Trojaner-Board - bitte um kontrolle meienr log glaube ich hab nen virus

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - bitte um kontrolle meienr log glaube ich hab nen virus (https://www.trojaner-board.de/75760-bitte-um-kontrolle-meienr-log-glaube-hab-nen-virus.html)

bitte um kontrolle meienr log glaube ich hab nen virus

Könnt ihr mal bitte meine log überprüfen? ich glaueb ich hab nen virus mein Firefoxx macht immer misteriöse seiten auf,...
und am Anfang bekomm ich auch immer 2 Fehlermeldungen,...
Bitte hilft mir,.

Hier is meine hijackthis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:54, on 25.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Avira\AntiVir Desktop\avguard.exe
D:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\ICQ6Toolbar\ICQ Service.exe
D:\Programme\Java\jre6\bin\jqs.exe
D:\Programme\Maxtor\Sync\SyncServices.exe
C:\Programme\Winamp\winampa.exe
D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\PixArt\PAC207\Monitor.exe
D:\WINDOWS\system32\rundll32.exe
D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Programme\SweetIM\Messenger\SweetIM.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programme\Java\jre6\bin\jusched.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
D:\Programme\Analog Devices\SoundMAX\SMax4.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Programme\Analog Devices\Core\smax4pnp.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\WINDOWS\tsnpstd3.exe
D:\WINDOWS\vsnpstd3.exe
D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe
D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools\daemon.exe
D:\Programme\Picasa2\PicasaMediaDetector.exe
D:\WINDOWS\system32\advhost.exe
D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\Programme\Messenger\msmsgs.exe
C:\Programme\MSI\BToes Bluetooth Software\BTTray.exe
D:\WINDOWS\system32\advhost.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - D:\WINDOWS\system32\msjava32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] D:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SweetIM] D:\Programme\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "D:\Programme\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [mxomssmenu] "D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdminHpr] RUNDLL32.EXE D:\WINDOWS\system32\odbc_inc.dll,i
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE D:\WINDOWS\system32\AdminLp.dll,Install
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_de/?url=
O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_de/?url=
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\adlaunch32.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Programme\Maxtor\Sync\SyncServices.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12845 bytes

Hallo

ich habe soebend mal den HiJackThis poest ausgewertet und volgendes muss! gefixt werden!!

D:\WINDOWS\system32\advhost.exe

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file)

O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - D:\WINDOWS\system32\msjava32.dll

O4 - HKLM\..\Run: [Monitor] D:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Policies\Explorer\Run: []

O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_de/?url=

O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_de/?url=

O20 - AppInit_DLLs: D:\WINDOWS\system32\adlaunch32.dll

WOW ganz schön viel naja

bitte guck mal in dein postfach nach e-mails die du nicht kennst oder du denkst das sie schädlich sind und lösche sie raus
(vorallem die einen anhang haben)

Cool danke hab das mal über hijackthis gemacht hoffe es hat geklappt,...
kann mal einer schaeun ob das so jetzt richtig ist? wäre super lieb,...

öhm was mach ich mit der Datei:

D:\WINDOWS\system32\advhost.exe

also das problem mit dem firefox besteht immernoch,...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:30, on 25.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Avira\AntiVir Desktop\avguard.exe
D:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\ICQ6Toolbar\ICQ Service.exe
D:\Programme\Java\jre6\bin\jqs.exe
D:\Programme\Maxtor\Sync\SyncServices.exe
C:\Programme\Winamp\winampa.exe
D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Programme\SweetIM\Messenger\SweetIM.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programme\Java\jre6\bin\jusched.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
D:\Programme\Analog Devices\SoundMAX\SMax4.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Programme\Analog Devices\Core\smax4pnp.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\WINDOWS\tsnpstd3.exe
D:\WINDOWS\vsnpstd3.exe
D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe
D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools\daemon.exe
D:\Programme\Picasa2\PicasaMediaDetector.exe
D:\WINDOWS\system32\advhost.exe
D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\Programme\Messenger\msmsgs.exe
C:\Programme\MSI\BToes Bluetooth Software\BTTray.exe
D:\WINDOWS\system32\advhost.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Programme\Ask.com\Supertoolbar\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SweetIM] D:\Programme\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "D:\Programme\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [mxomssmenu] "D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdminHpr] RUNDLL32.EXE D:\WINDOWS\system32\odbc_inc.dll,i
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE D:\WINDOWS\system32\AdminLp.dll,Install
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Programme\Maxtor\Sync\SyncServices.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 12234 bytes

ist das nur bei firefox oder auch bei anderen?

