Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: booster Win32 wurm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.07.2008, 22:42   #1
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



Hallo miteinander.

diesmal hat es mich erwischt . Naja aufjedenfall erläutere ich erstmal was der wurm ansich hat.

- zeigt meine 2 von 3 festplatten nicht an
- Admin rechte entzogen
- Tasmanager klappt auch nicht
- alle systemwiederherstellungspunkte sind mit "VIRUS ALERT" bestückt
- und natürlich ist in der taskleiste neben der uhr auch ein VIRUS ALERT

vorherriger standpunkt (bevor ich spybot und avira durchlaufen hab) war, dass sich noch ein möchtergern Spyware program öffnete, dass den wurm beseitigen sollte.... ein paar pop ups waren auch noch im spiel.

Dies ist zum glück erstmal weg. Meine Probs sind die oben aufgeführten sachen. ich hab auch nicht soviel ahnung von virus und würmen bekämüfung und brauche deswegen eure unterstützung...

Ich poste mal einen HijackThis logfile, hoffe ihr könnt mir weiterhelfen.

Vielen Dank

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39: VIRUS ALERT!, on 29.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\***\Eigene Dateien\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {AEFFF7D6-917C-4D8D-A780-7C2D69F1B01A} - C:\WINDOWS\nfavxwdbsxb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programme\DAP\DAPIEBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: fdkowvbp - {BF53502D-3BEF-4273-9925-89D7526A5F87} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0CF7A555-4E85-4021-9504-14A8D54B8974} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0CF7A555-4E85-4021-9504-14A8D54B8974} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - h**p://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=h**p://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - h**p://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - h**p://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: eqvwamkl - {B44CB897-389B-48F4-B8A7-9E6C402A20F5} - C:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {ACA96E84-347B-4CC2-B6AC-1E18DEF194EE} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10181 bytes

Alt 29.07.2008, 23:04   #2
myrtille
/// TB-Ausbilder
 
booster Win32 wurm - Standard

booster Win32 wurm



Hi,

lade dir SmitfraudFix herunter und arbeite genau die Schritte unter "Reinigung" ab. Speichere das erstellte Log ab und poste es dann hier.

lg myrtille
__________________

__________________

Alt 29.07.2008, 23:36   #3
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



Das Virus Alert in der taskleiste ist weg.. JIPIIEEE und meine C Festplatte sehe ich auch wieder. Also es hat sich einiges getan. Ich kann mir aber nicht vorstellen, dass es schon war, weil beim reinigen so einige fehler aufgetreten sind. Schau dir es mal einfach an.

SmitFraudFix v2.332

Scan done at 0:22:29,90, 30.07.2008
Run from C:\Dokumente und Einstellungen\***\Eigene Dateien\jetzt gehts los\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\nfavxwdbsxb.dll deleted.
C:\WINDOWS\eqvwamkl.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
__________________

Alt 30.07.2008, 09:37   #4
myrtille
/// TB-Ausbilder
 
booster Win32 wurm - Standard

booster Win32 wurm



Hi,
dann erstell bitte ein log mit Malwarebytes und lasse alle Funde löschen.

Erstelle danach bitte ein Log mit DSS und poste es hier.
  • Lade dir DSS
  • Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
  • Führe während DSS arbeitet bitte keine anderen Aktionen durch
  • Am Ende öffnen sich 2 Datein main.txt und extra.txt
  • Poste den Inhalt beider Dateien hier

Was für Probleme sind beim reinigen aufgetreten? Smitfraudfix ist für diese Art von Infektion sehr zuverlässig. Allerdings haben die allermeisten Leute mehrere Infektionen aufm Rechner.

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 01.08.2008, 12:34   #5
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



so jetzt erstmal die logdatei von MalwareBytes

Malwarebytes' Anti-Malware 1.23
Datenbank Version: 985
Windows 5.1.2600 Service Pack 2

23:34:41 30.07.2008
mbam-log-7-30-2008 (23-34-41).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 132663
Laufzeit: 50 minute(s), 50 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 15
Infizierte Dateien: 255

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bgow (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history\1018399 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\promo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\eMule\Incoming\Progz\KeyGen - Sony Sound Forge 7.0 - MP3 Plug-In 2.0\Sony Sound Forge 7.0 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\eovp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Progz\Bluetoth Widcom v1.4.3.4\Bluetoth WIDCOM V1.4.3.4\patch_v4.exe (Rogue.Installer) -> Quarantined and deleted successfully.
D:\Progz\Sony.Sound.Forge.v7.0.Incl.Universal.Keygen-SSG\KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Progz\Sony.Soundforge.8.Inc.Keygen-RENEGADE\SF8.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}\BILO\Eigene\Progz\ALPluginIE-1.0.2.1-setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\bet-at-home.com Poker\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\bjlicens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\creditdebit.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\UNWISE.INI (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.


