Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: win32.tdss.rtk

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2010, 14:32   #1
Atoll
 
win32.tdss.rtk - Standard

win32.tdss.rtk



Hallo hallo,

Spybot findet immerwieder den Trojaner win32.tdss.rtk. Zudem gab's ein paar Probleme mit Mozilla, der hängenbleibt und ich dann meinen Rechner nicht mehr runterfahren konnte. Affengriff (str+alt+entf) ging ebenfalls nicht. Da dies erst seitdem ich win32.tdss.rtk entdeckt habe auftritt, schreib ich's mal dazu.

Hier sind die Logs:

Malwarebytes' Anti-Malware 1.45
wxxw.malwarebytes.org

Datenbank Version: 4036

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26.04.2010 14:05:56
mbam-log-2010-04-26 (14-05-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 103965
Laufzeit: 2 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system\svchost.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (userinit.exe,C:\WINDOWS\system\svchost.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


_______________________________________________________________



Logfile of random's system information tool 1.06 (written by random/random)
Run by Fernando Poo at 2010-04-26 14:16:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 23 GB (18%) free of 128 GB
Total RAM: 2815 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:11, on 26.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WTouch\WTouchService.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Programme\WTouch\WTouchUser.exe
C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe
C:\Programme\Googlemail Notifier\gnotify.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Dokumente und Einstellungen\Fernando Poo\Desktop\RSIT.exe
C:\Programme\trend micro\Fernando Poo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about.blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about.blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about.blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - Startup: Dropbox.lnk = C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe
O4 - Startup: gnotify.lnk = C:\Programme\Googlemail Notifier\gnotify.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Programme\WTouch\WTouchService.exe

--
End of file - 4031 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"H2O"=C:\Programme\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"nwiz"=nwiz.exe /install []
"DivXUpdate"=C:\Programme\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-27 788880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
C:\Programme\Replay Media Catcher\FLVSrvc.exe [2009-09-22 156672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Programme\D-Tools\daemon.exe [2004-08-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
C:\WINDOWS\Dit.exe [2004-07-20 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2007-01-25 154112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
C:\Programme\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verknüpfung mit der High Definition Audio-Eigenschaftenseite]
C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]

C:\Dokumente und Einstellungen\Fernando Poo\Startmenü\Programme\Autostart
Dropbox.lnk - C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe
gnotify.lnk - C:\Programme\Googlemail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=01000000
"NoLogoff"=0
"NoActiveDesktop"=01000000
"NoSMMyDocs"=01000000
"StartMenuLogOff"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{674c33ca-a2d9-11de-8ac2-000c76710209}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FRECHBUBU.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8715acb0-7792-11de-8a87-000c76710209}]
shell\AutoRun\command - N:\MI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4ffac94-0860-11df-8b79-000c76710209}]
shell\AutoRun\command - ·Ë
shell\explore\command - K:\RECYCLER\INFO.exe
shell\open\command - K:\RECYCLER\INFO.exe


======List of files/folders created in the last 1 months======

2010-04-26 14:16:06 ----D---- C:\Programme\trend micro
2010-04-26 14:16:05 ----D---- C:\rsit
2010-04-26 13:58:10 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Malwarebytes
2010-04-26 13:58:02 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-04-26 13:58:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-26 13:51:29 ----D---- C:\Programme\CCleaner
2010-04-24 22:01:50 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2010-04-24 22:01:49 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2010-04-24 22:01:33 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\TuneUp Software
2010-04-24 22:01:19 ----D---- C:\Programme\TuneUp Utilities 2010
2010-04-24 22:00:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-04-24 22:00:32 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-22 04:26:21 ----D---- C:\Programme\Wbcm and Screen Recorder
2010-04-22 03:59:44 ----D---- C:\Programme\Zeallsoft
2010-04-21 21:31:50 ----D---- C:\videooutput
2010-04-21 21:31:47 ----D---- C:\Programme\FLV to AVI MPEG WMV Converter
2010-04-21 21:31:47 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-04-21 21:31:47 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-04-21 21:31:47 ----A---- C:\WINDOWS\system32\NCMedia2.dll
2010-04-21 21:27:43 ----D---- C:\Programme\Webcam Simulator
2010-04-21 21:27:43 ----D---- C:\Programme\Gemeinsame Dateien\wcs
2010-04-18 01:22:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX

