| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen, weiß nicht ob System jetzt sauber...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.04.2010, 10:38
| #1 |
| |  Trojaner eingefangen, weiß nicht ob System jetzt sauber... Hallo alle, ich bin hier bei einem Freund der sich mächtig was eingefangen hat. Nach eurer Beschreibung hab ich mal alle so nach und nach durchgeführt, allerdings weiß ich jetzt nicht ob das System sauber ist oder ob noch was gemacht werden muss. Danke schon mal Gruß Silver Hier mal Malware: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 4020 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 22.04.2010 10:07:20 mbam-log-2010-04-22 (10-07-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 289167 Laufzeit: 59 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 49 Infizierte Registrierungswerte: 7 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 38 Infizierte Dateien: 1325 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{2f9ad413-2e0b-4a85-bb2a-cf961238262a} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8c788aa2-7530-43be-97b7-4d491f13bea3} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.userprofiles (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hotbarax.userprofiles.1 (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdic (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdic.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cntntcntr.cntntdisp.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f431-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Programme\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Programme\Hotbar\bin (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Programme\Hotbar\bin\10.2.236.0 (Adware.Hotbar) -> Quarantined and deleted successfully. C:\WINDOWS.0\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hotbar\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\Hotbar\v3.0\Hotbar\static\DownLoad\weathericon.xip (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Anwendungsdaten\WeatherDPA\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Uninstall Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\*\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. info.txt logfile of random's system information tool 1.06 2010-04-22 10:11:25 ======Uninstall list====== -->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS.0\UNNeroBackItUp.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS.0\INF\PCHealth.inf Adobe Download Manager-->"C:\WINDOWS.0\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Adobe Shockwave Player 11.5-->C:\WINDOWS.0\system32\Adobe\uninstaller.exe ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A} Brother HL-2150N-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{75CEDF0C-6531-41CB-BE6F-D2B111E6B77A}\SETUP.exe" -l0x7 -removeonly /uninst Canon iP5300 Benutzerregistrierung-->C:\Programme\Canon\IJEREG\iP5300\UNINST.EXE Canon iP5300-->"C:\WINDOWS.0\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300 /L0x0007 Canon Setup Utility 2.3-->"C:\Programme\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Programme\Canon\Canon Setup Utility 2.3\uninst.ini CCleaner-->"C:\Programme\CCleaner\uninst.exe" DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy-WebPrint-->C:\WINDOWS.0\IsUn0407.exe -fC:\Programme\Canon\Easy-WebPrint\Uninst.isu eDrawings 2005-->MsiExec.exe /I{97917FA0-00C5-4351-AD6B-87AB99C52792} ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly ElsterFormular-->C:\Programme\ElsterFormular\uninstall.exe eXPert PDF 4-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02} FileZilla Client 3.1.3.1-->C:\Programme\FileZilla FTP Client\uninstall.exe Google Chrome-->"C:\Programme\Google\Chrome\Application\4.1.249.1059\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /X{08C0729E-3E50-11DF-9D81-005056806466} Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall GPU Caps Viewer v1.6.2-->"C:\Programme\oZone3D\GPU_Caps_Viewer_v1.6.2\unins000.exe" HASP SRM Run-time-->MsiExec.exe /X{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5} HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS.0\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS.0\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS.0\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS.0\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS.0\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS.0\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix für Windows XP (KB979306)-->"C:\WINDOWS.0\$NtUninstallKB979306$\spuninst\spuninst.exe" Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} MyPhoneExplorer-->C:\Programme\MyPhoneExplorer\uninstall.exe Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS.0\system32\nvudisp.exe UninstallGUI PowerQuest PartitionMagic 7.