Alt 01.08.2008, 12:35   #6
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



teil 2


C:\Casino\bet-at-home.com Poker\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\tabs_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history\1018399\archive.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history\1018399\history_0800.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history\1018399\session142648111.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history\1018399\session143256448.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history\1018399\session143261604.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\history\1018399\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\promo\245x360_poker_ipod_de.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\ext_creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\bet-at-home.com Poker\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\LOG\20080728003230343.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Alt 01.08.2008, 12:36   #7
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



hier die extra.txt von dss

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1022.42 MiB / 658.25 MiB
Pagefile Memory (total/avail): 2458.71 MiB / 2143.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1891.62 MiB

C: is Fixed (NTFS) - 116.41 GiB total, 89.66 GiB free.
D: is Fixed (NTFS) - 107.91 GiB total, 86.68 GiB free.
E: is Fixed (FAT32) - 8.55 GiB total, 2.69 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)
P: is CDROM (No Media)
Q: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 3 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 116.41 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 116.47 GiB - D: - E:

\\.\PHYSICALDRIVE1 -

\\.\PHYSICALDRIVE2 -

\\.\PHYSICALDRIVE3 -



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:Enabled:Remoteunterstützung"
"%ProgramFiles%\\Messenger\\msmsgs.exe"="%ProgramFiles%\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%ProgramFiles%\\AOL 9.0\\AOL.exe"="%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
"%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\\Skype\\Phone\\Skype.exe"="%ProgramFiles%\\Skype\\Phone\\Skype.exe:*:enabled:Skype"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLACSD.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLACSD.exe:*:Enabled:AOL"
"C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDIAL.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDIAL.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:Enabled:Remoteunterstützung"
"%ProgramFiles%\\AOL 9.0\\AOL.exe"="%ProgramFiles%\\AOL 9.0\\AOL.exe:*:enabled:AOL 9.0"
"%WinDir%\\system32\\fxsclnt.exe"="%WinDir%\\system32\\fxsclnt.exe:*:enabled:Microsoft Fax Console"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner"
"%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor"
"%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe"="%ProgramFiles%\\CA\\eTrust Antivirus\\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLACSD.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLACSD.exe:*:Enabled:AOL"
"C:\\Programme\\AOL 9.0\\waol.exe"="C:\\Programme\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDIAL.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDIAL.exe:*:Enabled:AOL"
"C:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe"="C:\\Programme\\Home Cinema\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe"="C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Dokumente und Einstellungen\\Bushido\\Desktop\\leechex\\LeechEx.exe"="C:\\Dokumente und Einstellungen\\Bushido\\Desktop\\leechex\\LeechEx.exe:*:Enabled:LeechEx"
"C:\\Programme\\DAP\\DAP.exe"="C:\\Programme\\DAP\\DAP.exe:*:Enabledownload Accelerator Plus"
"C:\\Dokumente und Einstellungen\\Bushido\\Desktop\\ML donkey\\mlnet.exe"="C:\\Dokumente und Einstellungen\\Bushido\\Desktop\\ML donkey\\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"C:\\Programme\\MlDonkey\\mlnet.exe"="C:\\Programme\\MlDonkey\\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
"C:\\Programme\\Anti-Leech\\ALIE_1.0.2.2\\alhlp.exe"="C:\\Programme\\Anti-Leech\\ALIE_1.0.2.2\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program"
"C:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\Real\\RealPlayer\\realplay.exe"="C:\\Programme\\Real\\RealPlayer\\realplay.exe:*isabled:RealPlayer"
"C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programme\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe"="C:\\Programme\\Anti-Leech\\ALIE_1.0.2.3\\alhlp.exe:*:Enabled:Anti-Leech plugin helper program"
"G:\\SetupWizard\\stInstall.exe"="G:\\SetupWizard\\stInstall.exe:*:Enabled:SpeedTouch-Assistent für Home-Installation"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Motorola\\RSD Lite\\SDL.exe"="C:\\Programme\\Motorola\\RSD Lite\\SDL.exe:*:Enabled:SDL"
"C:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\NetMeeting\\conf.exe"="C:\\Programme\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"I:\\SetupWizard\\stInstall.exe"="I:\\SetupWizard\\stInstall.exe:*:Enabled:SpeedTouch-Assistent für Home-Installation"
"I:\\UpgradeWizard\\upgradeST.exe"="I:\\UpgradeWizard\\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard"
"C:\\Dokumente und Einstellungen\\Bushido\\Desktop\\585\\SpeedTouch_upgrade_wizard_R4421\\upgradeST.exe"="C:\\Dokumente und Einstellungen\\Bushido\\Desktop\\585\\SpeedTouch_upgrade_wizard_R4421\\upgradeST.exe:*:Enabled:SpeedTouch Upgrade Wizard"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Bushido\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.5.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=BABA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Bushido