======List of files/folders modified in the last 1 months======

2010-04-26 14:16:06 ----D---- C:\Programme
2010-04-26 14:13:51 ----D---- C:\WINDOWS\Prefetch
2010-04-26 14:09:41 ----SD---- C:\WINDOWS\Tasks
2010-04-26 14:09:07 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox
2010-04-26 14:08:59 ----D---- C:\WINDOWS\Temp
2010-04-26 14:08:58 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\WTablet
2010-04-26 14:08:52 ----D---- C:\WINDOWS
2010-04-26 14:07:37 ----D---- C:\WINDOWS\system32\drivers
2010-04-26 14:07:37 ----D---- C:\WINDOWS\pchealth
2010-04-26 14:06:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-26 14:05:56 ----D---- C:\WINDOWS\system
2010-04-26 13:54:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-04-26 13:54:00 ----D---- C:\WINDOWS\Minidump
2010-04-26 13:54:00 ----D---- C:\WINDOWS\Debug
2010-04-26 02:56:59 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\uTorrent
2010-04-26 02:21:58 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\vlc
2010-04-24 22:11:57 ----D---- C:\WINDOWS\AppPatch
2010-04-24 22:01:53 ----SHD---- C:\WINDOWS\Installer
2010-04-24 22:01:51 ----D---- C:\WINDOWS\system32\config
2010-04-24 22:01:50 ----D---- C:\WINDOWS\system32
2010-04-23 18:34:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-22 04:57:16 ----D---- C:\Programme\Replay Media Catcher
2010-04-22 04:51:16 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2010-04-22 04:51:16 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2010-04-21 21:27:43 ----D---- C:\Programme\Gemeinsame Dateien
2010-04-21 15:26:58 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Skype
2010-04-21 15:23:36 ----D---- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\skypePM
2010-04-18 02:21:12 ----D---- C:\Programme\DivX
2010-04-18 02:20:37 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2010-04-16 15:11:28 ----D---- C:\Programme\Mozilla Firefox
2010-03-28 15:11:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
R3 DELTA;Service for Delta Driver (WDM); C:\WINDOWS\system32\DRIVERS\delta.sys [2007-01-25 302336]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-10-27 43008]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2009-05-20 13736]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []
S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS []
S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 21888]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 15656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
R2 NIHardwareService;NIHardwareService; C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2009-09-08 4410152]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WTouchService;WTouch Service; C:\Programme\WTouch\WTouchService.exe [2009-09-08 112936]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-25 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-04-24 435016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------



