Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer verseucht. Werbefenster öffnet sich immer wieder.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.05.2010, 15:35   #1
Trucki
 
Computer verseucht. Werbefenster öffnet sich immer wieder. - Standard

Computer verseucht. Werbefenster öffnet sich immer wieder.



Guten Tach erstmal.

Bei meinem Computer funktioniert fast nichts mehr.
Es öffnen sich immer wieder IE Werbefenster und Opera hängt seit der Programmöffnung auch immer.

Ich poste dann mal alle LogFiles:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4099

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 7.0.5730.13

14.05.2010 16:12:00
mbam-log-2010-05-14 (16-12-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|R:\|)
Durchsuchte Objekte: 351174
Laufzeit: 1 Stunde(n), 51 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 29
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 8
Infizierte Dateien: 20

Infizierte Speicherprozesse:
C:\WINDOWS\Nsofub.exe (Trojan.FraudPack.Gen) -> Unloaded process successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nb4.exe (Trojan.FraudPack.Gen) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdo32 (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toy5knq8oc (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Rogue.ControlCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\Nsofub.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nb4.exe (Trojan.FraudPack.Gen) -> Delete on reboot.
C:\Dokumente und Einstellungen\****\Desktop\COREL\MagixDigital foto\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Desktop\DESKSOFT\SmileyCentralPFSetup2.3.50.56.ZNman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nb7.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nb0.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nb1.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nb3.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Nb6.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{54339B5E-3B25-44E7-8036-DED3FBB3C759}\RP289\A0055705.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Nsofua.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
H:\PCTools\treiber\windows xp KeyGens & Cracks & Appz\MSKey4in1.exe (Malware.Tool) -> Quarantined and deleted successfully.
H:\PCTools\treiber\windows xp KeyGens & Cracks & Appz\WinXP Corp. Key Changer 2.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winzdo32.dll (Trojan.Dialer) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.07 (written by random/random)
Run by Ernst Trucki at 2010-05-14 16:20:10
Microsoft Windows XP Professional Service Pack 3, v.3264
System drive C: has 7 GB (7%) free of 100 GB
Total RAM: 3071 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:16, on 14.05.2010
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\3DataManager\WTGService.exe
C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\uTorrent\uTorrent.exe
C:\Programme\Steam\Steam.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\UltraMon\UltraMon.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\IEPro\MiniDM.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
C:\DOKUME~1\****\LOKALE~1\Temp\Nb4.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
C:\Dokumente und Einstellungen\****\Desktop\Neuer Ordner\mbam-setup.exe
C:\Programme\trend micro\****.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\iepro.dll
O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Standby] "c:\Programme\Gemeinsame Dateien\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programme\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\Run: [Steam] "C:\Programme\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res:///105
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
O23 - Service: WTGService - Unknown owner - C:\Programme\3DataManager\WTGService.exe

--
End of file - 9737 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Programme\IEPro\iepro.dll [2009-09-02 777392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10945114-b19f-4614-8450-b25e444a1020}]
SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
Winload Toolbar - C:\Programme\Winload\tbWinl.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2009-10-29 4150160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{40c3cc16-7269-4b32-9531-17f2950fb06f} - Winload Toolbar - C:\Programme\Winload\tbWinl.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-09-11 18717696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-02-18 248040]
"NBKeyScan"=C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe [2008-12-05 2254120]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"Standby"=c:\Programme\Gemeinsame Dateien\Corel\Standby\Standby.exe [2010-01-07 105632]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-09-06 413696]
"nmctxth"=C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe [2009-07-07 647216]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2007-12-01 1695232]
"uTorrent"=C:\Programme\uTorrent\uTorrent.exe [2009-09-24 288560]
"GAINWARD"=C:\Programme\EXPERTool\TBPanel.exe [2009-05-12 2181672]
"Steam"=C:\Programme\Steam\Steam.exe [2010-05-07 1238352]
"Skype"=C:\Programme\Skype\\Phone\Skype.exe [2010-04-06 26102056]
"DAEMON Tools Pro Agent"=C:\Programme\DAEMON Tools Pro\DTProAgent.exe [2009-12-18 427328]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
UltraMon.lnk - C:\WINDOWS\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2009-10-29 4150160]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Electronic Arts\EADM\Core.exe"="C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Programme\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Programme\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:SecuROM Matroschka Loader"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE"="C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\TmUnitedForever\TmForever.exe"="C:\Programme\TmUnitedForever\TmForever.exe:*:Enabled:TmForever"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"
"C:\Programme\Codemasters\FUEL\FUEL.exe"="C:\Programme\Codemasters\FUEL\FUEL.exe:*:Enabled:FUEL"
"C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2"
"E:\Setup Wizard\SetupST.exe"="E:\Setup Wizard\SetupST.exe:*:Enabled:SpeedTouch Setup Wizard"
"C:\Programme\IEPro\MiniDM.exe"="C:\Programme\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="C:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II"
"C:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="C:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update"
"C:\Programme\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="C:\Programme\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay"
"C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Programme\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{300445ca-efb0-11de-b2c1-0016e6867b21}]
shell\AutoRun\command - K:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30896a29-a466-11de-87c1-806d6172696f}]
shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bc34870-1666-11df-b4c5-806d6172696f}]
shell\AutoRun\command - J:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{622f4990-a45c-11de-a1fa-fb850bc7fcd4}]
shell\AutoRun\command - H:\.\Autorun.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d940aa60-fad7-11de-b2d2-0016e6867b21}]
shell\AutoRun\command - J:\.\Autorun.exe AUTORUN=1