LOGONSERVER=\\BABA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Programme\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\QuickTime\QTSystem\;;C:\PROGRA~1\GEMEIN~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Bushido\LOKALE~1\Temp
TMP=C:\DOKUME~1\Bushido\LOKALE~1\Temp
USERDOMAIN=BABA
USERNAME=Bushido
USERPROFILE=C:\Dokumente und Einstellungen\Bushido
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Bushido (admin)
Nadia
Tony Montana (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x7
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Alice-Installationsdateien entfernen --> C:\WINDOWS\ISW\alice\iswdel.exe
AnyDVD --> "C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Programme\SlySoft\AnyDVD"
AOL Meine Fotos Bildschirmschoner --> C:\Programme\Gemeinsame Dateien\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Avira AntiVir Personal - Free Antivirus --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus --> C:\Programme\Azureus\Uninstall.exe
BearShare --> C:\Programme\BearShare Applications\BearShare\UninstallSurvey.exe C:\PROGRA~1\BEARSH~2\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~2\BEARSH~1\INSTALL.LOG
bet-at-home.com Poker --> C:\Casino\BET-AT~1.COM\UNWISE.EXE C:\Casino\BET-AT~1.COM\INSTALL.LOG
BlueSoleil --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x7
C-Media Card Reader Driver USB2.0 --> C:\WINDOWS\system32\CmUCRRm.exe
C-Media USB2.0 Card Reader --> C:\WINDOWS\CmiUCRUninstall.exe C:\Programme\C-Media USB2.0 Card Reader
CloneDVD2 --> "C:\Programme\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Programme\Elaborate Bytes\CloneDVD2"
Cool MP3 Splitter --> C:\PROGRA~1\COOLMP~1\UNWISE.EXE C:\PROGRA~1\COOLMP~1\INSTALL.LOG
Creative Treiber für Massenspeicher --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x7 /remove
Creatix V.92 Data Fax Modem --> agrsmdel
Das Ausbildungszeugnis --> MsiExec.exe /X{87E26A29-8A5D-487B-BD66-A82738D5AA58}
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus --> C:\PROGRA~1\DAP\UNWISE.EXE C:\PROGRA~1\DAP\INSTALL.LOG
eMule --> "C:\Programme\eMule\Uninstall.exe"
EPSON-Drucker-Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FLV Player 2.0, build 24 --> C:\Programme\FLV Player\uninst.exe
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater --> "C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Dokumente und Einstellungen\Bushido\Eigene Dateien\HiJackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Informationen über Ihren PC --> MsiExec.exe /I{3D1A6B70-3E02-49BC-88B0-916C80274632}
iPod for Windows 2006-03-23 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1031
IsoBuster 1.8 --> "C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire PRO 4.9.23 --> "C:\Programme\LimeWire\uninstall.exe"
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Look 316 --> C:\Programme\InstallShield Installation Information\{826BF0DF-11A1-4FC9-B7A1-8982269C883F}\Setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Medion Info Display --> C:\WINDOWS\UnInst32.exe VFDUtil.uni
Microsoft AutoRoute 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2006 Enzyklopädie Standard --> MsiExec.exe /I{06100048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Foto 2006 Standard Edition --> "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=11
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows-Journal-Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
Microsoft Works Suite-Add-Ins für Microsoft Word --> MsiExec.exe /I{90F1DDBF-0C56-44B0-A920-72CC90C51565}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Motorola Driver Installation --> MsiExec.exe /I{52F6065D-27D0-4680-B2BC-C49C9A252459}
Motorola Handset USB Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{44B3522B-195C-488D-84AC-9526FA99CB73}\Setup.exe"
Motorola PST --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}\Setup.exe" -l0x9 anything
Mozilla Firefox (3.0.1) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe
mpegable DS decoder --> C:\WINDOWS\AKDeInstall.exe "/C:\Programme\mpegable\"
mpegable Player --> C:\WINDOWS\AKDeInstall.exe "/C:\Programme\mpegable\"
mpegable X4 live --> C:\WINDOWS\AKDeInstall.exe "/C:\Programme\mpegable\"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyPhoneExplorer --> C:\Programme\MyPhoneExplorer\uninstall.exe
Nero Suite --> C:\Programme\Gemeinsame Dateien\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia PC Suite --> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_ger_web.exe /LANG="1031"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nokia Software Updater --> MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PC Translator --> C:\WINDOWS\UN32.EXE -UP
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Power Video Joiner 3.6 --> "C:\Programme\AML Products\Power Video Joiner\unins000.exe"
PowerCinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerCinema Linux 4.7 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
PowerDirector --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PowerStrip 3 (remove only) --> C:\Programme\PowerStrip\uninstal.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
River Past Audio Converter Pro --> C:\WINDOWS\Audio Converter Pro Uninstaller.exe
RouterControl 1.85 --> C:\WINDOWS\RCoUn.EXE /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"
RSD_LITE_3_6 --> MsiExec.exe /X{6E8D3944-E463-46D3-B52D-B6EB39D70752}
RT2500 USB Wireless LAN Card --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x7 -removeonly
Setup-Start von Microsoft Works Suite 2006 --> C:\Programme\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP G:\
SFT Loader --> C:\Programme\SFT Loader\uninstall.exe
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Alt 01.08.2008, 12:39   #8
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