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe" Realtek AC'97 Audio-->Alcrmv.exe -r -m Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS.0\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS.0\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS.0\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS.0\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS.0\ie8updates\KB981332-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS.0\$NtUninstallKB911564$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS.0\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS.0\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS.0\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS.0\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS.0\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS.0\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 9 (KB936782)-->"C:\WINDOWS.0\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS.0\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS.0\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS.0\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS.0\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS.0\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS.0\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS.0\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS.0\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS.0\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS.0\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS.0\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS.0\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS.0\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS.0\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS.0\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS.0\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS.0\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS.0\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS.0\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS.0\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS.0\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS.0\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS.0\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS.0\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS.0\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS.0\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS.0\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS.0\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS.0\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS.0\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS.0\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925902)-->"C:\WINDOWS.0\$NtUninstallKB925902$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS.0\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS.0\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS.0\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS.0\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS.0\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS.0\$NtUninstallKB928843$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS.0\$NtUninstallKB929123$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB930178)-->"C:\WINDOWS.0\$NtUninstallKB930178$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931261)-->"C:\WINDOWS.0\$NtUninstallKB931261$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB932168)-->"C:\WINDOWS.0\$NtUninstallKB932168$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS.0\$NtUninstallKB933729$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS.0\$NtUninstallKB935839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935840)-->"C:\WINDOWS.0\$NtUninstallKB935840$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB937894)-->"C:\WINDOWS.0\$NtUninstallKB937894$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938127)-->"C:\WINDOWS.0\$NtUninstallKB938127$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS.0\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS.0\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS.0\$NtUninstallKB943055$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943460)-->"C:\WINDOWS.0\$NtUninstallKB943460$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS.0\$NtUninstallKB943485$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS.0\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS.0\$NtUninstallKB944653$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS.0\$NtUninstallKB945553$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS.0\$NtUninstallKB946026$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS.0\$NtUninstallKB950749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS.0\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS.0\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS.0\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS.0\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS.0\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS.0\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS.0\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS.0\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS.0\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS.0\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS.0\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS.0\$NtUninstallKB956390$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS.0\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS.0\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS.0\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS.0\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS.0\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS.0\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS.0\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS.0\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS.0\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS.0\$NtUninstallKB958470$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS.0\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS.0\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS.0\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS.0\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS.0\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS.0\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS.0\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS.0\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS.0\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS.0\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS.0\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS.0\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS.0\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS.0\$NtUninstallKB963027$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS.0\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS.0\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS.0\$NtUninstallKB969897$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS.0\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS.0\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS.0\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS.0\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS.0\$NtUninstallKB971032$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS.0\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS.0\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS.0\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS.0\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS.0\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS.0\$NtUninstallKB971961$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS.0\$NtUninstallKB972260$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS.0\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS.0\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS.0\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS.0\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS.0\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS.0\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS.0\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS.0\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS.0\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS.0\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS.0\$NtUninstallKB974455$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS.0\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS.0\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS.0\$NtUninstallKB975467$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS.0\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS.0\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS.0\$NtUninstallKB975713$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS.0\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS.0\$NtUninstallKB977816$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS.0\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS.0\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS.0\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS.0\$NtUninstallKB978262$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS.0\$NtUninstallKB978338$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS.0\$NtUninstallKB978601$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS.0\$NtUninstallKB978706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS.0\$NtUninstallKB979309$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS.0\$NtUninstallKB979683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS.0\$NtUninstallKB980232$\spuninst\spuninst.exe" SolidWorks 2005 SP0-->MsiExec.exe /I{276C0170-2DA6-48BD-86C4-19EF6D832A98} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS.0\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS.0\ie8updates\KB973874-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS.0\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS.0\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS.0\ie8updates\KB980182-IE8\spuninst\spuninst.exe" Update für Windows XP (KB894391)-->"C:\WINDOWS.0\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB898461)-->"C:\WINDOWS.0\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485)-->"C:\WINDOWS.0\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB908531)-->"C:\WINDOWS.0\$NtUninstallKB908531$\spuninst\spuninst.exe" Update für Windows XP (KB910437)-->"C:\WINDOWS.0\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB911280)-->"C:\WINDOWS.0\$NtUninstallKB911280$\spuninst\spuninst.exe" Update für Windows XP (KB916595)-->"C:\WINDOWS.0\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872)-->"C:\WINDOWS.0\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582)-->"C:\WINDOWS.0\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB925720)-->"C:\WINDOWS.0\$NtUninstallKB925720$\spuninst\spuninst.exe" Update für Windows XP (KB927891)-->"C:\WINDOWS.0\$NtUninstallKB927891$\spuninst\spuninst.exe" Update für Windows XP (KB930916)-->"C:\WINDOWS.0\$NtUninstallKB930916$\spuninst\spuninst.exe" Update für Windows XP (KB938828)-->"C:\WINDOWS.0\$NtUninstallKB938828$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS.0\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB955759)-->"C:\WINDOWS.0\$NtUninstallKB955759$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS.0\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS.0\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS.0\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"C:\WINDOWS.0\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS.0\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS.0\$NtUninstallKB973815$\spuninst\spuninst.exe" VarBox-Einzelplatz-->MsiExec.exe /I{506302FB-8A23-481B-B5BE-A9F7B6107D2D} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Viewpoint Manager (Remove Only)-->C:\Programme\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe /u Viewpoint Toolbar-->C:\Programme\Viewpoint\Viewpoint Toolbar\3.9.0\Uninstaller.exe /u /k /url "hxxp://www.viewpoint.com/pub/uninstallcompleted.html" VLC media player 0.9.6-->C:\Programme\VideoLAN\VLC\uninstall.exe WEB.DE Club E-Mail Alarm-->C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\Uninstall.exe WEB.DE SmartDrive Manager-->C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\uninst.exe Windows Imaging Component-->"C:\WINDOWS.0\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS.0\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS.0\ie8\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP-Hotfix - KB873339-->C:\WINDOWS.0\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835-->C:\WINDOWS.0\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836-->C:\WINDOWS.0\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185-->C:\WINDOWS.0\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302-->C:\WINDOWS.0\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859-->"C:\WINDOWS.0\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781-->C:\WINDOWS.0\$NtUninstallKB891781$\spuninst\spuninst.exe WinRAR-->C:\Programme\WinRAR\uninstall.exe xp-AntiSpy 3.96-4-->C:\Programme\xp-AntiSpy\Uninstall.exe ======Hosts File====== 89.149.249.180 www.google.com 89.149.249.180 www.google.de 89.149.249.180 www.google.fr 89.149.249.180 www.google.co.uk 89.149.249.180 www.google.com.br 89.149.249.180 www.google.it 89.149.249.180 www.google.es 89.149.249.180 www.google.co.jp 89.149.249.180 www.google.com.mx 89.149.249.180 www.google.ca ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: xxx-PC Event Code: 49 Message: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Record Number: 22542 Source Name: Ftdisk Time Written: 20100416112916.000000+120 Event Type: Fehler User: Computer Name: xxx-PC Event Code: 45 Message: Das System konnte den Treiber für das Speicherabbild nicht laden. Record Number: 22541 Source Name: Ftdisk Time Written: 20100416112916.000000+120 Event Type: Fehler User: Computer Name: xxx-PC Event Code: 1 Message: HASP License Manager starting Record Number: 22540 Source Name: hasplms Time Written: 20100416112905.000000+120 Event Type: Informationen User: Computer Name: xxx-PC Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 22539 Source Name: EventLog Time Written: 20100416112849.000000+120 Event Type: Informationen User: Computer Name: xxx-PC Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 22538 Source Name: EventLog Time Written: 20100416112849.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: xxx-PC Event Code: 0 Message: Record Number: 7395 Source Name: gusvc Time Written: 20091231072607.000000+060 Event Type: Informationen User: Computer Name: xxx-PC Event Code: 0 Message: Record Number: 7394 Source Name: gupdate1c95c52d66c1150 Time Written: 20091231072606.000000+060 Event Type: Informationen User: Computer Name: xx Event Code: 0 Message: Record Number: 7393 Source Name: gusvc Time Written: 20091230075952.000000+060 Event Type: Informationen User: Computer Name: xxx Event Code: 0 Message: Record Number: 7392 Source Name: gupdate1c95c52d66c1150 Time Written: 20091230075916.000000+060 Event Type: Informationen User: Computer Name: xxx Event Code: 0 Message: Record Number: 7391 Source Name: NMIndexingService Time Written: 20091230075856.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=1f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Log: Logfile of random's system information tool 1.06 (written by random/random) Run by xxx at 2010-04-22 10:11:17 Microsoft Windows XP Professional Service Pack 2 System drive C: has 24 GB (48%) free of 50 GB Total RAM: 2046 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:23, on 22.04.2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS.0\system32\hasplms.