ok diese fixen :

D:\WINDOWS\system32\advhost.exe

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

und dann firefox deinstallieren und noch einmal neu installieren

ne nur firefox öffnet sich immer mit solchen seiten

wie fix ich die? D:\WINDOWS\system32\advhost.exe

oh sorry probiere die mal zu löschen

hmm ich kann sie nicht löschen,...sie ist aber auch nciht schreibgeschützt?

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Programme\Ask.com\Supertoolbar\GenericAskToolba r.dll

bitte deinstalieren:
Ask Toolbar

fixen

und

Hallo und :hallo:

Bitte höre nicht mehr auf Kauchris. Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

hab die datei deinstalliert
und nun?

und das Problem mit firefox besteht weiterhin

1.) Mit CCleaner bereinigen.

2.) Malwarebytes laufenlassen und das Log posten.

3.) Beide Logs von RSIT posten.

ciao, andreas

malwarebytes :

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2501
Windows 5.1.2600 Service Pack 2

25.07.2009 23:34:01
mbam-log-2009-07-25 (23-34-01).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 84567
Laufzeit: 2 minute(s), 37 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Rsit: Kam nur eine log,...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Beat06 at 2009-07-25 23:37:03
Microsoft Windows XP Professional Service Pack 2
System drive D: has 103 GB (44%) free of 232 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:04, on 25.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\ICQ6Toolbar\ICQ Service.exe
D:\Programme\Java\jre6\bin\jqs.exe
D:\Programme\Maxtor\Sync\SyncServices.exe
D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Winamp\winampa.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Programme\SweetIM\Messenger\SweetIM.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
D:\Programme\Java\jre6\bin\jusched.exe
D:\Programme\Analog Devices\SoundMAX\SMax4.exe
D:\Programme\Analog Devices\Core\smax4pnp.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\WINDOWS\tsnpstd3.exe
D:\WINDOWS\vsnpstd3.exe
D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe
D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools\daemon.exe
D:\Programme\Picasa2\PicasaMediaDetector.exe
D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\Programme\Messenger\msmsgs.exe
C:\Programme\MSI\BToes Bluetooth Software\BTTray.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
D:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\Dokumente und Einstellungen\Beat06\Desktop\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Beat06.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=v8notr
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Programme\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SweetIM] D:\Programme\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "D:\Programme\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [mxomssmenu] "D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdminHpr] RUNDLL32.EXE D:\WINDOWS\system32\odbc_inc.dll,i
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE D:\WINDOWS\system32\AdminLp.dll,Install
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_de/?url=
O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_de/?url=
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Programme\Maxtor\Sync\SyncServices.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11928 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\1-Klick-Wartung.job
D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - D:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-15 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - D:\Programme\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - D:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - D:\Programme\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-11-06 8523776]
"nwiz"=nwiz.exe /install []
"WinSys2"=D:\WINDOWS\system32\winsys2.exe [2006-04-29 208896]
"FreePDF Assistant"=D:\Programme\FreePDF_XP\fpassist.exe [2007-06-26 312320]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2006-09-18 29696]
"LanguageShortcut"=C:\Programme\CyberLink\PowerDVD\Language\Language.exe [2006-09-29 49152]
"WinampAgent"=C:\Programme\Winamp\winampa.exe [2007-10-10 36352]
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2007-11-06 81920]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Sony Ericsson PC Suite"=D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"SweetIM"=D:\Programme\SweetIM\Messenger\SweetIM.exe [2009-02-15 111928]
"JMB36X IDE Setup"=D:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=D:\WINDOWS\system32\JMRaidSetup.exe [2006-11-16 1953792]
"SunJavaUpdateSched"=D:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"SoundMAX"=D:\Programme\Analog Devices\SoundMAX\SMax4.exe [2006-07-13 729088]
"SoundMAXPnP"=D:\Programme\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"tsnpstd3"=D:\WINDOWS\tsnpstd3.exe [2006-08-21 114688]
"snpstd3"=D:\WINDOWS\vsnpstd3.exe [2006-09-19 827392]
"mxomssmenu"=D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"GrooveMonitor"=D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AdminHpr"=D:\WINDOWS\system32\odbc_inc.dll,i []
"WindowAdmin"=D:\WINDOWS\system32\AdminLp.dll,Install []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"DAEMON Tools"=C:\Programme\DAEMON Tools\daemon.exe [2007-09-18 171464]
"Picasa Media Detector"=D:\Programme\Picasa2\PicasaMediaDetector.exe [2008-08-21 443968]
"Sony Ericsson PC Suite"=D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]
"MSMSGS"=D:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]
"swg"=D:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-20 68856]