teil 2 von extra.txt


Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Sound Forge 8.0 --> MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPER © Version 2008.bld.32 (July 8, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
TMPGEnc 3.0 XPress --> MsiExec.exe /I{D48EAA77-E526-41EB-894C-BD6A17EABD95}
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update Service --> C:\Programme\Sony Ericsson\Update Service\uninst.exe
USB Wireless Keyboard Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B338EA45-9F18-4FE4-A079-89668D1F6519}\Setup.exe" -l0x7
VeohTV BETA --> C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
videon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7
Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtualdub 1.4.9 --> C:\WINDOWS\AKDeInstall.exe "/C:\Programme\Virtualdub (Deutsch)\"
VoipStunt --> "C:\Programme\VoipStunt.com\VoipStunt\unins000.exe"
WIBU-KEY Setup (WIBU-KEY Remove) --> C:\Programme\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Windows-Sicherungsprogramm --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Messenger 5.1 --> MsiExec.exe /I{A44413DC-17D5-4F0B-A128-8B590B20323C}
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
X10 Hardware(TM) --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Xilisoft Download YouTube Video --> C:\Programme\Xilisoft\Download YouTube Video\Uninstall.exe
xp-AntiSpy 3.95-1 --> C:\Programme\xp-AntiSpy\Uninstall.exe
YouTube Downloader 2.41 --> "C:\Programme\FDRLab\YouTube Downloader\unins000.exe"
Zone Media --> C:\DOKUME~1\Bushido\ANWEND~1\OPTION~1\Stop Aim.exe -uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type21907 / Error
Event Submitted/Written: 08/01/2008 00:58:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung vm305_sti.exe, Version 4.3.625.61, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00660032.
Das medienspezifische Ereignis für [vm305_sti.exe!ws!] wird verarbeitet.

Event Record #/Type21892 / Error
Event Submitted/Written: 07/30/2008 10:32:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung vm305_sti.exe, Version 4.3.625.61, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00660032.
Das medienspezifische Ereignis für [vm305_sti.exe!ws!] wird verarbeitet.