________________________________________________________________



info.txt logfile of random's system information tool 1.06 2010-04-26 14:16:13

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f\"C:\Programme\Final Fantasy VII\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
ACDSee Photo Manager 2009-->MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463}
Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Amazing Slow Downer (remove only)-->"C:\Programme\Amazing Slow Downer\uninstall.exe"
AmpegSVX-->C:\Programme\InstallShield Installation Information\{CF1D7323-8A0A-49C7-83B0-088DB90721E2}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube Jimi Hendrix-->C:\Programme\InstallShield Installation Information\{66BA35B0-1911-47EF-B170-1DCFFDA362F1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
AmpliTube2-->C:\Programme\InstallShield Installation Information\{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian Director-->"C:\WINDOWS\Applian Director\uninstall.exe" "/U:C:\Programme\Applian Director\Uninstall\uninstall_director.xml"
Arturia Modular System v1.0-->C:\PROGRA~1\Arturia\MODULA~1\UNWISE.EXE C:\PROGRA~1\Arturia\MODULA~1\INSTALL.LOG
Atmosphere-->C:\Programme\Spectrasonics\Atmosphere\unins000.exe
Audio Damage DubStation VST v1.0.2.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\INSTALL.LOG
Bass Audio Decoder (remove only)-->"C:\Programme\Bass Audio Decoder\uninstall.exe"
BigTick Rhino v1.01-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\Rhino\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\Rhino\INSTALL.LOG
CamStudio-->C:\Programme\CamStudio\uninstall.exe
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CD Audio Reader Filter (remove only)-->"C:\Programme\CD Audio Reader Filter\uninstall.exe"
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Color Efex Pro 3.0 Complete-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Color Efex Pro 3.0 Complete\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Daphne 1.46-->C:\Programme\Daphne\uninst.exe
DCoder Image Source (remove only)-->"C:\Programme\DCoder Image Source\uninstall.exe"
DeepBurner v1.9.0.228-->"C:\Programme\DeepBurner\Uninstall.exe" "C:\Programme\DeepBurner\install.log" -u
Delta-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe" -l0x9 -removeonly
Deus Ex-->C:\Programme\DeusEx\System\Setup.exe uninstall "Deus Ex"
Dfine 2.0-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Dfine 2.0\uninstall.exe
DirectVobSub (remove only)-->"C:\Programme\DirectVobSub\uninstall.exe"
Discord 2 VST plug-in-->C:\WINDOWS\Discord 2 VST plug-in Uninstaller.exe
DivX Codec-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DScaler 5 Mpeg Decoders-->"C:\Programme\DScaler5\unins000.exe"
DVD Shrink 3.2 deutsch (DeCSS-frei)-->"C:\Programme\DVD Shrink\unins000.exe"
East West Stormdrum Kompakt-->C:\PROGRA~1\STORMD~1\UNWISE.EXE C:\PROGRA~1\STORMD~1\INSTALL.LOG
Edirol SuperQuartet v1.5-->C:\PROGRA~1\Edirol\SUPERQ~1\UNWISE.EXE C:\PROGRA~1\Edirol\SUPERQ~1\INSTALL.LOG
Exact Audio Copy 0.99pb5-->C:\Programme\Exact Audio Copy\uninst.exe
FabFilter One 3.05-->C:\Programme\FabFilter\One\Uninst.exe
FabFilter Pro-C VST RTAS v1.10-->"C:\Programme\FabFilter\unins000.exe"
FabFilter Simplon VST RTAS v1.01-->"C:\Programme\Steinberg\Cubase SX 3\Vstplugins\FabFilter\Simplon\Uninstall\unins000.exe"
FabFilter Timeless v1.00 VST-->C:\PROGRA~1\FABFIL~1\Timeless\UNWISE.EXE C:\PROGRA~1\FABFIL~1\Timeless\INSTALL.LOG
FabFilter Volcano 2.00-->C:\Programme\FabFilter\Volcano 2\Uninst.exe
Fallout-->C:\WINDOWS\ipuninst.exe -fC:\Program Files\Fallout\uninst.log
FileZilla Client 3.2.4.1-->C:\Programme\FileZilla FTP Client\uninstall.exe
Final Fantasy VII - Ultima Edition-->"C:\Programme\Final Fantasy VII\unins000.exe"
Focusrite Saffire Bundle VST v2.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\SAFFIR~1.0\UNINST~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\SAFFIR~1.0\UNINST~1\INSTALL.LOG
Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\YouTube to Mp3\unins000.exe"
Freez FLV to AVI/MPEG/WMV Converter-->"C:\Programme\FLV to AVI MPEG WMV Converter\unins000.exe"
Futuremark SystemInfo-->"C:\Programme\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Gabest MPEG Splitter (remove only)-->"C:\Programme\Gabest MPEG Splitter\uninstall.exe"
Garritan Jazz Big Band-->C:\PROGRA~1\GARRIT~1\UNWISE.EXE C:\PROGRA~1\GARRIT~1\INSTALL.LOG
Generic USB CardReader 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
Guitar Pro 5.2-->"C:\Programme\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
ILLUSION Sexy???3~????????DISC~-->MsiExec.exe /X{F5DCB11C-8F09-4C71-B952-B96DBB4E6584}
ILLUSION Sexy???3-->MsiExec.exe /X{6E7F60B4-F1E9-473F-A6BA-1C1C73A63592}
iZotope Alloy-->"C:\Programme\iZotope\Alloy\unins000.exe"
iZotope Ozone 4-->"C:\Programme\iZotope\Ozone 4\unins000.exe"
JPGVideo 1.05.0.0-->C:\Programme\JPGVideo\unins000.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lexicon PSP42 1.4-->C:\PROGRA~1\PSP\LEXICO~1\UNWISE.EXE C:\PROGRA~1\PSP\LEXICO~1\INSTALL.LOG
LightZone 3.8-->C:\Programme\LightZone 3\uninstall.exe
Lounge Lizard EP-2 v2.0-->C:\PROGRA~1\LOUNGE~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\LOUNGE~1\UNINST~1\INSTALL.LOG
LucasArts' Grim Fandango-->C:\WINDOWS\uninst.exe -f"C:\Program Files\LucasArts\Grim\DeIsL1.isu"
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
M-Audio Series II MIDI-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
Melodyne 3.1-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Programme\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
N.I. Guitar Rig v2.0.2-->C:\Programme\Native Instruments\Guitar Rig 2\uninstall.exe