D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
BTTray.lnk - C:\Programme\MSI\BToes Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=D:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Programme\Vuze\Azureus.exe"="D:\Programme\Vuze\Azureus.exe:*:Enabled:Vuze"
"D:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="D:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\Programme\MSN Messenger\livecall.exe"="D:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Programme\Microsoft Office\Office12\GROOVE.EXE"="D:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="D:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Games\bin\H5_Game.exe"="C:\Games\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"D:\Programme\Electronic Arts\EADM\Core.exe"="D:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"D:\Programme\Windows Live\Messenger\wlcsdk.exe"="D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Programme\Windows Live\Messenger\msnmsgr.exe"="D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Programme\Trillian\trillian.exe"="D:\Programme\Trillian\trillian.exe:*:Enabled:Trillian"
"D:\Programme\LimeWire\LimeWire.exe"="D:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="D:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\Programme\MSN Messenger\livecall.exe"="D:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Programme\Windows Live\Messenger\wlcsdk.exe"="D:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Programme\Windows Live\Messenger\msnmsgr.exe"="D:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3155c00b-ce9c-11dd-b696-806d6172696f}]
shell\AutoRun\command - E:\Setup.exe

======List of files/folders created in the last 1 months======

2009-07-25 23:27:25 ----D---- D:\Programme\CCleaner
2009-07-25 23:25:45 ----D---- D:\rsit
2009-07-25 23:19:58 ----A---- D:\kcfzyns.txt
2009-07-25 23:12:13 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\Malwarebytes
2009-07-25 23:12:08 ----D---- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-25 23:12:07 ----D---- D:\Programme\Malwarebytes' Anti-Malware
2009-07-22 21:57:40 ----A---- D:\WINDOWS\system32\sgg0404b.dll
2009-07-22 10:56:22 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\gtk-2.0
2009-07-22 10:39:25 ----D---- D:\Programme\GIMP-2.0
2009-07-16 14:24:32 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\LimeWire
2009-07-16 14:24:14 ----D---- D:\Programme\LimeWire
2009-07-16 01:56:30 ----HDC---- D:\WINDOWS\$NtUninstallKB973346$
2009-07-16 01:56:27 ----HDC---- D:\WINDOWS\$NtUninstallKB971633$
2009-07-16 01:54:44 ----HDC---- D:\WINDOWS\$NtUninstallKB961371$
2009-07-13 17:57:22 ----D---- D:\Programme\EA Games
2009-07-08 03:59:13 ----D---- D:\Programme\Karaoke Camstar
2009-07-08 03:00:26 ----HDC---- D:\WINDOWS\$NtUninstallKB961503$
2009-07-06 20:46:35 ----D---- D:\Programme\Ask.com
2009-07-06 20:46:22 ----D---- D:\Programme\The Weather Channel FW
2009-07-06 20:45:05 ----D---- D:\Programme\Trillian
2009-07-06 19:44:23 ----D---- D:\Programme\Microsoft Office Outlook Connector
2009-07-06 18:31:37 ----D---- D:\Programme\Microsoft Sync Framework
2009-07-06 18:31:05 ----D---- D:\Programme\Microsoft SQL Server Compact Edition
2009-07-02 20:18:01 ----D---- D:\Programme\zoneLINK