Event Record #/Type21891 / Error
Event Submitted/Written: 07/30/2008 09:19:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung vm305_sti.exe, Version 4.3.625.61, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00660032.
Das medienspezifische Ereignis für [vm305_sti.exe!ws!] wird verarbeitet.

Event Record #/Type21883 / Error
Event Submitted/Written: 07/30/2008 07:19:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung vm305_sti.exe, Version 4.3.625.61, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00660032.
Das medienspezifische Ereignis für [vm305_sti.exe!ws!] wird verarbeitet.

Event Record #/Type21875 / Error
Event Submitted/Written: 07/30/2008 00:32:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung vm305_sti.exe, Version 4.3.625.61, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00660032.
Das medienspezifische Ereignis für [vm305_sti.exe!ws!] wird verarbeitet.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type58012 / Error
Event Submitted/Written: 08/01/2008 00:58:03 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Event Record #/Type57993 / Error
Event Submitted/Written: 07/30/2008 10:32:34 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Event Record #/Type57973 / Error
Event Submitted/Written: 07/30/2008 09:15:23 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058

Event Record #/Type57959 / Error
Event Submitted/Written: 07/30/2008 07:27:24 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type57945 / Error
Event Submitted/Written: 07/30/2008 07:19:16 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058



-- End of Deckard's System Scanner: finished at 2008-08-01 13:25:40 ------------

Alt 01.08.2008, 12:40   #9
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



und zuletzt main.txt

Deckard's System Scanner v20071014.68
Run by Bushido on 2008-08-01 13:20:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-01 11:20:19 UTC - RP1 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-01 13:25:01
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\explorer.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Bushido\Desktop\dss.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programme\DAP\DAPIEBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: fdkowvbp - {BF53502D-3BEF-4273-9925-89D7526A5F87} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Programme\DAP\DAP.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\Msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\Msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Programme\Common Files\X10\Common\X10nets.exe


--
End of file - 10463 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 PDDSLHND - c:\windows\system32\drivers\pddslhnd.sys <Not Verified; ProDyne; ProDyne DSL Handler>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 WIBUKEY (WIBU-KEY Kernel Driver) - c:\windows\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 PDDSLADP (ProDyne DSL Adapter) - c:\windows\system32\drivers\pddsladp.sys <Not Verified; ProDyne; ProDyne DSL Adapter>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
S3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - c:\programme\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BlueSoleil Hid Service - c:\programme\ivt corporation\bluesoleil\btntservice.exe
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\programme\home cinema\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\programme\home cinema\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 CyberLink Media Library Service - "c:\programme\home cinema\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\programme\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 ServiceLayer - "c:\programme\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\programme\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S3 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: RT2500 USB Wireless LAN Card
Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
Manufacturer: Ralink Technology Corp.
Name: RT2500 USB Wireless LAN Card
PNP Device ID: USB\VID_148F&PID_2570\6&2B8D60B9&0&2
Service: RT2500USB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-Netzwerkadapter
Device ID: V1394\NIC1394\D2827F10DC00
Manufacturer: Microsoft
Name: 1394-Netzwerkadapter
PNP Device ID: V1394\NIC1394\D2827F10DC00
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 13:00:00 272 --ah----- C:\WINDOWS\Tasks\AF9B824E918C33AE.job
2008-07-25 17:51:47 400 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job
2008-07-19 07:43:00 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-08-11 20:35:43 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-30 22:16:17 0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-30 07:46:41 0 dr-h----- C:\Dokumente und Einstellungen\Bushido\Recent
2008-07-30 00:22:40 1540 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 00:22:20 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-30 00:22:20 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-30 00:22:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-30 00:22:20 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-30 00:22:20 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-30 00:22:20 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-30 00:22:20 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-30 00:22:20 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-27 23:10:54 0 d-------- C:\Dokumente und Einstellungen\Bushido\dwhelper
2008-07-27 23:10:42 0 d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-07-27 22:47:14 10223616 --a------ C:\Dokumente und Einstellungen\Bushido\ntuser.dat
2008-07-26 21:55:48 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-26 21:55:48 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-07-26 21:55:48 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-07-26 21:55:48 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-07-26 21:55:48 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-07-26 21:55:48 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-07-26 21:55:47 217073 --a------ C:\WINDOWS\meta4.exe
2008-07-26 21:55:33 216064 -r-hs---- C:\WINDOWS\system32\nbDX.dll <Not Verified; MONOGRAM Multimedia, s.r.o.; MONOGRAM AMR Filter Pack>
2008-07-26 21:55:33 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-07-26 21:55:33 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-07-26 21:55:27 0 d-------- C:\Programme\eRightSoft
2008-07-25 19:09:49 0 d-------- C:\Private
2008-07-25 19:07:32 956 --ah----- C:\win 2000.bat
2008-07-18 16:38:35 0 d-------- C:\Programme\FLV Player
2008-07-17 22:11:08 0 d-------- C:\Downloads
2008-07-14 20:23:40 0 d-------- C:\Programme\Skype
2008-07-14 20:23:39 0 d-------- C:\Programme\Gemeinsame Dateien\Skype


