Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.02.2010, 14:03   #1
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Hallo,

Avira findet In der Datei 'C:\Users\Timo\AppData\Local\Temp\setupv.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/VB.Downloader.Gen'.

Der Trojaner öffnet Popupfenster und ändert die Startseite meines Browsers immer, mehr fiel mir noch nicht auf.

Hijackthis-Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:16, on 06.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\conime.exe
C:\Users\Timo\AppData\Local\Temp\setupv.exe
C:\Windows\system32\cmd.exe
C:\Users\Timo\AppData\Local\Temp\ldm1.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: gwprimawega - {39f58b2d-5fcb-f616-b551-d5f498a85dc0} - C:\Windows\system32\R7n-4YXE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "D:\Empire\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: updater.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.line6.net
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 11390 bytes


Vielen Dank im Vorraus.

Alt 06.02.2010, 19:45   #2
MalwareHero
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Zitat:
Zitat von TKM Beitrag anzeigen
Hallo,

Avira findet In der Datei 'C:\Users\Timo\AppData\Local\Temp\setupv.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/VB.Downloader.Gen'.

Vielen Dank im Vorraus.
Guten Abend,

> bitte lade diese Dateien bei Virus Total hoch und lasse sie checken. Poste dann die logs hier in den Thread. http://www.virustotal.com/de/

C:\Users\Timo\AppData\Local\Temp\setupv.exe
C:\Users\Timo\AppData\Local\Temp\ldm1.exe
C:\Windows\system32\R7n-4YXE.dll

verschiebe diese Dateien nach der Auswertung in die Quarantäne von Avira!

> lade die A-squared free hier runter: a-squared Free - Kostenlose Anti-Viren, Anti-Trojaner, Anti-Spyware, Anti-Dialer und Anti-Wurm Software - gratis!
und mache einen "Smart Scann" Poste das Log.

lg.
__________________


Geändert von MalwareHero (06.02.2010 um 19:52 Uhr)

Alt 07.02.2010, 13:05   #3
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Hallo,

C:\Users\Timo\AppData\Local\Temp\setupv.exe

Ergebnis: 5/40 (12,5%)

Log: http://www.virustotal.com/de/analisis/5eeeab63dfe92a29b43f982a6b848db5416601789939c542a3405e262d146115-1265484351

C:\Users\Timo\AppData\Local\Temp\ldm1.exe

Ergebnis: 2/40 (5%)

http://www.virustotal.com/de/analisis/66317620600a01c464735c6008b6ef563276450d594e08baed2af625bfa87691-1265535464

C:\Windows\system32\R7n-4YXE.dll

Ergebnis: 2/40 (5%)

http://www.virustotal.com/de/analisis/26ff91e42a876ef4cbc183989e6a406ca3997f31566e115e4f492fa7ddb693bb-1265535583


Habe nun alle 3 in die Quarantäne verschoben.

A-Squared Log:

a-squared Free - Version 4.5
Letztes Update: 07.02.2010 10:56:03

Scan Einstellungen:

Scan Methode: Smart Scan
Objekte: Speicher, Traces, Cookies, C:\Windows\, C:\Program Files
Archiv Scan: An
Heuristik: Aus
ADS Scan: An