======List of files/folders modified in the last 1 months======

2009-07-25 23:36:56 ----A---- D:\WINDOWS\NeroDigital.ini
2009-07-25 23:30:14 ----D---- D:\WINDOWS\Debug
2009-07-25 23:30:14 ----D---- D:\WINDOWS
2009-07-25 23:27:41 ----D---- D:\WINDOWS\Prefetch
2009-07-25 23:27:25 ----RD---- D:\Programme
2009-07-25 23:22:47 ----D---- D:\WINDOWS\Temp
2009-07-25 23:22:02 ----SD---- D:\WINDOWS\Tasks
2009-07-25 23:21:49 ----N---- D:\WINDOWS\SchedLgU.Txt
2009-07-25 23:21:48 ----D---- D:\WINDOWS\system32\CatRoot2
2009-07-25 23:21:37 ----D---- D:\WINDOWS\system32
2009-07-25 23:19:58 ----D---- D:\WINDOWS\system32\drivers
2009-07-25 23:07:04 ----SHD---- D:\WINDOWS\Installer
2009-07-25 14:32:16 ----D---- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2009-07-25 03:52:51 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\Skype
2009-07-25 03:44:22 ----SD---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\Microsoft
2009-07-25 03:40:17 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\teamspeak2
2009-07-24 17:47:47 ----A---- D:\WINDOWS\win.ini
2009-07-23 20:27:43 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\ICQ
2009-07-22 14:30:16 ----D---- D:\Programme\Microsoft Silverlight
2009-07-21 15:17:52 ----D---- D:\Wichtig
2009-07-21 15:16:19 ----D---- D:\Filme
2009-07-21 03:21:50 ----D---- D:\Games
2009-07-19 20:43:22 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\DivX
2009-07-16 14:17:46 ----HD---- D:\WINDOWS\inf
2009-07-16 01:56:30 ----HD---- D:\WINDOWS\$hf_mig$
2009-07-16 01:56:28 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-07-16 01:56:20 ----D---- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-07-13 20:47:10 ----D---- D:\Dokumente und Einstellungen\Beat06\Anwendungsdaten\Adobe
2009-07-13 19:11:54 ----HD---- D:\Programme\InstallShield Installation Information
2009-07-13 19:11:32 ----D---- D:\Programme\Electronic Arts
2009-07-08 03:59:13 ----D---- D:\WINDOWS\WinSxS
2009-07-07 17:10:56 ----A---- D:\WINDOWS\system32\MRT.exe
2009-07-07 11:47:41 ----D---- D:\WINDOWS\Microsoft.NET
2009-07-07 11:47:27 ----RSD---- D:\WINDOWS\assembly
2009-07-06 19:44:24 ----D---- D:\Programme\Gemeinsame Dateien\System
2009-07-06 19:13:10 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-07-06 18:31:59 ----DC---- D:\WINDOWS\system32\DRVSTORE
2009-07-06 18:31:59 ----D---- D:\Programme\Windows Live
2009-07-06 18:31:31 ----SD---- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-07-06 18:31:12 ----D---- D:\WINDOWS\system32\DirectX
2009-07-06 18:29:31 ----D---- D:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-07-06 17:05:57 ----D---- D:\Programme\Google
2009-06-28 19:25:45 ----A---- D:\WINDOWS\LEXSTAT.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520]
R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 kbdhid;Tastatur-HID-Treiber; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; D:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-09-11 110592]
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-04-27 55640]
R2 BTSERIAL;Bluetooth Serial Driver; \??\D:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\D:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 fssfltr;FssFltr; D:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; D:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;1394-ARP-Clientprotokoll; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BridgeMP;MAC-Brückenminiport; D:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-03 71552]
R3 BTKRNL;Bluetooth-Bus-Enumerator; D:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-03-29 1340698]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class-Treiber; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Maus-HID-Treiber; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; D:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394-Netzwerktreiber; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-06 7429088]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; D:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 PAC207;Trust WB-1400T Webcam; D:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
R3 SenFiltService;SenFilt Service; D:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); D:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; D:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 aww1eddn;aww1eddn; D:\WINDOWS\system32\drivers\aww1eddn.sys []
S3 Bridge;MAC-Brücke; D:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 btaudio;Bluetooth-Audiogerät; D:\WINDOWS\system32\drivers\btaudio.sys [2005-03-29 400256]
S3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; D:\WINDOWS\system32\DRIVERS\btport.sys [2005-03-29 30299]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; D:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth-Gerät (PAN); D:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth-Porttreiber; D:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; D:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; D:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-03-29 148040]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys [2005-03-29 55448]
S3 CCDECODE;Untertiteldecoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; D:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI-Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); D:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); D:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA-IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Microsoft USB-Druckerklasse; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB-Massenspeichertreiber; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w200bus;Sony Ericsson W200 driver (WDM); D:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; D:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; D:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); D:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; D:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WSTCODEC;World Standard Teletext-Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089]
R2 BthServ;Bluetooth Support Service; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 btwdins;Bluetooth Service; C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe [2005-03-29 254007]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]
R2 ForcewareWebInterface;Forceware Web Interface; D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]
R2 ICQ Service;ICQ Service; D:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; D:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LexBceS;LexBce Server; D:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 Maxtor Sync Service;Maxtor Service; D:\Programme\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 NMSAccessU;NMSAccessU; D:\Programme\Gemeinsame Dateien\NMSAccessU.exe [2007-01-25 65536]
R2 nSvcIp;ForceWare IP service; D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]
R2 nSvcLog;ForceWare user log service; D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2007-11-06 155716]
R2 SeaPort;SeaPort; D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 UxTuneUp;TuneUp Designerweiterung; D:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WSearch;Windows Search; D:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 gupdate;Google Update Service (gupdate); D:\Programme\Google\Update\GoogleUpdate.exe [2009-07-06 133104]
S2 gusvc;Google Software Updater; D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 fsssvc;Windows Live Family Safety; D:\Programme\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlus(R) Helper;getPlus(R) Helper; D:\Programme\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 IDriverT;InstallDriver Table Manager; D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; D:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Start => Ausführen => c:\rsit\info.txt => OK