======List of files/folders created in the last 1 months======

2010-05-14 16:20:11 ----D---- C:\Programme\trend micro
2010-05-14 16:20:10 ----D---- C:\rsit
2010-05-14 14:14:49 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
2010-05-14 14:14:38 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-05-14 14:14:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-14 14:08:02 ----D---- C:\Programme\CCleaner
2010-05-14 10:33:05 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-05-12 08:00:24 ----D---- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2010-05-11 14:52:57 ----D---- C:\Programme\XviD
2010-05-07 17:30:21 ----D---- C:\ATI
2010-05-06 14:30:02 ----D---- C:\Office 2010 Developer Resources
2010-05-04 17:37:50 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\mresreg
2010-05-04 17:37:44 ----D---- C:\Programme\FreeFotoWorks
2010-05-04 17:24:48 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PhotoFiltre
2010-05-04 17:15:15 ----D---- C:\Programme\DiaShow07
2010-05-04 17:13:48 ----D---- C:\Programme\Winload
2010-05-04 17:13:48 ----D---- C:\Programme\Conduit
2010-05-04 17:13:46 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SparweltGutschein
2010-05-04 17:13:44 ----D---- C:\Programme\Sparwelt.de
2010-05-04 17:04:23 ----D---- C:\Programme\mresreg
2010-05-04 15:28:21 ----D---- C:\Programme\DAEMON Tools Pro
2010-05-04 15:27:22 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DAEMON Tools Pro
2010-05-04 15:27:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
2010-05-03 13:45:30 ----D---- C:\Programme\Gemeinsame Dateien\MAGIX Services
2010-05-03 13:18:22 ----D---- C:\WINDOWS\system32\MAGIX
2010-05-03 13:18:22 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2010-05-03 13:18:22 ----A---- C:\WINDOWS\mgxoschk.ini
2010-05-03 13:04:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Protexis
2010-05-03 12:59:43 ----D---- C:\Programme\Microsoft SDKs
2010-05-03 12:59:41 ----D---- C:\Programme\Microsoft Visual Studio 9.0
2010-04-27 12:16:08 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Realtime Soft
2010-04-27 12:16:06 ----D---- C:\Programme\UltraMon
2010-04-27 12:16:06 ----D---- C:\Programme\Gemeinsame Dateien\Realtime Soft
2010-04-27 12:16:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Realtime Soft
2010-04-20 15:48:54 ----D---- C:\Programme\win2day
2010-04-16 18:23:47 ----A---- C:\WINDOWS\system32\sqliteodbc.dll
2010-04-16 18:23:35 ----A---- C:\WINDOWS\system32\vbalIPrg.dll
2010-04-16 18:23:35 ----A---- C:\WINDOWS\system32\SSubTmr6.dll
2010-04-16 18:23:35 ----A---- C:\WINDOWS\system32\mbr_sqlite.dll
2010-04-16 18:23:35 ----A---- C:\WINDOWS\system32\ijl11.dll
2010-04-16 18:23:35 ----A---- C:\WINDOWS\system32\CMDLGD6.dll