Native Instruments B4 II-->C:\PROGRA~1\NATIVE~1\B4II~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\B4II~1\INSTALL.LOG
Native Instruments Controller Editor-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Controller Editor-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe
Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~2\INSTALL.LOG
Native Instruments Guitar Rig 4-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Guitar Rig 4-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\Massive\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Massive\INSTALL.LOG
Native Instruments Service Center-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Service Center-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Nomad Factory Blue Tubes Bundle v2.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\BLUETU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\BLUETU~1\NOMADF~1\INSTALL.LOG
Nomad Factory Rock Amp Legends VST v1.0-->C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\NOMADF~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\VSTPLU~1\NOMADF~1\INSTALL.LOG
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
OpenAL-->"C:\Programme\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
OpenSource DTS/AC3/DD+ Source Filter (remove only)-->"C:\Programme\OpenSource DTSAC3DD+ Source Filter\uninstall.exe"
OpenSource Flash Video Splitter (remove only)-->"C:\Programme\OpenSource Flash Video Splitter\uninstall.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photomatix Pro version 3.2-->"C:\Programme\PhotomatixPro3\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PSP 84 v1.0-->C:\PROGRA~1\PSP\PSP84~1\UNWISE.EXE C:\PROGRA~1\PSP\PSP84~1\INSTALL.LOG
PSP EasyVerb 1.5.4-->"C:\Programme\PSP\PSP EasyVerb\uninstall.exe" "/U:C:\Programme\PSP\PSP EasyVerb\irunin.xml"
PSP MasterQ 1.5.0-->"C:\Programme\PSP\PSP MasterQ 1.5.0\uninstall.exe" "/U:C:\Programme\PSP\PSP MasterQ 1.5.0\irunin.xml"
PSP Nitro 1.1.0-->C:\WINDOWS\iun6002.exe "C:\Programme\PSP\PSP Nitro\irunin.ini"
PSP PianoVerb 1.0-->C:\WINDOWS\iun506.exe C:\Programme\PSP\PianoVerb\irunin.ini
PSP VintageWarmer 2.0.0-->"C:\Programme\PSP\PSP VintageWarmer 2.0.0\uninstall.exe" "/U:C:\Programme\PSP\PSP VintageWarmer 2.0.0\irunin.xml"
PTLens-->MsiExec.exe /I{23773C74-EBEE-41FB-86ED-58B599A2B586}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealMedia (remove only)-->"C:\Programme\RealMedia\uninstall.exe"
Replay Converter 3-->"C:\WINDOWS\Replay Converter 3\uninstall.exe" "/U:C:\Programme\Applian Director\Replay Converter\Uninstall\ReplayConverrter3Uninstall.xml"
Replay Media Catcher-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Requiem: Avenging Angel(TM)-->C:\WINDOWS\IsUninst.exe -fC:\Programme\3DO\Requiem\Uninst.isu
Royale Remixed Theme-->MsiExec.exe /I{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}
Samsung_MonSetup-->C:\Programme\InstallShield Installation Information\{8EA79DBF-D637-448A-89D6-410A087A4493}\setup.exe -runfromtemp -l0x0009 -removeonly
Sharpener Pro 3.0-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Sharpener Pro 3.0\uninstall.exe
SHOUTcast Source (remove only)-->"C:\Programme\SHOUTcast Source\uninstall.exe"
Silver Efex Pro-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Silver Efex Pro\uninstall.exe
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype·4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SpeedFan (remove only)-->"C:\Programme\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase SX 3-->"C:\Programme\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Programme\Steinberg\Cubase SX 3\install.log"
Stifttablett-->C:\Programme\Tablet\Pen\Remove.exe /u
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SyncroSoft Emu (Remove only)-->C:\Programme\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosofts Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Trespasser-->C:\Programme\DreamWorks Interactive\Trespasser\setup95.exe /uninstall
Trilogy-->C:\Programme\Spectrasonics\Trilogy\unins000.exe
TuneUp Utilities-->C:\Programme\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Vanguard Demo 1.03-->"C:\Programme\Steinberg\Cubase SX 3\Vstplugins\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Viveza-->C:\Programme\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Viveza\uninstall.exe
VLC media player 1.0.5-->C:\Programme\VLC\uninstall.exe
WaveLab 6-->"C:\Programme\Steinberg\WaveLab 6\Uninstall.exe" "C:\Programme\Steinberg\WaveLab 6\install.log"
Waves API Collection-->C:\PROGRA~1\Waves\Logs\WAVESA~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESA~1\INSTALL.LOG
Waves GTR 3-->C:\PROGRA~1\Waves\Logs\WAVESG~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESG~1\INSTALL.LOG
Waves L3 LL-->C:\PROGRA~1\Waves\Logs\WAVESL~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESL~1\INSTALL.LOG
Waves Mercury Bundle-->C:\PROGRA~1\Waves\Logs\WAVESM~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESM~1\INSTALL.LOG
Waves SSL Collection v1.2-->C:\PROGRA~1\Waves\AIRLOG~1\WAVESS~1.2\UNWISE.EXE C:\PROGRA~1\Waves\AIRLOG~1\WAVESS~1.2\INSTALL.LOG
Webcam and Screen Recorder 4.5.6-->"C:\Programme\Wbcm and Screen Recorder\unins000.exe"
Webcam Simulator 6.3-->"C:\Programme\Webcam Simulator\unins000.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe
Wizoo WizooVerb W2 VST RTAS v1.0-->C:\PROGRA~1\Wizoo\WIZOOV~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\Wizoo\WIZOOV~1\UNINST~1\INSTALL.LOG
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zeallsoft Super Webcam Recorder 4.0-->"C:\Programme\Zeallsoft\Super Webcam Recorder\unins000.exe"