Kompletten Text hier posten.

ciao, andreas

c:\rsit bezieht sich auf einen Pfad, der nicht verfügbar ist. Dieser kann auf einer Festplatte dieses Computers oder im netzwerk sein. Stellen sie sicher, dass der Datenträger korrekt eingelegt ist, bzw. dass eine Verbindung mit dem Internet oder dem eigenen Netzwerk besteht und wiederholen sie den Vorgang. Es kann sien, dass die Informationen in einen anderen Pfad verschoben wurden, wenn der Pfad weiterhin nicht ermittelt werden kann.

kommt wenn ich das mache

Mein Fehler, richtig ist:

Start => Ausführen => d:\rsit\info.txt => OK

sorry, andreas

info.txt logfile of random's system information tool 1.06 2009-07-25 23:25:53

======Uninstall list======

-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->D:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{9455959E-D588-EFAE-329C-F66CC797F32A}
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Avanquest update-->"D:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0007 -removeonly
Avira AntiVir Personal - Free Antivirus-->D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AVS Update Manager 1.0-->"D:\Programme\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Converter 6-->"D:\Programme\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"D:\Programme\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DivX Codec-->D:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->D:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dm Fotowelt-->"D:\Programme\dm\dm Fotowelt\uninstall.exe"
Electronic Arts Product Registration-->D:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D7D50E0C-27DD-4999-BC05-E026B580F93A} /l1031
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Fraps-->"D:\Fraps\uninstall.exe"
FreePDF XP (Remove only)-->D:\Programme\FreePDF_XP\fpsetup.exe /r
FreeRIP v3.04-->"C:\Programme\FreeRIP3\unins000.exe"
GIMP 2.6.6-->"D:\Programme\GIMP-2.0\setup\unins000.exe"
Google Earth Plugin-->MsiExec.exe /I{B535B621-5559-11DE-A7A1-005056806466}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"D:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
Harry Potter II-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe" -l0x7 Uninstall
Harry Potter TM-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x7 Uninstall
Heroes of Might and Magic V Collector Edition-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}\setup.exe" -l0x7
High Definition Audio Driver Package - KB888111-->D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"D:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"D:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"D:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperCam 2-->D:\Programme\HyCam2\UnHyCam2.exe
ICQ Toolbar-->D:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"D:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Img2Html (uninstall)-->D:\Programme\Img2Html\uninst\unins000.exe
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
JMB36X Raid Configurer-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x7 -removeonly
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Karaoke Camstar Recorder-->MsiExec.exe /I{39242933-7FCC-41D2-AA0F-E4CC4052860D}
Lexmark Z600 Series-->D:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
LimeWire 5.1.4-->"D:\Programme\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor Manager-->"D:\Programme\InstallShield Installation Information\{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}\setup.exe" -runfromtemp -l0x0407 -removeonly
Maxtor Manager-->MsiExec.exe /I{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.12)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
myGamersCam 1.2-->D:\Programme\myGamersCam\uninst.exe
Nero 8 Micro 8.1.1.0-->"C:\Programme\Nero\unins000.exe"
Numedia CD-DVD writing as non-admin user-->MsiExec.exe /X{94056AE8-EF0F-45E4-A1B4-D754115F8A28}
NVIDIA Drivers-->D:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->D:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1031
PC Inspector File Recovery-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
Picasa 2-->"D:\Programme\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Recuva (remove only)-->"D:\Programme\Recuva\uninst.exe"
RedMon - Redirection Port Monitor-->D:\WINDOWS\system32\unredmon.exe