======List of files/folders modified in the last 1 months======

2010-05-14 16:20:16 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\uTorrent
2010-05-14 16:20:14 ----D---- C:\WINDOWS\Prefetch
2010-05-14 16:20:11 ----RD---- C:\Programme
2010-05-14 16:19:32 ----D---- C:\WINDOWS\Temp
2010-05-14 16:17:35 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Skype
2010-05-14 16:12:08 ----HD---- C:\WINDOWS\PIF
2010-05-14 16:12:08 ----D---- C:\WINDOWS\system32\drivers
2010-05-14 16:11:59 ----SD---- C:\WINDOWS\Tasks
2010-05-14 16:11:59 ----D---- C:\WINDOWS
2010-05-14 16:03:51 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\skypePM
2010-05-14 14:09:49 ----D---- C:\WINDOWS\Debug
2010-05-14 10:33:05 ----D---- C:\WINDOWS\system32
2010-05-14 10:17:31 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\vlc
2010-05-14 10:12:50 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\dvdcss
2010-05-14 06:53:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-13 20:52:22 ----SHD---- C:\WINDOWS\Installer
2010-05-13 20:52:21 ----D---- C:\Config.Msi
2010-05-13 19:17:31 ----D---- C:\WINDOWS\system32\ias
2010-05-13 16:13:38 ----D---- C:\Programme\Steam
2010-05-13 16:11:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-13 16:09:16 ----D---- C:\WINDOWS\system32\config
2010-05-13 16:08:40 ----D---- C:\WINDOWS\system32\wbem
2010-05-13 16:08:39 ----D---- C:\WINDOWS\Registration
2010-05-12 08:00:24 ----D---- C:\Programme\Gemeinsame Dateien
2010-05-12 07:47:34 ----D---- C:\Programme\IEPro
2010-05-10 13:42:12 ----D---- C:\HOB
2010-05-08 09:56:11 ----D---- C:\Programme\Opera
2010-05-05 20:55:27 ----D---- C:\Programme\Click'N Design 3D (V5)
2010-05-05 18:53:24 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Nero
2010-05-04 20:53:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-05-04 17:15:00 ----D---- C:\WINDOWS\Downloaded Installations
2010-05-03 14:09:26 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-05-03 13:35:11 ----D---- C:\WINDOWS\Microsoft.NET
2010-05-03 13:35:00 ----RSD---- C:\WINDOWS\assembly
2010-05-03 13:32:08 ----D---- C:\Programme\Corel
2010-05-03 13:29:22 ----D---- C:\WINDOWS\WinSxS
2010-05-03 13:17:21 ----SD---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft
2010-05-03 13:04:14 ----D---- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Corel
2010-05-03 13:01:37 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-05-03 13:00:09 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-05-03 12:58:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Corel
2010-05-03 12:56:00 ----RSD---- C:\WINDOWS\Fonts
2010-04-25 22:08:09 ----D---- C:\WINDOWS\Help
2010-04-17 20:38:25 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-17 19:26:22 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-17 18:59:54 ----D---- C:\Programme\Mozilla Firefox
2010-04-17 18:59:17 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-09-19 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2007-12-01 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2007-12-01 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-09-19 28520]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2009-02-20 18816]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2009-07-07 25392]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2009-07-07 26672]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2007-11-30 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2007-11-30 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-09-11 5911552]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2007-11-30 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-03 8087712]
R3 sbpci;Sound Blaster AudioPCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\sbpci.sys [2001-10-26 492672]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2007-11-30 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2007-11-30 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2007-11-30 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2007-11-30 25856]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2007-11-30 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2009-08-06 297728]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 amsuxuzh;amsuxuzh; C:\WINDOWS\system32\drivers\amsuxuzh.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys [2010-01-06 103040]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 RSUSBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [2010-01-25 44032]
S3 RtsUIr;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\RtsUIr.sys [2010-01-25 17536]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-11-30 60032]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-11-30 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-09-19 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-09-19 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 nmservice;Pure Networks Platform Service; C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe [2009-07-07 647216]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [2009-07-24 189728]
R2 WTGService;WTGService; C:\Programme\3DataManager\WTGService.exe [2009-02-27 296400]
R3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
R3 osppsvc;Office Software Protection Platform; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe [2008-12-05 81920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Programme\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-09-03 3347280]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-12-01 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-05-14 16:20:18

