}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58c930ab-729e-11db-b7b6-00038a000015}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88c20de0-f467-11dc-b9fa-0016cf996df0}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
 
 
 
 

-- End of Deckard's System Scanner: finished at 2008-08-05 20:18:33 ------------

hier der extra.txt von DSS: (teil 1, alles passt nicht rein)

Code:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------
 

-- System Information ----------------------------------------------------------
 

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: German
 

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-50

CPU 1: AMD Turion(tm) 64 X2 Mobile Technology TL-50

Percentage of Memory in Use: 44%

Physical Memory (total/avail): 894.1 MiB / 494.73 MiB

Pagefile Memory (total/avail): 2166.48 MiB / 1591.68 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1926.91 MiB
 

C: is Fixed (FAT32) - 53.2 GiB total, 21.8 GiB free. 

D: is Fixed (FAT32) - 53.69 GiB total, 33.61 GiB free. 

E: is CDROM (No Media)
 

\\.\PHYSICALDRIVE0 - Hitachi HTS541212H9AT00 - 111.79 GiB - 3 partitions

  \PARTITION0 - Unknown - 4.88 GiB

  \PARTITION1 (bootable) - Unknown - 53.21 GiB - C:

  \PARTITION2 - Unknown - 53.7 GiB - D:
 
 
 

-- Security Center -------------------------------------------------------------
 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.
 

FirstRunDisabled is set.
 

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v 6.38.1.64

 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v 6.38.1.47

 (Avira GmbH) Disabled

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v 6.38.1.72

 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v 6.38.1.72

 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v 6.38.1.65

 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"="C:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"

"C:\\Programme\\BitComet\\BitComet.exe"="C:\\Programme\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Programme\\Opera\\Opera.exe"="C:\\Programme\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"

"C:\\Programme\\RadLight Company\\RadLight 4.0\\RLKERNEL.EXE"="C:\\Programme\\RadLight Company\\RadLight 4.0\\RLKERNEL.EXE:*:Enabled:Kernel Executable"

"C:\\Programme\\Morpheus\\Morpheus.exe"="C:\\Programme\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"

"C:\\Programme\\Mozilla Firefox\\firefox.exe"="C:\\Programme\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Programme\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Programme\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"

"C:\\WINDOWS\\System32\\mshta.exe"="C:\\WINDOWS\\System32\\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"

"C:\\Programme\\Java\\jre1.6.0_02\\BIN\\javaw.exe"="C:\\Programme\\Java\\jre1.6.0_02\\BIN\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"C:\\Programme\\Winamp Remote\\bin\\Orb.exe"="C:\\Programme\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"

"C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"

"C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Programme\\Microsoft Office\\Office12\\groove.exe"="C:\\Programme\\Microsoft Office\\Office12\\groove.exe:*:Enabled:Microsoft Office Groove"

"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
 
 

-- Environment Variables -------------------------------------------------------
 

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users

APPDATA=C:\Dokumente und Einstellungen\Carpe Diem\Anwendungsdaten

COLLECTIONID=COL7300

CommonProgramFiles=C:\Programme\Gemeinsame Dateien

COMPUTERNAME=CARPE_DIEM

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet

HOMEDRIVE=C:

HOMEPATH=\Dokumente und Einstellungen\Carpe Diem

ITEMID=oj-21919-1

LANG=1031

LOGONSERVER=\\CARPE_DIEM

NewEnvironment1=C:\Programme\ATI Technologies\ATI.ACE\

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

OSVER=winXPP

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\PROGRA~1\GEMEIN~1\MUVEET~1\030625

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=4802

ProgramFiles=C:\Programme

PROMPT=$P$G

SESSIONID=1189038012480htx6056.cce.hp.com10daf7:114d8308d9e:-4f93

SESSIONNAME=Console

SWUTVER=1.0.22.20030804

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOKUME~1\CARPED~1\LOKALE~1\Temp

TIMEOUT=0

TMP=C:\DOKUME~1\CARPED~1\LOKALE~1\Temp

TOOLPATH=/C:/Programme/HP/HP%20Software%20Update/install.htm

UPDATEDIR=C:\DOKUME~1\CARPED~1\LOKALE~1\Temp\rad124C4.tmp

USERDOMAIN=CARPE_DIEM

USERNAME=Carpe Diem

USERPROFILE=C:\Dokumente und Einstellungen\Carpe Diem

VERSION=2.1.5

windir=C:\WINDOWS

teil 2:

Code:

-- User Profiles ---------------------------------------------------------------
 

Carpe Diem (admin)