Scan Beginn: 07.02.2010 10:57:14

Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> DisplayName gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> ErrorControl gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> ImagePath gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> ObjectName gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> Start gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> Type gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> DisplayName gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> ErrorControl gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> ImagePath gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> ObjectName gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> Start gefunden: Trace.Registry.Work Examiner Standard!A2
Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> Type gefunden: Trace.Registry.Work Examiner Standard!A2
Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems gefunden: Trace.Registry.Trymedia!A2
Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software gefunden: Trace.Registry.Trymedia!A2
c:\program files\advantage\{a89aed22-9133-424c-88e7-c8235c5ff302}\ gefunden: Trace.Directory.AdVantage!A2
c:\program files\advantage\{a89aed22-9133-424c-88e7-c8235c5ff302}\components\ gefunden: Trace.Directory.AdVantage!A2
c:\program files\advantage\{a89aed22-9133-424c-88e7-c8235c5ff302}\components\memedia_ff.dll gefunden: Trace.File.AdVantage!A2
c:\windows\system32\h@tkeysh@@k.dll gefunden: Trace.File.H@tKeysH@@k!A2
c:\windows\system32\armaccess.dll gefunden: Trace.File.NGC ActiveSpy XP!A2
Value: HKEY_USERS\S-1-5-21-1736430328-2876659159-3367440274-1000\Software\Elcom\Advanced RAR Password Recovery --> Installer Language gefunden: Trace.Registry.Advanced RAR Password Recovery!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> InstallDir gefunden: Trace.Registry.Advanced RAR Password Recovery!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> Stat param #1 gefunden: Trace.Registry.Advanced RAR Password Recovery!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> Stat param #2 gefunden: Trace.Registry.Advanced RAR Password Recovery!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@2o7[1].txt gefunden: Trace.TrackingCookie.2o7!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adtech[1].txt gefunden: Trace.TrackingCookie.adtech!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adtech[2].txt gefunden: Trace.TrackingCookie.adtech!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adtech[3].txt gefunden: Trace.TrackingCookie.adtech!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@advertising[1].txt gefunden: Trace.TrackingCookie.advertising!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@advertising[3].txt gefunden: Trace.TrackingCookie.advertising!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adviva[1].txt gefunden: Trace.TrackingCookie.adviva!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bluestreak[1].txt gefunden: Trace.TrackingCookie.bluestreak!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bluestreak[2].txt gefunden: Trace.TrackingCookie.bluestreak!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bs.serving-sys[1].txt gefunden: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bs.serving-sys[2].txt gefunden: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@burstnet[1].txt gefunden: Trace.TrackingCookie.burstnet!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@com[1].txt gefunden: Trace.TrackingCookie.com!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@doubleclick[1].txt gefunden: Trace.TrackingCookie.doubleclick!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@doubleclick[2].txt gefunden: Trace.TrackingCookie.doubleclick!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@fastclick[1].txt gefunden: Trace.TrackingCookie.fastclick!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@hitbox[2].txt gefunden: Trace.TrackingCookie.hitbox!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@mediaplex[1].txt gefunden: Trace.TrackingCookie.mediaplex!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@mediaplex[3].txt gefunden: Trace.TrackingCookie.mediaplex!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@pointroll[1].txt gefunden: Trace.TrackingCookie.pointroll!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@questionmarket[1].txt gefunden: Trace.TrackingCookie.questionmarket!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[1].txt gefunden: Trace.TrackingCookie.serving-sys!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[3].txt gefunden: Trace.TrackingCookie.serving-sys!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[4].txt gefunden: Trace.TrackingCookie.serving-sys!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[5].txt gefunden: Trace.TrackingCookie.serving-sys!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[6].txt gefunden: Trace.TrackingCookie.serving-sys!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@smartadserver[2].txt gefunden: Trace.TrackingCookie.smartadserver!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@smartadserver[3].txt gefunden: Trace.TrackingCookie.smartadserver!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@specificclick[1].txt gefunden: Trace.TrackingCookie.specificclick!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@statse.webtrendslive[2].txt gefunden: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@tradedoubler[1].txt gefunden: Trace.TrackingCookie.tradedoubler!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@tradedoubler[2].txt gefunden: Trace.TrackingCookie.tradedoubler!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[1].txt gefunden: Trace.TrackingCookie.weborama!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[3].txt gefunden: Trace.TrackingCookie.weborama!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[4].txt gefunden: Trace.TrackingCookie.weborama!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[5].txt gefunden: Trace.TrackingCookie.weborama!A2
C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[6].txt gefunden: Trace.TrackingCookie.weborama!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236952956638548 gefunden: Trace.TrackingCookie.doubleclick.net!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236953830308848 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236953830308849 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236953830308850 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236956000663248 gefunden: Trace.TrackingCookie.ad.zanox.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236956000663250 gefunden: Trace.TrackingCookie.ad.zanox.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237030604653268 gefunden: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237053452845656 gefunden: Trace.TrackingCookie.ad.zanox.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237138143075858 gefunden: Trace.TrackingCookie.doubleclick.net!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237160364933358 gefunden: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237160364935358 gefunden: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237160364935359 gefunden: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237162649248359 gefunden: Trace.TrackingCookie.ads.heias.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237207546906250 gefunden: Trace.TrackingCookie.www.zanox-affiliate.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237504043979073 gefunden: Trace.TrackingCookie.www.zanox-affiliate.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237504043980074 gefunden: Trace.TrackingCookie.www.zanox-affiliate.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511755 gefunden: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511756 gefunden: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511757 gefunden: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511758 gefunden: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1239697541520055 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1242040101718340 gefunden: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1242815723433562 gefunden: Trace.TrackingCookie.doubleclick.net!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1243441391003258 gefunden: Trace.TrackingCookie.server.cpmstar.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1247013285294568 gefunden: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1248213358197000 gefunden: Trace.TrackingCookie.ads.heias.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1248278546888000 gefunden: Trace.TrackingCookie.ads.heias.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1249833829601000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1249908705591003 gefunden: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1249908705592002 gefunden: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1250512764443001 gefunden: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1250637700642000 gefunden: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1250690529964001 gefunden: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1251297724800002 gefunden: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1251840717855002 gefunden: Trace.TrackingCookie.ads.heias.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1253141166153002 gefunden: Trace.TrackingCookie.ads.heias.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1253871496383000 gefunden: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1253871496383001 gefunden: Trace.TrackingCookie.rotator.adjuggler.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1254566474624000 gefunden: Trace.TrackingCookie.ad.adition.net!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1254566474624001 gefunden: Trace.TrackingCookie.ad.adition.net!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1257793356662000 gefunden: Trace.TrackingCookie.zedo.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1257793356662001 gefunden: Trace.TrackingCookie.zedo.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1257873518945000 gefunden: Trace.TrackingCookie.ad.adition.net!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1258727628995000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1259155513411000 gefunden: Trace.TrackingCookie.www.burstnet.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1259527973890000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260445818481001 gefunden: Trace.TrackingCookie.ads.heias.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260459097492000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260734224021001 gefunden: Trace.TrackingCookie.myspace.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260734225628000 gefunden: Trace.TrackingCookie.myspace.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260734225628003 gefunden: Trace.TrackingCookie.myspace.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1261050238663001 gefunden: Trace.TrackingCookie.ads.heias.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1261418872735000 gefunden: Trace.TrackingCookie.adserv!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1262277711869000 gefunden: Trace.TrackingCookie.zedo.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1262779195186001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263297242324000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263316435666003 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263330446292000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263400838033000 gefunden: Trace.TrackingCookie.www.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263465239073000 gefunden: Trace.TrackingCookie.myspace.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263470133266001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263473823403000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263474163694001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263478329361000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263507887345001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263543005089001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263650156899001 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263825002613000 gefunden: Trace.TrackingCookie.ads.telegraph.co.uk!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263825003455000 gefunden: Trace.TrackingCookie.webtrends!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263902675817000 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263995414337000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264003872477000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264005598074001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264005598232001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264021608150001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264021611452001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264067257579000 gefunden: Trace.TrackingCookie.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264069964500001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264073522122001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264076708158000 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264097942373000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264245907106001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264246161515001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264246161655001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264246302086001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264272075247000 gefunden: Trace.TrackingCookie.about.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264272076499000 gefunden: Trace.TrackingCookie.about.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264272076507000 gefunden: Trace.TrackingCookie.about.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264276231382001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264276231585001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264368945262000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264456251289001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264495796900000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264498678845000 gefunden: Trace.TrackingCookie.ad.ent.tbn.ru!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264502125046001 gefunden: Trace.TrackingCookie.www.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264502125046002 gefunden: Trace.TrackingCookie.www.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264502953611001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264504804976000 gefunden: Trace.TrackingCookie.zbox.zanox.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264504828977000 gefunden: Trace.TrackingCookie.clix.superclix.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264596857220002 gefunden: Trace.TrackingCookie.searchportal.information.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264596948478001 gefunden: Trace.TrackingCookie.adserv!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264678893046002 gefunden: Trace.TrackingCookie.adserv!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264679633391000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691124362000 gefunden: Trace.TrackingCookie.www.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691131025001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691131465001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691854818000 gefunden: Trace.TrackingCookie.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691877463000 gefunden: Trace.TrackingCookie.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264756792957000 gefunden: Trace.TrackingCookie.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264766259900000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264767752521000 gefunden: Trace.TrackingCookie.www.buy!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264767753722000 gefunden: Trace.TrackingCookie.zedo.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264800959803002 gefunden: Trace.TrackingCookie.click.cashengines.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264841923355003 gefunden: Trace.TrackingCookie.ign.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870831699000 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870831871001 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870832713000 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870833665000 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870833665001 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870833665002 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870834380000 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870850790000 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264948569696000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264948572023000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264962234372000 gefunden: Trace.TrackingCookie.lycos.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264962236554000 gefunden: Trace.TrackingCookie.ads.lycos.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264970932923000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265016367301000 gefunden: Trace.TrackingCookie.zedo.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265026230768000 gefunden: Trace.TrackingCookie.server.iad.livepers!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265041369866000 gefunden: Trace.TrackingCookie.adserv!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265042455029000 gefunden: Trace.TrackingCookie.de.sitestat.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265056431572000 gefunden: Trace.TrackingCookie.casalemedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265056567543002 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265062030041001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265112544510000 gefunden: Trace.TrackingCookie.ad.chip.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265112568677001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265114755544000 gefunden: Trace.TrackingCookie.stat.onestat!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265114755544001 gefunden: Trace.TrackingCookie.stat.onestat!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117293427000 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117301782000 gefunden: Trace.TrackingCookie.de.sitestat.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117304214000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117304214001 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265120765423000 gefunden: Trace.TrackingCookie.www.etracker.de!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265183823778002 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265191240373001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265201037365000 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265201048617000 gefunden: Trace.TrackingCookie.go.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265213388641001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265213388705001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265215741283003 gefunden: Trace.TrackingCookie.adbrite.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265272496937001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265290054392000 gefunden: Trace.TrackingCookie.ads.crakmedia.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460000 gefunden: Trace.TrackingCookie.web.checkm8.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460002 gefunden: Trace.TrackingCookie.web.checkm8.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460003 gefunden: Trace.TrackingCookie.web.checkm8.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460004 gefunden: Trace.TrackingCookie.web.checkm8.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460005 gefunden: Trace.TrackingCookie.web.checkm8.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265317895202000 gefunden: Trace.TrackingCookie.optimize.indieclick.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265370654634000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459387677000 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459387677001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459388457000 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459388457001 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459589426000 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265460393397000 gefunden: Trace.TrackingCookie.adsfac.eu!A2
C:\Windows\System32\H@tKeysH@@k.DLL gefunden: Trojan.Win32.HotKeysHook!A2
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll gefunden: Adware.Win32.AdVantage!A2
C:\Program Files\Celemony\Melodyne.3.0\Resources\studio3.dll gefunden: Virus.Win32.Trojan!IK