save2pc Pro Demo 3.51-->"C:\Programme\FDRLab\save2pc\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Windows Search 4 - KB963093-->"D:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Windows Media Encoder (KB954156)-->"D:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"D:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"D:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"D:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"D:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"D:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"D:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"D:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"D:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"D:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"D:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"D:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"D:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"D:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"D:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"D:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Ericsson PC Suite 4.010.00-->D:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0007 -removeonly
Sony Ericsson PC Suite-->MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
SoundMAX-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x7 -removeonly
SPORE™-->"D:\Programme\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly
StepMania (remove only)-->"C:\Programme\StepMania\uninstall.exe"
STOIK Video Converter 2-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{A8DF8593-F619-47DE-AD27-BCABF233433A}\setup.exe" -l0x9 -removeonly
StudioLine Photo Basic-->C:\Programme\StudioLine Photo Basic\SLUninst.exe
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->D:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SweetIM for Messenger 2.6-->MsiExec.exe /X{C359507C-30B1-48A6-BD9B-C7B1CC3B06D7}
TeamSpeak 2 RC2-->C:\Teamspeak2_RC2\unins000.exe
The Weather Channel Desktop 6-->D:\Programme\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Trillian-->D:\Programme\Trillian\trillian.exe /uninstall
Trust WB-1400T Webcam-->D:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{30837A37-8F9F-4817-8B52-C501B67DC3BE} /l1031
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Office 2007 (KB934391)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update für Windows XP (KB898461)-->"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB925720)-->"D:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"D:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB PC Camera-168-->RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Programme\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VDownloader 0.76-->"C:\Programme\VDOWNLOADER\unins000.exe"
Wichtiges Update für Windows Media Player 11 (KB959772)-->"D:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Imaging Component-->"D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->D:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Family Safety-->MsiExec.exe /X{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"D:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"D:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885884-->D:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->D:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u D:\WINDOWS\system32\DRVSTORE\amdk8_87B606860B720724BEB5DCEB69E8628A61DE0A7E\amdk8.inf
WinRAR archiver-->D:\Programme\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft-->D:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe
X Codec Pack-->C:\Programme\Recode Media\X Codec Pack v2\Uninstall.exe
XMedia Recode 2.1.2.5-->D:\Programme\XMedia Recode\uninst.exe
Xvid 1.2.1 final uninstall-->"D:\Programme\Xvid\unins000.exe"
XviD MPEG-4 Codec-->"D:\Programme\XviD\UninstXviD.exe"
zoneLINK SystemUp 2009 Undelete-->"D:\Programme\zoneLINK\SystemUp 2009\Undelete\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-03-29]
F3 - REG:win.ini: load=D:\WINDOWS\svchost.exe [2009-03-29]
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - (no file) [2009-07-25]
R3 - URLSearchHook: (no name) - - (no file) [2009-07-25]
O13 - DefaultPrefix: 404: Seite nicht gefunden - MyhotterSearchbox [2009-07-25]
O20 - AppInit_DLLs: D:\WINDOWS\system32\adlaunch32.dll [2009-07-25]
O4 - HKLM\..\Policies\Explorer\Run: [] [2009-07-25]
O13 - WWW Prefix: 404: Seite nicht gefunden - MyhotterSearchbox [2009-07-25]
O4 - HKLM\..\Run: [Monitor] D:\WINDOWS\PixArt\PAC207\Monitor.exe [2009-07-25]
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - D:\WINDOWS\system32\msjava32.dll [2009-07-25]
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file) [2009-07-25]