-- Find3M Report ---------------------------------------------------------------

2008-07-30 22:16:20 0 d-------- C:\Dokumente und Einstellungen\Bushido\Anwendungsdaten\Malwarebytes
2008-07-28 00:30:44 0 d-------- C:\Dokumente und Einstellungen\Bushido\Anwendungsdaten\TmpRecentIcons
2008-07-28 00:26:31 0 d-------- C:\Dokumente und Einstellungen\Bushido\Anwendungsdaten\Skype
2008-07-28 00:04:32 0 d-------- C:\Dokumente und Einstellungen\Bushido\Anwendungsdaten\skypePM
2008-07-27 23:10:38 0 d-------- C:\Programme\Gemeinsame Dateien\Real
2008-07-26 21:25:05 0 d-------- C:\Dokumente und Einstellungen\Bushido\Anwendungsdaten\Mozilla
2008-07-26 21:08:41 0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-21 21:20:57 26314 --a------ C:\Dokumente und Einstellungen\Bushido\Anwendungsdaten\wklnhst.dat
2008-07-20 19:41:40 0 d-------- C:\Programme\eMule
2008-07-17 20:46:26 0 d-------- C:\Programme\DivX
2008-07-13 23:07:20 0 d-------- C:\Programme\Windows Live
2008-06-03 21:58:00 0 d-------- C:\Programme\Nokia
2008-06-03 21:57:56 0 d-------- C:\Programme\MSXML 6.0
2008-06-03 21:56:46 0 d-------- C:\Programme\Gemeinsame Dateien\Nokia
2008-05-03 13:13:43 2546 --a------ C:\WINDOWS\unins000.dat
2008-05-03 13:11:30 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [22.07.2008 19:52]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [23.09.2005 00:21]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [05.08.2005 15:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Ralink Wireless Utility.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

Alt 01.08.2008, 12:51   #10
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



teil 2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
C:\Programme\CA\Etrust Antivirus\Register.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Programme\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUCRRun]
C:\WINDOWS\system32\CmUCReye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Programme\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Programme\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn]
"C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MedionVFD]
"C:\Programme\Medion Info Display\MdionLCM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\Msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper]
"C:\Programme\NetPumper\NetPumperIEProxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programme\Home Cinema\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
c:\programme\powerstrip\pstrip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s9201]
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sixth Idol]
C:\DOKUME~1\Bushido\ANWEND~1\OPTION~1\Stop Aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upload delete gpl find]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bows link upload delete\find about.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
"C:\programme\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Programme\Save\Save.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Programme\Windows Media Player\WMPNSCFG.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-01 13:25:40 ------------

Alt 01.08.2008, 20:43   #11
myrtille
/// TB-Ausbilder
 
booster Win32 wurm - Standard

booster Win32 wurm



Code:
ATTFilter
C:\Programme\eMule\Incoming\Progz\KeyGen - Sony Sound Forge 7.0 - MP3 Plug-In 2.0\Sony Sound Forge 7.0 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Progz\Sony.Sound.Forge.v7.0.Incl.Universal.Keygen-SSG\KeyGen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Progz\Sony.Soundforge.8.Inc.Keygen-RENEGADE\SF8.exe
         
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 02.08.2008, 12:55   #12
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



und was mache ich jetzt?

was sollen diese 3 einträge??