Gescannt

Dateien: 186987
Traces: 562808
Cookies: 3236
Prozesse: 68

Gefunden

Dateien: 3
Traces: 23
Cookies: 211
Prozesse: 0
Registry Keys: 0

Scan Ende: 07.02.2010 12:46:08
Scan Zeit: 1:48:54
__________________

Alt 07.02.2010, 17:24   #4
MalwareHero
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Zitat:
Zitat von TKM Beitrag anzeigen
Hallo,
Habe nun alle 3 in die Quarantäne verschoben.
Es handelt sich bei zwei der Dateien um Malware. Lösche diese Dateien in der Avira Quarantäne.
Diese Datei belasse in der Quarantäne:C:\Windows\system32\R7n-4YXE.dll Schicke sie an Avira ein, zur Überprüfung.


Zitat:
A-Squared Log:
Die Fünde bitte, in der Quarantäne von A-squared, ebenfalls löschen.

Zitat:
C:\Program Files\Celemony
C:\Program Files\AdVantage
Woher hast du diese Programme? Runtergeladen?
Bitte deinstallieren.

> Systemwiederherstellung deaktivieren: http://www.windowspower.de/Systemwie...Vista_967.html

> Wechselmedien (USB Sticks etc. immer mitscannen)

> Scan deinen PC online mit F-secure: F-Secure Security Lab - Online-Scanner (mit Internet Explorer) Fünde löschen.
Poste das Log.

> Alle Passwörter sobald wie möglich von einem zweitem, sauberen PC aus ändern! Hast du Online Banking auf diesem System durchgeführt informiere deine Bank, dass Malware auf deinem System gefunden wurde.

> Lade dir http://www2.gmer.net/catchme.htm runter und führe es aus:
How to scan
#

Download catchme.exe ( 137KB ) to your desktop.
# Auf dein Desktop downloaden.

Double click the catchme.exe to run it
# Doppel Klick auf catchme.exe

Click the "Scan" button to start scan
# Klick auf den Scan Knopf

Open catchme.log to see results
Öffne das catchme.log und poste es hier.

Geändert von MalwareHero (07.02.2010 um 17:38 Uhr)

Alt 10.02.2010, 16:12   #5
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Hallo,

Haben die Dateien gelöscht, eben so die von F-Secure. Waren 15 Malware Cookies, Einen Log finde ich nicht hierzu.

catchme log:

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 15:55:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:9c7d76a2
"s2"=dword:dac7382d
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:62,14,04,f9,1d,ee,f4,a3,5e,5c,6c,dd,29,34,47,d0,8f,d8,bb,b2,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000002
"hdf12"=hex:17,ab,aa,b5,f0,41,21,d2,49,59,4c,c5,1f,06,63,16,40,15,30,70,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,79,02,b4,17,50,d2,89,fc,d1,b7,03,39,07,7f,19,db,4f,..
"hdf12"=hex:ce,ae,53,8a,56,59,19,a7,58,f9,62,78,3f,41,9d,5a,f7,32,6e,79,83,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8f,98,d2,74,97,bf,43,d4,76,f9,43,27,b8,92,3d,eb,be,e2,bf,6b,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:b5,82,7b,34,5d,d8,fc,99,37,d0,e0,08,7c,05,ac,1b,1c,72,06,bd,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:36,99,55,a8,05,76,dd,fd,c0,e0,e9,3c,7d,4d,a0,6e,15,56,72,5b,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:c3,db,9b,96,51,3f,cb,c5,ba,69,93,df,06,d6,d6,54,de,ee,b0,0f,5b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:93,36,3c,c1,ee,7c,8e,de,1d,25,d9,51,60,8d,2c,ae,1c,b1,5c,5a,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d0,fc,11,12,3c,b9,75,a4,8f,50,9a,9f,10,49,c1,7a,1b,35,d5,55,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c0,d5,45,d0,a6,df,3e,f8,d5,b5,59,c5,ca,52,fc,cf,24,38,e6,13,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c2,08,f9,55,a4,c4,4d,eb,5e,18,3b,77,25,4c,b7,95,48,5c,54,71,b0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:62,14,04,f9,1d,ee,f4,a3,5e,5c,6c,dd,29,34,47,d0,8f,d8,bb,b2,ca,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000002
"hdf12"=hex:17,ab,aa,b5,f0,41,21,d2,49,59,4c,c5,1f,06,63,16,40,15,30,70,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,79,02,b4,17,50,d2,89,fc,d1,b7,03,39,07,7f,19,db,4f,..
"hdf12"=hex:ce,ae,53,8a,56,59,19,a7,58,f9,62,78,3f,41,9d,5a,f7,32,6e,79,83,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8f,98,d2,74,97,bf,43,d4,76,f9,43,27,b8,92,3d,eb,be,e2,bf,6b,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:b5,82,7b,34,5d,d8,fc,99,37,d0,e0,08,7c,05,ac,1b,1c,72,06,bd,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2]
"hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3]
"hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:36,99,55,a8,05,76,dd,fd,c0,e0,e9,3c,7d,4d,a0,6e,15,56,72,5b,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:c3,db,9b,96,51,3f,cb,c5,ba,69,93,df,06,d6,d6,54,de,ee,b0,0f,5b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:93,36,3c,c1,ee,7c,8e,de,1d,25,d9,51,60,8d,2c,ae,1c,b1,5c,5a,de,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:d0,fc,11,12,3c,b9,75,a4,8f,50,9a,9f,10,49,c1,7a,1b,35,d5,55,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c0,d5,45,d0,a6,df,3e,f8,d5,b5,59,c5,ca,52,fc,cf,24,38,e6,13,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:c2,08,f9,55,a4,c4,4d,eb,5e,18,3b,77,25,4c,b7,95,48,5c,54,71,b0,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"r0\x008d00 ?(?T?r?u?e?T?y?p?e?)?"="hiromi.TTF"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Alt 10.02.2010, 16:57   #6
MalwareHero
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



> Bitte Malwarebytes ausführen und Log posten

lg.

Alt 10.02.2010, 18:03   #7
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Habe die 4 Funde vom Malwarebytes Log gelöscht. Bei Neustart vom Computer existiert aber immer wieder die setupv.exe im Temp Ordner und wird von meinem Avira gemeldet.