======Uninstall list======

-->"C:\Programme\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Programme\uTorrent\uTorrent.exe" /UNINSTALL
3DataManager-->C:\Programme\3DataManager\Uninstaller.exe
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Assassin's Creed II-->"C:\Programme\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Call of Duty: Modern Warfare 2 - Multiplayer-->"C:\Programme\Steam\steam.exe" steam://uninstall/10190
Call of Duty: Modern Warfare 2-->"C:\Programme\Steam\steam.exe" steam://uninstall/10180
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Click'N Design 3D for AfterBurner(tm) (V5)-->C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Contents-->MsiExec.exe /I{D7D99A66-493F-468B-BCE1-6F88612B89D5}
Corel Graphics - Windows Shell Extension-->c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\ShellUninst.exe -ProductCode {51DD370C-6690-424E-9674-5F14468B323F} -arp
Corel Graphics - Windows Shell Extension-->MsiExec.exe /X{51DD370C-6690-424E-9674-5F14468B323F}
Corel Graphics Suite 11-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}
Corel PaintShop Photo Pro X3-->c:\Programme\Corel\Corel PaintShop Photo Pro\X3\Setup\{D1AEB5DB-04FA-489D-94EF-8600898B93EE}\SetupARP.exe /arp
Corel PaintShop Photo Pro X3-->MsiExec.exe /I{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}
Creative PCI Audio Drivers-->C:\PROGRA~1\Creative\Audio\CTSetup\ctsetup.exe -u -3
DeviceIO-->MsiExec.exe /I{D3BCC13A-E4F2-45EE-846F-D143CEDDDBCB}
Driver Genius Professional Edition-->"C:\Programme\Driver-Soft\DriverGenius\unins000.exe"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
EA Download Manager-->C:\Programme\Electronic Arts\EADM\EADMUninstall.exe
Epson Copy Utility 3.4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}\SETUP.EXE" -l0x7 -UnInstall
EPSON PERFECTION V30_V300 PHOTO Handbuch-->C:\Programme\EPSON\TPMANUAL\PerfV30_V300\DEU\USE_G\DOCUNINS.EXE
EPSON Scan-->C:\Programme\epson\escndv\setup\setup.exe /r
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
EXPERTool 7.5-->"C:\Programme\EXPERTool\unins000.exe"
Fallout 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x7 -removeonly
FormatFactory 2.15-->C:\Programme\FreeTime\FormatFactory\uninst.exe
FUEL-->C:\Programme\InstallShield Installation Information\{F51FF206-2273-4B3E-A90A-4752AE288C12}\setup.exe -runfromtemp -l0x0007 -removeonly
Goto Backgammon-->C:\PROGRA~1\Navigo\GOTOBA~1\UNWISE.EXE C:\PROGRA~1\Navigo\GOTOBA~1\INSTALL.LOG
GUILD WARS-->"C:\Programme\GUILD WARS\Gw.exe" -uninstall
GuildWars Visions v1.08-->"C:\Programme\Visions\unins000.exe"
H O B-->C:\WINDOWS\st6unst.exe -n "C:\HOB\ST6UNST.LOG"
Half-Life 2: Episode One-->"C:\Programme\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Programme\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"C:\Programme\Steam\steam.exe" steam://uninstall/220
Half-Life(R) 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
HyperSnap 6-->C:\Programme\HyperSnap 6\HprUnInst.exe
ICA-->MsiExec.exe /I{D1AEB5DB-04FA-489D-94EF-8600898B93EE}
IE7Pro-->C:\Programme\IEPro\uninst.exe
IPM_PSP_Pro-->MsiExec.exe /I{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JMicron JMB36X Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x7 -removeonly
Logitech SetPoint 5.20-->MsiExec.exe /I{D3120436-1358-4253-9EB2-257FFE8CE1D9}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Programme\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0407-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010 (Beta)-->MsiExec.exe /X{20140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
Microsoft Visual Studio Tools for Applications 2.0 Runtime-->MsiExec.exe /X{299C0434-4F4E-341F-A916-4E07AEB35E79}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MLE-->MsiExec.exe /I{D84B7C7E-2E4D-4002-8CA8-EED4EDB333AC}
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Need for Speed Underground 2-->C:\Programme\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}
Nero 9-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="1M03-015K-LT79-LLTP-4ZUC-HU1W-4XXK-11TP"
Nero BackItUp 4-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="1M11-0179-A445-4062-9E8U-A4WP-0UHA-W6M7"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Opera 10.50-->MsiExec.exe /X{022F6097-A053-4B1B-BE50-3AADE4116B92}
Opera 10.53-->MsiExec.exe /X{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
Portal-->"C:\Programme\Steam\steam.exe" steam://uninstall/400
PSPH10Pro-->MsiExec.exe /I{DA4A2F61-1E26-4D51-94BB-36D77678BDAD}
PSPPContent-->MsiExec.exe /I{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}
PSPPRO_DCRAW-->MsiExec.exe /I{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}
PureHD-->MsiExec.exe /I{D875FFEE-2FCE-4774-902A-749198C00A68}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Realtek USB 2.0 Card Reader-->"C:\Programme\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0007 -removeonly
Revo Uninstaller 1.83-->C:\Programme\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-0011-0000-0000-0000000FF1CE}" "{701D1499-1FE5-4E8E-9E09-562423116373}" "1031" "0"
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-0011-0000-0000-0000000FF1CE}" "{76CB26F9-C8AD-403B-8461-168B18C2FE31}" "1031" "0"
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{20140000-0011-0000-0000-0000000FF1CE}" "{7CDAA76C-5DB2-431F-A921-14A106BD8FA3}" "1031" "0"
Setup-->MsiExec.exe /I{D1612A3D-0DCC-4055-BB6A-0036F31158A0}
Share-->MsiExec.exe /I{D94ABC2B-5CA9-48B2-9266-15AB78384D3C}
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartTools Publishing • Excel Finanzplan-->"C:\Programme\SmartTools\Excel Finanzplan\Uninstall\uninstall.exe" "/U:C:\Programme\SmartTools\Excel Finanzplan\Uninstall\uninstall.xml"
SmartTools Publishing • Excel Mini-Kalender-->"C:\Programme\SmartTools\Excel Mini-Kalender\Uninstall\uninstall.exe" "/U:C:\Programme\SmartTools\Excel Mini-Kalender\Uninstall\uninstall.xml"
Sparwelt.de Gutschein Alarm-->MsiExec.exe /I{5943B7F7-678B-477E-9AEE-6E4C6962322B}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2-->"C:\Programme\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
TmUnitedForever StarEdition-->"C:\Programme\TmUnitedForever\unins000.exe"
Ubisoft Game Launcher-->"C:\Programme\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
UltraMon-->MsiExec.exe /I{B49673F8-7AB6-4A14-8213-C8A7BE370010}
VIO-->MsiExec.exe /I{D9C4FA35-7C6B-4C9E-863B-58C4D7472F41}
VLC media player 1.0.5-->C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C710CEED791003E4D635992B02471584893356A0\amdk8.inf
Winload Toolbar-->C:\PROGRA~1\Winload\UNWISE.EXE /U C:\PROGRA~1\Winload\INSTALL.LOG
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XviD MPEG-4 Codec-->"C:\Programme\XviD\UninstXviD.exe"