Alt 02.08.2008, 12:55   #13
myrtille
/// TB-Ausbilder
 
booster Win32 wurm - Standard

booster Win32 wurm



Ich dachte du könntest mir sagen, was du mit diesen Dateien gemacht hast?

Das ist nichts was sich auf einem Rechner befinden sollte.
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 02.08.2008, 13:00   #14
Bilo84
 
booster Win32 wurm - Standard

booster Win32 wurm



hhhmmmm das kann sein

nur seien wir mal ehrlich. Die meisten User in diesen Board sind auf dieser page nur gelandet weil die so einen dreck downgeloaded haben

zurück zur Sache. wie schauen sich meine Logdateien an? Ist alles in ordnung?

Alt 02.08.2008, 13:10   #15
myrtille
/// TB-Ausbilder
 
booster Win32 wurm - Standard

booster Win32 wurm



Sein wir mal ehrlich:
Ich bin hier nicht gelandet, weil ich solche Sachen geladen hab.
Und die Leute denen ich helfe haben in der Regel solche Sachen auch nicht offensichtlich aufm Rechner.

Du kannst ja sehen ob jemand anders dir helfen will.
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Antwort

Themen zu booster Win32 wurm
acroiehelper.dll, ad-aware, add-on, antivir, avira, bho, browser, ctfmon.exe, excel, festplatte, firefox, google, hijack, hijackthis, hijackthis logfile, hkus\s-1-5-18, home, logfile, mozilla, mozilla firefox, object, plug-in, pop ups, software, solution, spyware, toolbars, virus, virus alert, virus alert!, windows, windows xp, wmid, wurm



Ähnliche Themen: booster Win32 wurm


  1. Win32/Dorkbot Wurm eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (15)
  2. Möglicherweise Variante von Win32/AutoRun.Spy.Banker.M Wurm
    Plagegeister aller Art und deren Bekämpfung - 29.03.2013 (4)
  3. win32/phorpiex b Wurm: Was tun um zu löschen?
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  4. Pando Media Booster
    Alles rund um Windows - 15.04.2012 (3)
  5. Wurm Cekar.d und trojaner Win32:Injected AZ + Trojan.win32 gen.
    Log-Analyse und Auswertung - 26.08.2011 (2)
  6. Frage zu Game Booster
    Diskussionsforum - 22.07.2011 (14)
  7. Win32/Zimuse.A Wurm
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (3)
  8. ESET meldet WIN32/Conficker.AL Wurm
    Plagegeister aller Art und deren Bekämpfung - 02.07.2009 (0)
  9. Wurm Worm.Win32.AutoRun.vmq oder TR/Dldr.Agent.jag
    Plagegeister aller Art und deren Bekämpfung - 21.01.2009 (0)
  10. Worm win32 Net booster
    Plagegeister aller Art und deren Bekämpfung - 05.09.2008 (3)
  11. Diverse Tojaner (evtl. auch Wurm) z.B. Win32.Agent.pz
    Plagegeister aller Art und deren Bekämpfung - 21.07.2008 (18)
  12. Befall durch Wurm Win32:Otwycal-X, -AG
    Plagegeister aller Art und deren Bekämpfung - 14.06.2008 (15)
  13. Hier der log eintrag für meinen Wurm Win32.Worm.P2P.PUCE.G
    Mülltonne - 10.11.2007 (0)
  14. Hilfe Wurm Win32.Worm.P2P.Backterra.D
    Log-Analyse und Auswertung - 20.02.2006 (7)
  15. Mein Plagegeist ist ein Booster
    Plagegeister aller Art und deren Bekämpfung - 08.04.2005 (1)
  16. Booster verwirrt Windows?
    Mülltonne - 08.04.2005 (1)
  17. Hilfe! Werden den Wurm WIN32.KLEZ.E@mm nicht loslos
    Plagegeister aller Art und deren Bekämpfung - 14.02.2003 (11)

Zum Thema booster Win32 wurm - Hallo miteinander. diesmal hat es mich erwischt . Naja aufjedenfall erläutere ich erstmal was der wurm ansich hat. - zeigt meine 2 von 3 festplatten nicht an - Admin rechte - booster Win32 wurm...
Archiv
Du betrachtest: booster Win32 wurm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.