Malwarebytes Log:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3720
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.02.2010 18:03:00
mbam-log-2010-02-10 (18-02-56).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 112674
Laufzeit: 5 minute(s), 53 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f58b2d-5fcb-f616-b551-d5f498a85dc0} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{39f58b2d-5fcb-f616-b551-d5f498a85dc0} (Adware.BHO) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www3.iamwired.net/) Good: (http://www.Google.com) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Geändert von TKM (10.02.2010 um 18:10 Uhr)

Alt 10.02.2010, 18:16   #8
MalwareHero
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Bitte Combofix ausführen:

Vor Anwendung der Combofix
sollte man die temporären Dateien löschen
schliesse alle Programme und Anwendungen mit Hintergrundwächtern inklusive der Firewall + Antivirusprogramme müssen deaktiviert sein.

Lade Combofix.exe auf das Windows-Desktop

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Bitte nicht die Maus während Combofix läuft bewegen oder etwas anklicken. Dies könnte Combofix zum Absturz bringen

* doppelklick: combofix.exe Combofix

* klicke "Ja" , nach Lesen vom Disclaimer und Warnmeldung

Combofix - warnmeldung

* schreibe "1" - klicke "Enter"

Combofix

* nun abwarten, bis ein neuer Systemwiederherstellungspunkt erstellt wurde + der Scan erfolgt
* das Log wird automatisch erscheinen (combofix.txt)
* mit der rechten Maustaste den Text markieren -> komplett abkopieren -> im Forum, wo du einen Beitrag eröffnet hast -> einfügen

- Der Computer wird evtl. nach dem Scan neustarten. Bitte geduldig abwarten, bis das Log erstellt wird!

Alt 11.02.2010, 19:47   #9
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Hallo,

Habe alle Firewalls und Virenscanner ausgemacht, Das Programm meinte aber AntiVir wäre noch an, aber es war aus.

Hier der Log:

ComboFix 10-02-10.05 - Timo 11.02.2010 19:08:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1845 [GMT 1:00]
ausgeführt von:: c:\users\Timo\Desktop\Heruntergeladen\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Timo\AppData\Roaming\inst.exe
c:\users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.exe
c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((( Dateien erstellt von 2010-01-11 bis 2010-02-11 ))))))))))))))))))))))))))))))
.

2010-02-11 18:18 . 2010-02-11 18:19 -------- d-----w- c:\users\Timo\AppData\Local\temp
2010-02-11 18:18 . 2010-02-11 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-10 16:42 . 2010-02-10 16:42 -------- d-----w- c:\users\Timo\AppData\Roaming\Malwarebytes
2010-02-10 16:42 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 16:42 . 2010-02-10 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 16:42 . 2010-02-10 16:42 -------- d-----w- c:\programdata\Malwarebytes
2010-02-10 16:42 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 16:40 . 2010-02-10 15:36 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-10 15:36 . 2010-02-10 15:36 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-10 15:36 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-10 15:36 . 2010-02-10 15:36 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-10 15:36 . 2010-02-10 15:36 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-10 15:36 . 2010-02-10 15:36 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-10 15:36 . 2010-02-10 15:36 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-10 15:36 . 2010-02-10 15:36 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-10 15:36 . 2010-02-10 15:36 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-10 15:36 . 2010-02-10 15:36 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-10 15:35 . 2010-02-10 15:35 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-10 15:35 . 2010-02-10 15:35 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-10 15:35 . 2010-02-10 15:35 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-10 15:35 . 2010-02-10 15:35 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-10 15:35 . 2010-02-10 15:35 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-10 15:35 . 2010-02-10 15:35 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-10 15:35 . 2010-02-10 15:35 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-10 15:35 . 2010-02-10 15:35 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-10 15:35 . 2010-02-10 15:35 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-10 15:35 . 2010-02-10 15:35 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-10 15:33 . 2010-02-10 15:33 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-10 15:33 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2010-02-10 14:44 . 2010-02-10 14:44 -------- d-----w- c:\programdata\F-Secure
2010-02-10 08:41 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 08:41 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-07 09:53 . 2010-02-10 14:21 -------- d-----w- c:\program files\a-squared Free
2010-02-06 12:31 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-06 12:31 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-06 12:31 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-06 12:31 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-06 12:31 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-06 12:31 . 2010-02-06 12:31 -------- d-----w- c:\program files\Trojan Remover
2010-02-06 12:31 . 2010-02-06 12:31 -------- d-----w- c:\users\Timo\AppData\Roaming\Simply Super Software
2010-02-06 12:31 . 2010-02-06 12:31 -------- d-----w- c:\programdata\Simply Super Software
2010-02-05 22:27 . 2010-02-06 12:53 118284 ----a-w- c:\windows\system32\hdR4OCFxh504UF.exe
2010-02-05 17:38 . 2010-02-05 17:38 -------- d-----w- c:\program files\Design-Lib Creations
2010-02-02 12:17 . 2010-02-02 12:17 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-02 12:16 . 2010-02-02 12:15 24437624 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10DE.exe
2010-02-02 12:16 . 2010-02-02 12:16 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-02-02 12:16 . 2010-02-02 12:16 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-02-02 12:16 . 2010-02-02 12:16 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-02-01 20:39 . 2010-02-01 20:39 -------- d-----w- c:\users\Timo\AppData\Roaming\Ubisoft
2010-01-22 09:33 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 09:33 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-16 14:56 . 2010-01-16 14:56 -------- d-----w- c:\program files\Xilisoft
2010-01-16 14:52 . 2010-01-16 14:57 -------- d-----w- C:\Temp
2010-01-16 14:39 . 2010-01-16 14:39 -------- d-----w- c:\program files\WIDI 4.0 Pro
2010-01-16 14:32 . 2010-01-16 14:36 -------- d-----w- c:\program files\TallStick
2010-01-16 13:47 . 2010-01-16 13:51 -------- d-----w- c:\users\Timo\TruePianos Settings
2010-01-13 10:12 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 10:12 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 21:48 . 2010-01-12 17:23 -------- d-----w- c:\users\Timo\AppData\Roaming\vlc
2010-02-10 19:53 . 2006-11-02 15:33 621714 ----a-w- c:\windows\system32\perfh007.dat
2010-02-10 19:53 . 2006-11-02 15:33 123452 ----a-w- c:\windows\system32\perfc007.dat
2010-02-10 15:21 . 2007-10-15 09:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-10 10:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 10:46 . 2007-04-18 03:55 -------- d-----w- c:\programdata\Microsoft Help
2010-02-05 17:58 . 2007-10-22 20:06 -------- d-----w- c:\programdata\FLEXnet
2010-02-05 16:28 . 2007-11-08 11:36 -------- d-----w- c:\users\Timo\AppData\Roaming\dvdcss
2010-02-04 14:19 . 2007-12-10 21:30 48 ----a-w- c:\windows\msocreg32.dat
2010-02-02 12:24 . 2009-01-19 23:02 -------- d-----w- c:\programdata\Installations
2010-02-02 12:18 . 2009-01-19 23:03 -------- d-----w- c:\program files\Nokia
2010-02-01 20:10 . 2007-04-18 03:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 20:11 . 2009-08-21 22:04 -------- d-----w- c:\users\Timo\AppData\Roaming\Hamachi
2010-01-30 23:22 . 2007-11-22 21:26 -------- d-----w- c:\program files\Anno 1701
2010-01-30 00:11 . 2007-10-08 17:15 312472 ----a-w- c:\users\Timo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-16 14:40 . 2008-10-12 15:15 -------- d-----w- c:\users\Timo\AppData\Roaming\Music Recognition
2010-01-14 10:12 . 2009-10-02 23:37 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-26 11:54 . 2009-12-26 11:54 -------- d-----w- c:\program files\mp3DirectCut
2009-12-26 11:25 . 2009-12-26 11:25 -------- d-----w- c:\program files\ConvertHelper
2009-12-15 18:30 . 2007-11-07 18:33 139280 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-15 18:30 . 2007-11-07 18:33 202000 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-13 19:49 . 2008-03-08 09:51 -------- d-----w- c:\program files\CCleaner
2009-12-11 11:43 . 2010-02-10 08:42 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 08:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 08:42 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:42 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:42 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 08:42 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:42 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:42 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:42 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:42 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:42 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:42 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:42 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:42 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-18 15:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2009-01-22 22:28 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-01-22 22:28 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-01-22 22:28 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"CTXFIREG"="CTxfiReg.exe" [2008-02-20 43520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 92704]
"PDFPrint"="c:\program files\pdf24\PDFBackend.exe" [2008-01-31 134144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CTHelper"="CTHELPER.EXE" [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 19968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-18 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2a,2e,b7,07,ab,0a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1736430328-2876659159-3367440274-1000]
"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10.02.2010 16:36 64288]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [07.02.2010 10:53 1858144]
R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [19.01.2009 19:31 277544]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [10.12.2008 00:10 24636]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02.12.2009 14:19 1181328]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [06.05.2009 10:11 185640]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [15.10.2007 09:51 721904]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [22.11.2007 14:31 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\daupdatersvc.service.exe [23.11.2009 21:21 25832]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [20.01.2009 13:13 1527900]
S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [29.05.2008 11:56 21504]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.03.2009 14:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.03.2009 14:48 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [25.01.2007 18:31 42000]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\System32\drivers\P1130Vid.sys [04.05.2004 04:48 90229]
S3 vaxscsi;vaxscsi;c:\windows\System32\drivers\vaxscsi.sys [17.03.2008 19:34 223128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35]