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\nvsvc32.exe C:\WINDOWS.0\system32\IoctlSvc.exe C:\WINDOWS.0\system32\svchost.exe C:\Programme\Viewpoint\Common\ViewpointService.exe C:\WINDOWS.0\SOUNDMAN.EXE C:\Programme\Brownie\BrstsWnd.exe C:\WINDOWS.0\system32\wuauclt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\WINDOWS.0\system32\RUNDLL32.EXE C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS.0\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\WINDOWS.0\System32\svchost.exe C:\Programme\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS.0\system32\wscntfy.exe C:\Dokumente und Einstellungen\*\Desktop\RSIT.exe C:\Programme\trend micro\Berthold_Ketterer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 89.149.249.180 www.google.com O1 - Hosts: 89.149.249.180 www.google.de O1 - Hosts: 89.149.249.180 www.google.fr O1 - Hosts: 89.149.249.180 www.google.co.uk O1 - Hosts: 89.149.249.180 www.google.com.br O1 - Hosts: 89.149.249.180 www.google.it O1 - Hosts: 89.149.249.180 www.google.es O1 - Hosts: 89.149.249.180 www.google.co.jp O1 - Hosts: 89.149.249.180 www.google.com.mx O1 - Hosts: 89.149.249.180 www.google.ca O1 - Hosts: 89.149.249.180 www.google.com.au O1 - Hosts: 89.149.249.180 www.google.nl O1 - Hosts: 89.149.249.180 www.google.co.za O1 - Hosts: 89.149.249.180 www.google.be O1 - Hosts: 89.149.249.180 www.google.gr O1 - Hosts: 89.149.249.180 www.google.at O1 - Hosts: 89.149.249.180 www.google.se O1 - Hosts: 89.149.249.180 www.google.ch O1 - Hosts: 89.149.249.180 www.google.pt O1 - Hosts: 89.149.249.180 www.google.dk O1 - Hosts: 89.149.249.180 www.google.fi O1 - Hosts: 89.149.249.180 www.google.ie O1 - Hosts: 89.149.249.180 www.google.no O1 - Hosts: 89.149.249.180 search.yahoo.com O1 - Hosts: 89.149.249.180 us.search.yahoo.com O1 - Hosts: 89.149.249.180 uk.search.yahoo.com O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Programme\Gemeinsame Dateien\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [BrStsWnd] C:\Programme\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS.0\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; Hotbar 10.2.236.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"hxxp://www.munichbears.de/" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} (DownloadCtrl Class) - https://stream.web.de/v/notify/Download.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1c95c52d66c1150) (gupdate1c95c52d66c1150) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS.0\system32\hasplms.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS.0\system32\IoctlSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe -- End of file - 9551 bytes ======Scheduled tasks folder====== C:\WINDOWS.0\tasks\Google Software Updater.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Programme\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696] {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Programme\Gemeinsame Dateien\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll [2009-03-02 333208] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS.0\SOUNDMAN.EXE [2008-10-10 577536] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664] "NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] "BrStsWnd"=C:\Programme\Brownie\BrstsWnd.exe [2008-01-08 864256] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-01-04 136600] "vspdfprsrv.exe"=C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe [2006-05-04 998912] "NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2005-12-10 7311360] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS.0\system32\NvMcTray.dll [2005-12-10 86016] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2004-08-04 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-04 39408] "WEB.DE Club E-Mail Alarm"=C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe [2010-04-08 2153472] "WEB.DE_WEB.DE SmartDrive Manager"=C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [2008-07-29 1204224] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS.0\system32\Adobe\Shockwave 11\SwHelper_1150595.exe [2009-03-19 460216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS.0\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\fsetup.exe"="D:\fsetup.exe:*:Enabled:AVM FSetup Application" "C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe" "C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe" "C:\Programme\FRITZ!DSL\WebwaIgd.exe"="C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-04-22 10:11:17 ----D---- C:\rsit 2010-04-22 10:11:17 ----D---- C:\Programme\trend micro 2010-04-22 08:58:23 ----D---- C:\Programme\CCleaner 2010-04-22 08:50:27 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Malwarebytes 2010-04-22 08:50:19 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-04-22 08:50:19 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes 2010-04-21 22:45:00 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\QuickScan 2010-04-21 21:55:01 ----D---- C:\WINDOWS.0\system32\NtmsData 2010-04-21 21:54:44 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\Avira 2010-04-21 21:49:05 ----D---- C:\Programme\Avira 2010-04-21 21:49:05 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira 2010-04-21 07:27:00 ----N---- C:\WINDOWS.0\system32\browserchoice.exe 2010-04-16 19:16:02 ----HDC---- C:\WINDOWS.0\$NtUninstallKB979683$ 2010-04-16 19:15:53 ----HDC---- C:\WINDOWS.0\$NtUninstallKB980232$ 2010-04-16 19:15:50 ----A---- C:\WINDOWS.0\system32\MRT.INI 2010-04-16 19:12:43 ----HDC---- C:\WINDOWS.0\$NtUninstallKB978338$ 2010-04-16 19:12:37 ----HDC---- C:\WINDOWS.0\$NtUninstallKB977816$ 2010-04-16 19:12:32 ----HDC---- C:\WINDOWS.0\$NtUninstallKB978601$ 2010-04-16 19:12:23 ----HDC---- C:\WINDOWS.0\$NtUninstallKB979309$ 2010-04-16 19:12:04 ----HDC---- C:\WINDOWS.0\$NtUninstallKB979402_WM9L$ 2010-04-06 22:14:33 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\elsterformular 2010-04-06 08:44:04 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\elsterformular ======List of files/folders modified in the last 1 months====== 2010-04-22 10:11:17 ----RD---- C:\Programme 