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: ****
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk4\D.

Record Number: 12385
Source Name: Disk
Time Written: 20100331214058.000000+120
Event Type: warning
User:

Computer Name: ****
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk4\D.

Record Number: 12384
Source Name: Disk
Time Written: 20100331214058.000000+120
Event Type: warning
User:

Computer Name: ****
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk4\D.

Record Number: 12383
Source Name: Disk
Time Written: 20100331214057.000000+120
Event Type: warning
User:

Computer Name: ****
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk4\D.

Record Number: 12382
Source Name: Disk
Time Written: 20100331214057.000000+120
Event Type: warning
User:

Computer Name: ****
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk4\D.

Record Number: 12381
Source Name: Disk
Time Written: 20100331214056.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: ****
Event Code: 4113
Message: AntiVir erkannte in der Datei
C:\System Volume Information\_restore{54339B5E-3B25-44E7-8036-DED3FBB3C759}\RP232\A0047467.exe
verdächtigen Code mit der Bezeichnung 'ADSPY/Craagle.19.6'!

Record Number: 4205
Source Name: Avira AntiVir
Time Written: 20100324185230.000000+060
Event Type: warning
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400

Record Number: 4189
Source Name: Office Software Protection Platform Service
Time Written: 20100322171726.000000+060
Event Type:
User:

Computer Name: ****
Event Code: 902
Message: The Software Protection service has started.
14.0.370.400

Record Number: 4180
Source Name: Office Software Protection Platform Service
Time Written: 20100321164644.000000+060
Event Type:
User:

Computer Name: ****
Event Code: 1001
Message: Fehlerhafter Speicherbereich 1738717805.

Record Number: 4170
Source Name: Application Error
Time Written: 20100319203409.000000+060
Event Type: error
User:

Computer Name: ****
Event Code: 4113
Message: AntiVir erkannte in der Datei
C:\WINDOWS\system32\sshnas21.dll
verdächtigen Code mit der Bezeichnung 'TR/Agent.183296'!