2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35]

2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35]

2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35]

2010-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35]

2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{56CAD019-6BFF-4321-9054-E580AD17B35D}.job
- c:\windows\system32\msfeedssync.exe [2008-05-29 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.Google.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: line6.net
FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:defficial
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{8c60d071-d3a0-e479-a01d-b91cb41fc45e}\components\1-f0pBq.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Steam - d:\empire\Steam.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-ArtMoney SE_is1 - c:\users\Timo\Desktop\ArtMoney\Uninstall\unins000.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-MegaTrainer XL_is1 - c:\users\Timo\Desktop\MegaTrainer XL\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 19:19
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1736430328-2876659159-3367440274-1000\Software\SecuROM\License information*]
"datasecu"=hex:5c,8e,17,6f,86,6b,96,5c,0b,c5,70,44,13,5e,4b,ad,30,03,9a,9a,c1,
a1,d4,28,84,d0,af,0f,56,4e,33,aa,8d,d8,6a,d5,a0,86,44,4b,68,33,f9,e9,2a,1c,\
"rkeysecu"=hex:4c,37,c0,b6,cf,83,9c,29,ac,95,b0,4a,70,0e,2d,57

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-02-11 19:21:54
ComboFix-quarantined-files.txt 2010-02-11 18:21

Vor Suchlauf: 9.763.639.296 Bytes frei
Nach Suchlauf: 9.880.317.952 Bytes frei

- - End Of File - - 15A4E11D53ED2A9511A4424F3C5D29F3

Alt 12.02.2010, 15:48   #10
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Die setupv.exe wird nun nichtmehr erstellt.
Dafür stürzt mein Firefox nun ständig ab und öffnet auf jeder Seite Werbung, also keine Popups, sondern direkt auf der Seite.

Alt 14.02.2010, 01:03   #11
MalwareHero
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Zitat:
Zitat von TKM Beitrag anzeigen
Die setupv.exe wird nun nichtmehr erstellt.
Dafür stürzt mein Firefox nun ständig ab und öffnet auf jeder Seite Werbung, also keine Popups, sondern direkt auf der Seite.
- Fertige mal ein RSIT log an und poste es.

- Scan mit Malwarebytes im abgesicherten Modus. (Beim Restart F8 Taste drücken) Poste das Log.

lg.

Alt 14.02.2010, 11:26   #12
Larusso
/// Selecta Jahrusso
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Den Scan mit Malwarebytes im abgesicherten Modus kannst Du dir sparen.

schritt 1

Starte MBAM im Normalmodus, lass alle Funde entfernen.

schritt 2

Downloade dir TFC ( by OldTimer ) von hier.
Speichere die Datei am Desktop. Schließe alle laufenden Programme. Das Tool verlangt eventuell einen Neustart, dies bitte zulassen.


schritt 3

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    setupv.exe
    :regfind
    setupv
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.


schritt 4

Systemdetails mit RSIT prüfen
  • Lade Random's System Information Tool (RSIT) von random/random herunter,
  • speichere es auf Deinem Desktop.
  • Starte mit Doppelklick die RSIT.exe.
  • Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
  • Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
  • In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
  • Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
  • Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
  • Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
  • Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.
  • Bei nötigen Folgescans das Tool immer wie folgt starten:
  • Start => ausführen => "%userprofile%\desktop\rsit.exe" /info (reinkopieren),
    damit die alten Logdateien überschrieben werden.


Bitte poste in Deiner nächsten Antwort
Log von Malwarebytes
Systemlook.txt
log.txt
info.txt
Berichte wie der Rechner läuft.

[und wieder raus bin]
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 14.02.2010, 12:47   #13
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Ich weis nicht wie ich etwas im Forum minimiere, habe auch schon geschaut wie das geht, finde aber nichts.

Deswegen poste ich jetzt jeden Log als eigenen Beitrag, damit es übersichtlicher ist.


RSIT-Log (info.txt):