2010-04-22 10:11:02 ----D---- C:\WINDOWS.0\Prefetch 2010-04-22 10:10:40 ----D---- C:\WINDOWS.0\Temp 2010-04-22 10:10:17 ----D---- C:\WINDOWS.0\system32\CatRoot2 2010-04-22 10:10:10 ----D---- C:\WINDOWS.0 2010-04-22 10:10:08 ----A---- C:\WINDOWS.0\Brownie.ini 2010-04-22 10:10:06 ----SD---- C:\WINDOWS.0\Tasks 2010-04-22 10:09:17 ----D---- C:\WINDOWS.0\system32\drivers 2010-04-22 10:08:10 ----A---- C:\WINDOWS.0\SchedLgU.Txt 2010-04-22 10:07:53 ----HDC---- C:\WINDOWS.0\$MSI31Uninstall_KB893803v2$ 2010-04-22 10:07:13 ----D---- C:\WINDOWS.0\system32 2010-04-22 09:01:59 ----D---- C:\WINDOWS.0\Debug 2010-04-22 09:01:58 ----D---- C:\WINDOWS.0\Minidump 2010-04-22 08:26:13 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Google Updater 2010-04-22 08:25:13 ----D---- C:\WINDOWS.0\Registration 2010-04-21 21:55:07 ----HD---- C:\WINDOWS.0\inf 2010-04-21 21:55:01 ----D---- C:\WINDOWS.0\repair 2010-04-21 21:48:43 ----SHD---- C:\WINDOWS.0\Installer 2010-04-21 21:48:42 ----D---- C:\WINDOWS.0\WinSxS 2010-04-21 21:40:12 ----RSHDC---- C:\WINDOWS.0\system32\dllcache 2010-04-21 21:40:11 ----D---- C:\WINDOWS.0\system32\CatRoot 2010-04-21 09:39:18 ----AD---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\TEMP 2010-04-20 00:49:48 ----D---- C:\Programme\Google 2010-04-18 22:23:39 ----D---- C:\Programme\Mozilla Firefox 2010-04-16 19:15:58 ----HD---- C:\WINDOWS.0\$hf_mig$ 2010-04-16 19:12:27 ----D---- C:\WINDOWS.0\ie8updates 2010-04-07 23:04:45 ----SHD---- C:\System Volume Information 2010-04-07 23:04:45 ----D---- C:\WINDOWS.0\system32\Restore 2010-04-07 09:41:37 ----D---- C:\Programme\ElsterFormular 2010-04-06 19:52:54 ----A---- C:\WINDOWS.0\system32\MRT.exe 2010-04-05 23:58:57 ----D---- C:\Programme\VarBox 2010-04-05 23:24:53 ----D---- C:\Dokumente und Einstellungen\*\Anwendungsdaten\SolidWorks 2010-03-31 22:01:39 ----D---- C:\Programme\Internet Explorer 2010-03-29 08:10:48 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 PQNTDrv;PQNTDrv; C:\WINDOWS.0\system32\drivers\PQNTDrv.sys [2001-08-10 3252] R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 uiwbrdr;uiwbrdr; C:\WINDOWS.0\System32\DRIVERS\uiwbrdr.sys [2008-07-29 149120] R2 aksfridge;aksfridge; \??\C:\WINDOWS.0\system32\drivers\aksfridge.sys [] R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 Hardlock;Hardlock; \??\C:\WINDOWS.0\system32\drivers\hardlock.sys [] R2 Haspnt;Haspnt; \??\C:\WINDOWS.0\system32\drivers\Haspnt.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS.0\system32\drivers\ALCXWDM.SYS [2008-10-10 4024832] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2001-08-18 9600] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2005-12-10 3536768] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtnicxp.sys [2008-10-10 83968] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS.0\system32\DRIVERS\ATITool.sys [2006-11-10 24064] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS.0\system32\DRIVERS\s716bus.sys [2007-06-28 83208] S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS.0\system32\DRIVERS\s716mdfl.sys [2007-06-28 15112] S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS.0\system32\DRIVERS\s716mdm.sys [2007-06-28 108552] S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS.0\system32\DRIVERS\s716mgmt.sys [2007-06-28 100360] S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS.0\system32\DRIVERS\s716nd5.sys [2007-06-28 23176] S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS.0\system32\DRIVERS\s716obex.sys [2007-06-28 98568] S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS.0\system32\DRIVERS\s716unic.sys [2007-06-28 98952] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys [] S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS.0\system32\DRIVERS\sr.sys [2004-08-04 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-21 267432] R2 hasplms;HASP License Manager; C:\WINDOWS.0\system32\hasplms.exe [2008-07-17 2549248] R2 IGDCTRL;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-01-04 152984] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2005-12-10 131139] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS.0\system32\IoctlSvc.exe [2006-12-19 81920] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS.0\system32\wdfmgr.exe [2004-08-11 38912] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Programme\Viewpoint\Common\ViewpointService.exe [2008-09-08 24652] R3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S2 gupdate1c95c52d66c1150;Google Update Service (gupdate1c95c52d66c1150); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-14 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS.0\System32\svchost.exe [2004-08-04 14336] S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
| Themen zu Trojaner eingefangen, weiß nicht ob System jetzt sauber... |
| adware.casino, adware.hotbar, adware.seekmo, adware.softomate, adware.zango, antivir, antivir guard, avgntflt.sys, browser, desktop, dll, e-mail, einstellungen, excel, explorer, firefox, flash player, fontcache, ftp, gupdate, helper, hkus\s-1-5-18, install.exe, installation, logfile, malware, msiexec.exe, opera.exe, pdf, registry, rundll, software, static, stolen.data, system, temp, trojan.downloader, trojan.ertfor, trojaner, trojaner eingefangen, updates, windows internet, windows internet explorer, windows xp |
Baum-Darstellung