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: SHUYIN
Event Code: 2003
Message:
Record Number: 16794
Source Name: SRTSP
Time Written:
Event Type: Informationen
User:

Computer Name: SHUYIN
Event Code: 2
Message: Device identified.

Record Number: 16793
Source Name: nvata
Time Written:
Event Type: Informationen
User:

Computer Name: SHUYIN
Event Code: 2
Message: Device identified.

Record Number: 16792
Source Name: nvata
Time Written:
Event Type: Informationen
User:

Computer Name: SHUYIN
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 16791
Source Name: EventLog
Time Written:
Event Type: Informationen
User:

Computer Name: SHUYIN
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 16790
Source Name: EventLog
Time Written:
Event Type: Informationen
User:

=====Application event log=====

Computer Name: SHUYIN
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 8636
Source Name: SecurityCenter
Time Written:
Event Type: Informationen
User:

Computer Name: SHUYIN
Event Code: 35
Message:
Record Number: 8635
Source Name: Norton Internet Security
Time Written:
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: SHUYIN
Event Code: 34
Message:
Record Number: 8634
Source Name: Norton Internet Security
Time Written:
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: SHUYIN
Event Code: 0
Message:
Record Number: 8633
Source Name: ICQ Service
Time Written:
Event Type: Informationen
User:

Computer Name: SHUYIN
Event Code: 0
Message:
Record Number: 8632
Source Name: gusvc
Time Written:
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Programme\Gemeinsame Dateien\Teleca Shared;D:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

noch jemand da der mir sagen kann ob sie stimmen?

Starte HJT => Do a system scan only => Markiere:

Code:

Alle R0, R3, O2, O3, O8, O9 und O13-Einträge

O4 - HKLM\..\Run: [SweetIM] D:\Programme\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [SoundMAX] "D:\Programme\Analog Devices\SoundMAX\SMax4.exe" /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AdminHpr] RUNDLL32.EXE D:\WINDOWS\system32\odbc_inc.dll,i

O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE D:\WINDOWS\system32\AdminLp.dll,Install

O4 - HKCU\..\Run: [swg] D:\Programme\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

=> Fix checked => Starte den Rechner neu => Neues HJT-Log posten.

ciao, andreas

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:41, on 26.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
D:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\ICQ6Toolbar\ICQ Service.exe
D:\Programme\Java\jre6\bin\jqs.exe
D:\Programme\FreePDF_XP\fpassist.exe
D:\Programme\Maxtor\Sync\SyncServices.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
C:\Programme\Winamp\winampa.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programme\Analog Devices\Core\smax4pnp.exe
D:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\tsnpstd3.exe
D:\WINDOWS\vsnpstd3.exe
D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe
D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools\daemon.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programme\Picasa2\PicasaMediaDetector.exe
D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\Programme\Messenger\msmsgs.exe
C:\Programme\MSI\BToes Bluetooth Software\BTTray.exe
D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
D:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [FreePDF Assistant] D:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [tsnpstd3] D:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [mxomssmenu] "D:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Picasa Media Detector] D:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Programme\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - D:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - D:\Programme\Maxtor\Sync\SyncServices.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Programme\Gemeinsame Dateien\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6867 bytes

Kommen die Fehlermeldungen beim Start noch?

ciao, andreas

Neee is alles weg ;))))))))

Super herzlichen Dank,.... vielen vielen vielen Dank

Freu endlich kein gespamme mehr wenn ich den Pc anmache ;))))

Mache noch einen vollständigen Scan mit Malwarebytes, so wie es in der Anleitung steht und melde dich, falls etwas gefunden wird.

Du bist entlassen. :)

ciao, andreas

vielen vielen dank dir hast mir echt mega genial geholfen ;)

ok wenn nochw as ist melder ich mich cucu