Administrator (admin)
 
 

-- Add/Remove Programs ---------------------------------------------------------
 

 --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

 --> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER

 --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\Acer Inc.\Acer German GUIDE LINK\Uninst.isu"

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Acer Empowering Technology --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x7  -removeonly

Acer ePerformance Management --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x7  -removeonly

Acer ePower Management --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x7 

Acer ePresentation Management --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x7 

Acer eSettings Management --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x7  -removeonly

Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI

Acer OrbiCam --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\Setup.EXE" -l0x7 

Acer Screensaver --> MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Reader 8.1.2 Security Update 1 (KB403742) --> 

Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG

ATI - Dienstprogramm zur Deinstallation der Software --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center --> MsiExec.exe /I{14C8B4D9-E917-4319-83E0-5A42EC6CBB7D}

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}

ATI Parental Control & Encoder --> MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}

Avira AntiVir Personal - Free Antivirus --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Canon PIXMA iP2000 --> C:\WINDOWS\system32\CNMCP66.exe "-PRINTERNAMECanon PIXMA iP2000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP2000 Installer\Inst2\cnmi0407.dll"

DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Programme\DivX\ConverterUninstall.exe /CONVERTER

eXPert PDF 4 --> MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}

Favorit --> "c:\dokumente und einstellungen\carpe diem\lokale einstellungen\anwendungsdaten\aocpdxl.exe" -uninstall

Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x7  -removeonly

Google Video Player --> "C:\Programme\Google\Google Video Player\Uninstall.exe"

High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix für Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"

Hotfix für Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

teil 3:

Code:

HP Image Zone 3.5 --> C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & OfficeJet 3.5 --> "C:\Programme\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat

HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}

ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE

InternetGameBox --> C:\Programme\InternetGameBox\uninst.exe

J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext

Java Web Start --> "C:\Programme\Java\jre1.5.0_10\bin\uninst-javaws.exe"

Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

K-Lite Codec Pack 3.9.0 Full --> "C:\Programme\K-Lite Codec Pack\unins000.exe"

Launch Manager --> C:\WINDOWS\UnInst32.exe LManager.UNI

Learn2 Player (Uninstall Only) --> C:\Programme\Learn2.com\StRunner\stuninst.exe

LimeWire 4.18.3 --> "C:\Programme\LimeWire\uninstall.exe"

Messenger Plus! Live --> "C:\Programme\Messenger Plus! Live\Uninstall.exe"

MessengerDiscovery Live 1.3.0322 --> "C:\Programme\MessengerDiscovery\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}

Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}

Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}

Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}

Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}

Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}

Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}

Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mobipocket Reader 5.2 --> MsiExec.exe /I{20370E2E-E19B-4D8D-A6D4-81C1D268F6EA}

Mozilla Firefox (3.0.1) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe

MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Nero Suite --> C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""

NTI Backup NOW! 4 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1031 BUN4

NTI CD & DVD-Maker --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1031 CDM7

Otto --> "C:\Programme\GermanOtto\uninstallotto.exe"

Pack Vista Inspirat 1.1 --> C:\WINDOWS\BricoPacks\Vista Inspirat\Remove.exe

PartyPokerNet --> "C:\Programme\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Programme\PartyGaming.Net\PartyPokerNet\install.log"

PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE"  -uninstall

PowerProducer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall

RadLight 4.0 FINAL --> C:\Programme\RadLight Company\RadLight 4.0\uninst.exe

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x7  -removeonly

Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}

Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}

Sentinel System Driver 5.41.1 (32-bit) --> MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}

Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

SMSC IrCC V5.1.3600.7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x7 UNINSTALL

Soft Data Fax Modem with SmartCP --> C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F\HXFSETUP.EXE -U -IAcrS09Fp.inf

Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}

Synaptics Pointing Device Driver --> rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TRADOS 6 Freelance --> MsiExec.exe /I{0DBF4004-C60A-446E-B253-ABB596B5FC76}

TRADOS MultiTerm Workstation --> MsiExec.exe /I{A22E5FDF-3317-4AE4-8D40-569C0E93C1E1}

Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Update für Windows XP (KB912945) --> "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"

Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Update für Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"

Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}

Update Rollup 2 für Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe

Viewpoint Media Player (Remove Only) --> C:\Programme\Viewpoint\Viewpoint Experience Technology\\mtsAxInstaller.exe /u

Winamp --> "C:\Programme\Winamp\UninstWA.exe"

Winamp Toolbar --> "C:\Programme\Winamp Toolbar\uninstall.exe"

Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPINST.EXE /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_46A23DA005A38EDACA9A5DA30EC2FEBF00D83D18\amdk8.inf

Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}

Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP-Hotfix - KB885855 --> C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe

Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP-Hotfix - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe

Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Windows XP-Hotfix - KB895961 --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"

WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe

WinZip --> "C:\Programme\WinZip\WINZIP32.EXE" /uninstall

XviD Media Codec 1.0.2 --> C:\Programme\XviD\uninst.exe
 
 

-- Application Event Log -------------------------------------------------------
 

Event Record #/Type18144 / Error

Event Submitted/Written: 08/05/2008 08:03:41 PM

Event ID/Source: 2004 / PerfNet

Event Description:

Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Event Record #/Type18142 / Error

Event Submitted/Written: 08/05/2008 08:03:40 PM

Event ID/Source: 2004 / PerfNet

Event Description:

Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Event Record #/Type18132 / Error

Event Submitted/Written: 08/05/2008 10:43:14 AM

Event ID/Source: 2004 / PerfNet

Event Description:

Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Event Record #/Type18130 / Error

Event Submitted/Written: 08/05/2008 10:43:07 AM

Event ID/Source: 2004 / PerfNet

Event Description:

Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 

Event Record #/Type18124 / Error

Event Submitted/Written: 08/04/2008 09:33:23 PM

Event ID/Source: 2004 / PerfNet

Event Description:

Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen

werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.-- Security Event Log ----------------------------------------------------------
 

No Errors/Warnings found.
 
 

-- System Event Log ------------------------------------------------------------
 

Event Record #/Type35996 / Error

Event Submitted/Written: 08/05/2008 08:04:02 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Der Dienst "eLock2FSCTLDriver" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Event Record #/Type35995 / Error

Event Submitted/Written: 08/05/2008 08:04:02 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Der Dienst "eLock2BurnerLockDriver" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Event Record #/Type35993 / Warning

Event Submitted/Written: 08/05/2008 08:03:22 PM

Event ID/Source: 1003 / Dhcp

Event Description:

Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die

Netzwerkkarte mit der Netzwerkadresse 0016CF996DF0 zugeteilt wurde, nicht erneuern. Der

folgende Fehler ist aufgetreten: 

%%1223.

Es wird weiterhin im Hintergrund versucht, eine Adresse vom

Netzwerkadressserver (DHCP) zu erhalten.
 

Event Record #/Type35988 / Warning

Event Submitted/Written: 08/05/2008 11:08:34 AM

Event ID/Source: 240 / Win32k

Event Description:

Eine Anforderung für den Standbymodus wurde von WINLOGON.EXE abgelehnt.
 

Event Record #/Type35963 / Error

Event Submitted/Written: 08/05/2008 10:43:40 AM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Der Dienst "eLock2FSCTLDriver" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 
 
 

-- End of Deckard's System Scanner: finished at 2008-08-05 20:18:33 ------------

und hier der report von malware:

Code:

Malwarebytes' Anti-Malware 1.24

Datenbank Version: 1027

Windows 5.1.2600 Service Pack 2
 

21:06:25 05.08.2008

mbam-log-8-5-2008 (21-06-25).txt
 

Scan-Methode: Vollständiger Scan (C:\|D:\|)

Durchsuchte Objekte: 139819

Laufzeit: 39 minute(s), 35 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 4

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 4

Infizierte Dateien: 10
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

C:\Programme\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

C:\Programme\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Programme\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.

vielen dank im voraus

Ich seh dort außer der schon von mir erwähnten Datei nichts mehr. Ich würde sie an Deiner stelle auch löschen. Malwarebytes hat ja auch noch einige Objekte gefunden und entfernt.

Werden die Werbeseiten immer noch angezeigt?

Um die Werbung auf ein Minimum zu reduzieren, solltest Du Dir mal die Erweiterungen Adblock+ und Noscript für Mozilla installieren.

Ich finde Du übertreibst es auch ganz schön mit P2P-Software. Was ich da alles gesehen hab.... Limewire, BitComet, eMule etc pp - sei Dir bewußt daß die dort zu ladenden Programme/Warez/Crackz fast immer mit Malware verseucht sind. Also besser sein lassen. :kloppen:

also von den ps2 softwares hab ich ja nur limewire, die anderen hab ich schon längst gelöscht.

gut dann lösche ich auch die datei die du mir gesagt.

die werbung ist weniger geworen adblock hab ich schon werde das andere auch installieren. ich bedanke mich nochmals