Record Number: 4169
Source Name: Avira AntiVir
Time Written: 20100319193200.000000+060
Event Type: warning
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Dankeschön im voraus

MfG Trucki

Alt 14.05.2010, 16:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer verseucht. Werbefenster öffnet sich immer wieder. - Standard

Computer verseucht. Werbefenster öffnet sich immer wieder.



Moin und

Zitat:
H:\PCTools\treiber\windows xp KeyGens & Cracks & Appz\MSKey4in1.exe (Malware.Tool) -> Quarantined and deleted successfully.
H:\PCTools\treiber\windows xp KeyGens & Cracks & Appz\WinXP Corp. Key Changer 2.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
So gerne ich Dir schon bei CH helfen wollte, aber bei Keygens und Cracks hört der Spaß und Support auf. Die Dinger sind illegal und wie Du siehst auch hochgefährlich.

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________

__________________

Alt 14.05.2010, 18:19   #3
Trucki
 
Computer verseucht. Werbefenster öffnet sich immer wieder. - Standard

Computer verseucht. Werbefenster öffnet sich immer wieder.



Danke trotzdem für deine Hilfe.
__________________

Antwort

Themen zu Computer verseucht. Werbefenster öffnet sich immer wieder.
adware.hotbar, adware.mywebsearch, antivir, antivir guard, avgntflt.sys, avira, backdoor.ircbot, bho, browser, browseui preloader, call of duty, computer, desktop, document, drvstore, einstellungen, excel, fehler, firefox, flash player, fontcache, gainward, hijack, hijackthis, hkus\s-1-5-18, home, hängt, internet browser, jusched.exe, malware.tool, microsoft office 2010, mozilla, msiexec, msiexec.exe, opera.exe, plug-in, preferences, realtek, registry, rundll, saver, schannel.dll, searchscopes, senden, software, studio, system, trojan.downloader, trojan.fraudpack.gen, trojan.renos, visual studio, vlc media player, werbefenster, windows xp, winload toolbar



Ähnliche Themen: Computer verseucht. Werbefenster öffnet sich immer wieder.


  1. Tab öffnet sich selbständig immer wieder
    Log-Analyse und Auswertung - 16.08.2014 (15)
  2. websearches öffnet sich immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (10)
  3. Adserver Popup öffnet sich immer wieder
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  4. iexplorer.exe öffnet sich immer wieder
    Log-Analyse und Auswertung - 24.07.2012 (1)
  5. Fenster öffnet sich immer wieder mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (2)
  6. Internet Explorer öffnet sich immer wieder automatisch
    Log-Analyse und Auswertung - 30.08.2010 (3)
  7. IE öffnet immer wieder werbefenster sowie geht immer wieder der ton aus
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (2)
  8. internet explorer öffnet sich immer wieder
    Log-Analyse und Auswertung - 25.04.2010 (2)
  9. Internet Explorer öffnet sich immer wieder
    Log-Analyse und Auswertung - 10.04.2010 (6)
  10. Internet Explorer öffnet sich immer wieder
    Log-Analyse und Auswertung - 03.02.2010 (1)
  11. Google öffnet falsche Seiten, Spybot öffnet sich nicht und PC geht immer wieder aus
    Plagegeister aller Art und deren Bekämpfung - 26.08.2009 (8)
  12. IE Öffnet sich immer wieder, Popups alle 2-5min!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2009 (2)
  13. PC verseucht? Mozilla öffnet Werbefenster+ auch sonst öfter Probleme
    Log-Analyse und Auswertung - 23.01.2009 (0)
  14. Media Player öffnet sich selbstständig immer und immer wieder
    Log-Analyse und Auswertung - 30.10.2008 (0)
  15. Seite öffnet sich immer wieder!
    Log-Analyse und Auswertung - 02.08.2007 (5)
  16. Outlook Express öffnet sich immer wieder von selbst
    Log-Analyse und Auswertung - 17.03.2005 (6)
  17. CD-ROM Laufwerk öffnet und schleißt sich immer wieder automatisch!!!
    Plagegeister aller Art und deren Bekämpfung - 07.12.2004 (6)

Zum Thema Computer verseucht. Werbefenster öffnet sich immer wieder. - Guten Tach erstmal. Bei meinem Computer funktioniert fast nichts mehr. Es öffnen sich immer wieder IE Werbefenster und Opera hängt seit der Programmöffnung auch immer. Ich poste dann mal alle - Computer verseucht. Werbefenster öffnet sich immer wieder....
Archiv
Du betrachtest: Computer verseucht. Werbefenster öffnet sich immer wieder. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.