info.txt logfile of random's system information tool 1.06 2010-02-14 12:37:26

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0007
-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER
-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A68AACBA-C3AF-467B-978C-E05C31650CF6}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 /remove
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x7 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x7 -removeonly
Acer Plug and Record-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x7 -removeonly
Acer Zone Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe" -uninstall
ACID Pro 7.0-->MsiExec.exe /X{FBCED1D8-E731-42B7-AD49-A291175BAA1B}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
Addictive Drums-->C:\Windows\unvise32.exe C:\Program Files\XLN Audio\Addictive Drums\uninstal.log
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Agatha Christie - Evil Under the Sun-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B806E8-BA3C-4FC2-AAB8-116FC8514697}\setup.exe" -l0x9 -uninst
Age of Conan: Hyborian Adventures-->"D:\Age of Conan\unins000.exe"
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
Anno 1701-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -l0x7 -removeonly
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Applied Acoustics Systems - Strum Acoustic GS-1 v1.0-->D:\Strum Acoustic GS-1\Uninstall.exe
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
Auslogics Disk Defrag-->"D:\Auslogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x7
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x7
Call of Duty Modern Warfare 2-->"D:\Call of Duty Modern Warfare 2\Modern Warfare 2\unins000.exe"
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{149464D9-B06F-4505-9968-FD1206F67AD3}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.5 Patch-->C:\Program Files\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{750C87B8-AF19-4C3C-B791-50D9C83AE572}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative ALchemy (X-Fi Edition)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A68AACBA-C3AF-467B-978C-E05C31650CF6}\setup.exe" -l0x7 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x7 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7 /remove
Creative WebCam NX Pro Driver (1.03.03.0326)-->C:\Windows\CtDrvIns.exe -uninstall -script Pd1130.uns -unsext NT -plugin P1130Pin.dll -pluginres P1130Pin.crl
Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove
Design-Lib.Com - Batch PSD to JPG-->C:\Program Files\Design-Lib Creations\UninstalDlPsdtoJpg.exe
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Die*Sims™*3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doc Convertor 1.0 (Beta)-->"C:\Program Files\Doc Convertor\unins000.exe"
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0407
FileZilla Client 3.2.0-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
GoldWave v5.22-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.22" "C:\Program Files\GoldWave\unstall.log"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iZotope Ozone 4-->"C:\Program Files\iZotope\Ozone 4\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kodak EasyShare Software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_460007_22405a\Setup.exe /APR-REMOVE
Lost Auction-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Lost Auction\ST6UNST.LOG"
LoudMo Contextual Ad Assistant-->C:\Windows\system32\hdR4OCFxh504UF.exe
MAGIX Screenshare 4.3.6.1987 (D)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Melodyne 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Miroslav Philharmonik Instruments-->C:\Program Files\InstallShield Installation Information\{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Miroslav Philharmonik-->C:\Program Files\InstallShield Installation Information\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
mkv2vob-->MsiExec.exe /X{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Native Instruments Guitar Rig 3-->C:\Program Files\Native Instruments\Guitar Rig 3\uninstall.exe
Native Instruments Guitar Rig Registered User Library Vol.1-->C:\Users\Timo\DOCUME~1\NATIVE~1\GUITAR~1\SOUNDB~1\GUITAR~2\UNWISE.EXE C:\Users\Timo\DOCUME~1\NATIVE~1\GUITAR~1\SOUNDB~1\GUITAR~2\INSTALL.LOG
Native Instruments Kontakt 3-->C:\PROGRA~1\NATIVE~1\KONTAK~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~2\INSTALL.LOG
Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Software Updater-->MsiExec.exe /X{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenAL-->"C:\Program Files\OpenAL\OALInst.exe" /U
PC Wizard 2008.1.87-->"C:\Program Files\PC Wizard 2008\unins000.exe"
pdf24-->"C:\Program Files\pdf24\unins000.exe"
PDFToIMAGE v1.6-->"C:\Program Files\Oakdoc\PDFToIMAGE\unins000.exe"
Pianoteq v2.2.0-->"C:\Program Files\Pianoteq 2.2\uninstall.exe"
Pixie 1.4.1-->"C:\Program Files\Pixie\unins000.exe"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
PunkBuster für Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x7
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealStrat-->"D:\RealStrat\Uninstall.exe" "D:\RealStrat\install.log" -u
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Risen-->"C:\Program Files\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0007 -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SharpEye Music Reader 2-->C:\PROGRA~1\VISIV-~1\SHARPE~1\UNWISE.EXE C:\PROGRA~1\VISIV-~1\SHARPE~1\INSTALL.LOG
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony ACID Music Studio 7.0-->MsiExec.exe /X{64CFBF47-0149-4E4C-A348-3701FE7597F1}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7 /remove
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Studio Instruments 1.0-->"C:\Program Files\Cakewalk\Studio Instruments\unins000.exe"
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab-->MsiExec.exe /I{9EBDAF91-DADA-47CE-94F2-F5B004007934}
Tales of Monkey Island - Lair of the Leviathan-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland103.exe
Tales of Monkey Island - Launch of the Screaming Narwhal-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland101.exe
Tales of Monkey Island - Rise of the Pirate God-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland105.exe
Tales of Monkey Island - The Siege of Spinner Cay-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland102.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
The Nosebleed Pack Patch Install-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5EDF350-FBEE-40B7-926D-4DA2492BFF06}\setup.exe"
Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe"
TruePianos 1.4.1-->"D:\TruePianos\unins000.exe"
TruePianos: Amber Module 1.4.0-->"D:\TruePianos\Content\unins000.exe"
TruePianos: Diamond Module 1.4.0-->"D:\TruePianos\Content\unins001.exe"
TruePianos: Emerald Module 1.4.0-->"D:\TruePianos\Content\unins002.exe"
TruePianos: Sapphire Module 1.4.0-->"D:\TruePianos\Content\unins003.exe"
TruePianos: Sapphire Module 1.4.0-->"D:\TruePianos\Content\unins004.exe"
Ulead Photo Explorer 8.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\setup.exe" -l0x7
Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7
Ulead PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0407
Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0407
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.2.0.5800-->MsiExec.exe /X{E464702F-5433-46EC-8F65-159276C0A54F}
WIDI Recognition System Pro 4.03 (remove only)-->"C:\Program Files\WIDI 4.0 Pro\Uninstall.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}\setup.exe -runfromtemp -l0x0409
Worms Armageddon-->C:\Windows\IsUninst.exe -f"d:\Worms Armageddon\Uninst.isu"
Worms World Party-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
XAMPP 1.7.1-->"D:\xampp\uninstall.exe"
Zoo Tycoon: Complete Collection-->"D:\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

======Hosts File======

127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Avira AntiVir PersonalEdition
AS: Windows-Defender

======System event log======

Computer Name: Timo-M
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB975517(Security Update) in den Status Wird bereitgestellt(Staging).
Record Number: 423510
Source Name: Microsoft-Windows-Servicing
Time Written: 20091016090002.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Timo-M
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB975517(Security Update) in den Status Wird bereitgestellt(Staging).
Record Number: 423509
Source Name: Microsoft-Windows-Servicing
Time Written: 20091016090002.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Timo-M
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB975517(Security Update) in den Status Aufgelöst(Resolved).
Record Number: 423508
Source Name: Microsoft-Windows-Servicing
Time Written: 20091016090002.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Timo-M
Event Code: 4383
Message: Windows-Wartung hat das Update 975517-20_neutral_GDR aus Paket KB975517 (Security Update) in den Status Wird aufgelöst(Resolving) gesetzt.
Record Number: 423507
Source Name: Microsoft-Windows-Servicing
Time Written: 20091016085955.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Timo-M
Event Code: 4383
Message: Windows-Wartung hat das Update 975517-19_neutral_LDR aus Paket KB975517 (Security Update) in den Status Wird aufgelöst(Resolving) gesetzt.
Record Number: 423506
Source Name: Microsoft-Windows-Servicing
Time Written: 20091016085955.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: Timo-M
Event Code: 0
Message: Der Dienst wurde gestartet.
Record Number: 41651
Source Name: Service1
Time Written: 20080911125237.000000-000
Event Type: Informationen
User:

Computer Name: Timo-M
Event Code: 0
Message:
Record Number: 41650
Source Name: Capture Device Service
Time Written: 20080911125237.000000-000
Event Type: Informationen
User:

Computer Name: Timo-M
Event Code: 0
Message:
Record Number: 41649
Source Name: Capture Device Service
Time Written: 20080911125237.000000-000
Event Type: Informationen
User:

Computer Name: Timo-M
Event Code: 0
Message:
Record Number: 41648
Source Name: Capture Device Service
Time Written: 20080911125237.000000-000
Event Type: Informationen
User:

Computer Name: Timo-M
Event Code: 0
Message:
Record Number: 41647
Source Name: Capture Device Service
Time Written: 20080911125237.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Timo-M
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-21-1736430328-2876659159-3367440274-1000
Kontoname: Timo
Kontodomäne: Timo-M
Anmelde-ID: 0x318d9

Berechtigungen: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 71447
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312160418.694474-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Timo-M
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: TIMO-M$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 2

Neue Anmeldung:
Sicherheits-ID: S-1-5-21-1736430328-2876659159-3367440274-1000
Kontoname: Timo
Kontodomäne: Timo-M
Anmelde-ID: 0x318d9
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x324
Prozessname: C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
Arbeitsstationsname: TIMO-M
Quellnetzwerkadresse: 127.0.0.1
Quellport: 0

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: User32
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 71446
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312160418.694474-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Timo-M
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: TIMO-M$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: Timo
Kontodomäne: Timo-M
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x324
Prozessname: C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
Netzwerkadresse: 127.0.0.1
Port: 0

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 71445
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312160418.694474-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Timo-M
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 71444
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312160417.339468-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Timo-M
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: TIMO-M$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Anmeldetyp: 5

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x2b4
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 71443
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090312160417.339468-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\iZotope\Runtimes;%PIXIEHOME%\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"RAWWAVE_PATH"=C:\Users\Timo\Desktop\Programme\Csound\samples
"PYTHONPATH"=;C:\Users\Timo\Desktop\Programme\Csound\bin
"RGSCLauncher"=D:\GTA IV\Rockstar Games Social Club
"RGSC"=D:\GTA IV\Rockstar Games Social Club\1_0_0_0
"PIXIEHOME"=C:\Program Files\Pixie
"SHADERS"=%PIXIEHOME%\shaders

-----------------EOF-----------------

Alt 14.02.2010, 12:48   #14
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



RSIT (log.txt):

Logfile of random's system information tool 1.06 (written by random/random)
Run by Timo at 2010-02-14 12:36:36
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 3 GB (2%) free of 149 GB
Total RAM: 3071 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:06, on 14.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\pdf24\PDFBackend.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Users\Timo\Desktop\Programme\MSD 0.655\MSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Timo\Desktop\Heruntergeladen\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Timo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: *.line6.net
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 10688 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Daily 1).job
C:\Windows\tasks\Ad-Aware Update (Daily 2).job
C:\Windows\tasks\Ad-Aware Update (Daily 3).job
C:\Windows\tasks\Ad-Aware Update (Daily 4).job
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{56CAD019-6BFF-4321-9054-E580AD17B35D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2007-01-24 319488]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-06 464168]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-12-06 180224]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-07-23 341232]
"CTXFIREG"=C:\Windows\system32\CTxfiReg.exe [2008-02-20 43520]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-02 13683232]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-02 92704]
"PDFPrint"=C:\Program Files\pdf24\PDFBackend.exe [2008-01-31 134144]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"CTHelper"=C:\Windows\system32\CTHELPER.EXE [2008-02-20 19456]
"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-02-20 19968]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-08-04 1068424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-02-14 12:36:36 ----D---- C:\rsit
2010-02-11 19:21:59 ----SHD---- C:\$RECYCLE.BIN
2010-02-11 19:21:55 ----A---- C:\ComboFix.txt
2010-02-11 19:05:53 ----A---- C:\Windows\zip.exe
2010-02-11 19:05:53 ----A---- C:\Windows\SWSC.exe
2010-02-11 19:05:53 ----A---- C:\Windows\SWREG.exe
2010-02-11 19:05:53 ----A---- C:\Windows\sed.exe
2010-02-11 19:05:53 ----A---- C:\Windows\PEV.exe
2010-02-11 19:05:53 ----A---- C:\Windows\NIRCMD.exe
2010-02-11 19:05:53 ----A---- C:\Windows\MBR.exe
2010-02-11 19:05:53 ----A---- C:\Windows\grep.exe
2010-02-11 19:05:39 ----D---- C:\Windows\ERDNT
2010-02-11 19:04:17 ----D---- C:\ComboFix
2010-02-11 19:00:32 ----D---- C:\Qoobox
2010-02-11 19:00:17 ----A---- C:\Windows\SWXCACLS.exe
2010-02-10 17:42:31 ----D---- C:\Users\Timo\AppData\Roaming\Malwarebytes
2010-02-10 17:42:23 ----D---- C:\ProgramData\Malwarebytes
2010-02-10 17:42:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 17:40:58 ----A---- C:\Windows\system32\lsdelete.exe
2010-02-10 16:36:26 ----DC---- C:\Windows\system32\DRVSTORE
2010-02-10 16:33:33 ----HDC---- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-10 15:44:44 ----D---- C:\ProgramData\F-Secure
2010-02-10 09:42:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 09:42:19 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 09:42:08 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 09:42:07 ----A---- C:\Windows\system32\avifil32.dll
2010-02-07 10:53:41 ----D---- C:\Program Files\a-squared Free
2010-02-06 13:31:27 ----A---- C:\Windows\system32\ztvunrar36.dll
2010-02-06 13:31:27 ----A---- C:\Windows\system32\ztvunace26.dll
2010-02-06 13:31:27 ----A---- C:\Windows\system32\ztvcabinet.dll
2010-02-06 13:31:27 ----A---- C:\Windows\system32\UNRAR3.dll
2010-02-06 13:31:27 ----A---- C:\Windows\system32\unacev2.dll
2010-02-06 13:31:24 ----D---- C:\Users\Timo\AppData\Roaming\Simply Super Software
2010-02-06 13:31:24 ----D---- C:\ProgramData\Simply Super Software
2010-02-06 13:31:24 ----D---- C:\Program Files\Trojan Remover
2010-02-05 23:27:55 ----A---- C:\Windows\system32\hdR4OCFxh504UF.exe
2010-02-05 18:38:54 ----D---- C:\Program Files\Design-Lib Creations
2010-02-02 13:17:05 ----D---- C:\Program Files\Common Files\Nokia
2010-02-01 21:39:46 ----D---- C:\Users\Timo\AppData\Roaming\Ubisoft
2010-01-22 10:33:31 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 10:33:31 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 10:33:30 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 10:33:28 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 10:33:27 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 10:33:25 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 10:33:25 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 10:33:23 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-16 15:56:14 ----D---- C:\Program Files\Xilisoft
2010-01-16 15:52:15 ----D---- C:\Temp
2010-01-16 15:39:48 ----D---- C:\Program Files\WIDI 4.0 Pro
2010-01-16 15:32:02 ----D---- C:\Program Files\TallStick

======List of files/folders modified in the last 1 months======

2010-02-14 12:36:55 ----D---- C:\Windows\Temp
2010-02-14 12:36:47 ----D---- C:\Windows\Prefetch
2010-02-14 12:36:06 ----D---- C:\Windows\system32\drivers
2010-02-14 12:07:36 ----D---- C:\Program Files\Mozilla Firefox
2010-02-14 11:43:31 ----D---- C:\Users\Timo\AppData\Roaming\vlc
2010-02-14 11:01:05 ----A---- C:\Windows\NeroDigital.ini
2010-02-14 11:00:06 ----D---- C:\Windows\System32
2010-02-14 11:00:06 ----D---- C:\Windows\inf
2010-02-14 11:00:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-14 10:55:07 ----D---- C:\Windows\system32\Tasks
2010-02-14 10:55:04 ----D---- C:\Windows\Tasks
2010-02-13 15:34:50 ----SHD---- C:\System Volume Information
2010-02-12 10:47:05 ----D---- C:\Windows
2010-02-11 19:19:03 ----A---- C:\Windows\system.ini
2010-02-11 19:14:41 ----D---- C:\Windows\AppPatch
2010-02-11 19:14:40 ----D---- C:\Program Files\Common Files
2010-02-11 09:03:32 ----D---- C:\Windows\winsxs
2010-02-10 18:07:35 ----D---- C:\Windows\system32\catroot2
2010-02-10 18:05:39 ----RSD---- C:\Windows\Media
2010-02-10 17:42:23 ----RD---- C:\Program Files
2010-02-10 17:42:23 ----D---- C:\ProgramData
2010-02-10 16:36:26 ----D---- C:\Windows\system32\catroot
2010-02-10 16:33:33 ----SHD---- C:\Windows\Installer
2010-02-10 16:21:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-10 13:19:59 ----AD---- C:\ProgramData\TEMP
2010-02-10 11:50:07 ----D---- C:\Program Files\Windows Mail
2010-02-10 11:46:42 ----D---- C:\Windows\Debug
2010-02-10 11:46:23 ----D---- C:\ProgramData\Microsoft Help
2010-02-06 11:18:20 ----D---- C:\Windows\Minidump
2010-02-05 19:55:48 ----D---- C:\Program Files\Adobe
2010-02-05 18:58:37 ----D---- C:\Users\Timo\AppData\Roaming\Adobe
2010-02-05 18:58:26 ----D---- C:\ProgramData\FLEXnet
2010-02-05 18:58:26 ----D---- C:\ProgramData\Adobe
2010-02-05 17:28:22 ----D---- C:\Users\Timo\AppData\Roaming\dvdcss
2010-02-02 13:24:05 ----D---- C:\ProgramData\Installations
2010-02-02 13:18:04 ----D---- C:\Program Files\Nokia
2010-02-01 21:16:26 ----RSD---- C:\Windows\assembly
2010-02-01 21:10:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-31 21:11:43 ----D---- C:\Users\Timo\AppData\Roaming\Hamachi
2010-01-31 00:22:46 ----D---- C:\Program Files\Anno 1701
2010-01-29 21:58:10 ----RSD---- C:\Windows\Fonts
2010-01-20 15:43:57 ----A---- C:\Windows\WORDPAD.INI
2010-01-16 15:40:03 ----D---- C:\Users\Timo\AppData\Roaming\Music Recognition
2010-01-16 15:32:10 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-06-02 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-06-02 75096]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2008-04-15 21248]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-02 281760]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-02 25888]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-06-02 52056]
R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2008-02-25 170520]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-02-25 524312]
R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2008-02-25 1323544]
R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2008-02-25 72728]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-02-25 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-02-25 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-02-25 92696]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 1172504]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-08-23 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-18 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-02 7643904]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-02-25 127000]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560]
S1 ntiomin;ntiomin; C:\Windows\system32\drivers\ntiomin.sys []
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 a5g68646;a5g68646; C:\Windows\system32\drivers\a5g68646.sys []
S3 catchme;catchme; \??\C:\Users\Timo\AppData\Local\Temp\catchme.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2008-02-25 98328]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-02-25 511000]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2008-02-25 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-02-25 346856]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2008-02-25 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2008-02-25 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2008-02-25 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2008-02-25 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2008-02-25 100888]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2008-02-25 566296]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 L6DP;L6DP; C:\Windows\System32\Drivers\l6dp.sys []
S3 L6TPortA;Service - Line 6 TonePort UX1; C:\Windows\System32\Drivers\L6TPortA.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 P1130VID;Creative WebCam NX Pro; C:\Windows\system32\DRIVERS\P1130Vid.sys [2004-05-04 90229]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-07-30 47360]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 vaxscsi;vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [2008-03-17 223128]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-29 28672]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
R2 Apache2.2;Apache2.2; D:\xampp\apache\bin\httpd.exe [2008-12-10 24636]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-10-14 555560]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 FileZilla Server;FileZilla Server FTP server; D:\xampp\filezillaftp\filezillaserver.exe [2009-03-03 691200]
R2 mysql;mysql; D:\xampp\mysql\bin\mysqld.exe [2009-03-16 6562432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-02 207392]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-01 75064]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-06 185640]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-10 1181328]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-11-22 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-22 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-26 316664]

-----------------EOF-----------------

Alt 14.02.2010, 13:09   #15
TKM
 
TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Standard

TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe



Malwarebytes Log:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3737
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.02.2010 12:55:59
mbam-log-2010-02-14 (12-55-59).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 114039
Laufzeit: 6 minute(s), 0 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdr4ocfxh504uf (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\hdR4OCFxh504UF.exe (Adware.AdRotator) -> Quarantined and deleted successfully.




System Look Log:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:05 on 14/02/2010 by Timo (Administrator - Elevation successful)

========== filefind ==========

Searching for "setupv.exe"
No files found.

========== regfind ==========

Searching for "setupv"
No data found.

-=End Of File=-

Antwort

Themen zu TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe
ad-aware, adobe, antivir, avg, bho, defender, dll, explorer, ftp, hkus\s-1-5-18, internet, internet explorer, local\temp, magix, nvidia, object, pop-up-blocker, programm, rundll, server, software, symantec, system, temp, tr/vb.downloader.gen, trojaner, virus, vista, windows, öffnet



Ähnliche Themen: TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  3. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  4. deo0_sar.exe in der Appdata\local\Temp
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (6)
  5. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  6. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  7. TR/Sirefef.P.308 in C:\Users\*\AppData\Local\Temp\msimg32.dll
    Log-Analyse und Auswertung - 15.06.2012 (12)
  8. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  9. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  10. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  11. Malware in C:\Users\***\AppData\Local\Temp\msdump150auro.tmp
    Log-Analyse und Auswertung - 20.10.2011 (3)
  12. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  13. C:\windows\system32\AppData\Local\Temp\Kg0.exe
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (9)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  16. Downloader.Agent2.QFD/K und Generic16.UCA in c:\USERS\***\Appdata\Local\Temp\a.exe
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (1)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)

Zum Thema TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe - Hallo, Avira findet In der Datei 'C:\Users\Timo\AppData\Local\Temp\setupv.exe' wurde ein Virus oder unerwünschtes Programm 'TR/VB.Downloader.Gen'. Der Trojaner öffnet Popupfenster und ändert die Startseite meines Browsers immer, mehr fiel mir noch nicht - TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe...
Archiv
Du betrachtest: TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.