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======System event log======

Computer Name: HAGBARD
Event Code: 7000
Message: Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.


Record Number: 21313
Source Name: Service Control Manager
Time Written: 20100419223248.000000+120
Event Type: Fehler
User:

Computer Name: HAGBARD
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\CdRom2.

Record Number: 21312
Source Name: Cdrom
Time Written: 20100419223234.000000+120
Event Type: Warnung
User:

Computer Name: HAGBARD
Event Code: 4201
Message: Netzwerkadapter "VIA...Fast Ethernet Adapter - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 21311
Source Name: Tcpip
Time Written: 20100419223234.000000+120
Event Type: Informationen
User:

Computer Name: HAGBARD
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 21310
Source Name: EventLog
Time Written: 20100419223221.000000+120
Event Type: Informationen
User:

Computer Name: HAGBARD
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 21309
Source Name: EventLog
Time Written: 20100419223221.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: HAGBARD
Event Code: 11707
Message: Product: Microsoft AppLocale -- Installation completed successfully.

Record Number: 2082
Source Name: MsiInstaller
Time Written: 20091118020239.000000+060
Event Type: Informationen
User: HAGBARD\Fernando Poo

Computer Name: HAGBARD
Event Code: 101
Message: wuauclt (3528) Das Datenbankmodul wurde beendet.

Record Number: 2081
Source Name: ESENT
Time Written: 20091117134930.000000+060
Event Type: Informationen
User:

Computer Name: HAGBARD
Event Code: 103
Message: wuaueng.dll (3528) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.

Record Number: 2080
Source Name: ESENT
Time Written: 20091117134930.000000+060
Event Type: Informationen
User:

Computer Name: HAGBARD
Event Code: 102
Message: wuaueng.dll (3528) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).

Record Number: 2079
Source Name: ESENT
Time Written: 20091117134429.000000+060
Event Type: Informationen
User:

Computer Name: HAGBARD
Event Code: 100
Message: wuauclt (3528) Das Datenbankmodul 5.01.2600.2180 ist gestartet.

Record Number: 2078
Source Name: ESENT
Time Written: 20091117134429.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\Gemeinsame Dateien\iZotope\Runtimes
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Programme\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------





Auf jeden Fall tat es schon mal gut CCleaner und die anderen Sachen laufen zu lassen. Ein sauberer Rechner ist schon was feines.

Ich habe davor nur ab und an Spybot und Ad-Aware benutzt. Beide fanden meißt nur ein paar Cookies und so. TuneUp Utilitties habe ich vor ein paar Tagen (aber nach dem ich den Trojaner entdeckt habe) laufen lassen, das hat extrem viele Probleme gefunden und behoben. Der Rechner ist stark fragmentiert, das könnte vielleicht auch ein Grund sein, warum er sich manchmal aufhängt(?).

Also also, was meint ihr Profis zu den Logs? Wie soll ich vorgehen?

Besten Dank! Ihr habt mir schon mal geholfen.
Atoll

Geändert von Atoll (26.04.2010 um 14:37 Uhr) Grund: zwar inaktive Links, aber dennoch mit www. durch wxxw. ersezt

Alt 26.04.2010, 14:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32.tdss.rtk - Standard

win32.tdss.rtk



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 26.04.2010, 19:29   #3
Atoll
 
win32.tdss.rtk - Standard

win32.tdss.rtk



Hab leider vor deiner Antwort noch mal mit Spybot den win32.tdss.rtk gelöscht, vielleicht bringt jetzt die Logdatei nicht ganz so viel...

Malwarebytes' Anti-Malware 1.45
Malwarebytes

Datenbank Version: 4036

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26.04.2010 19:13:46
mbam-log-2010-04-26 (19-13-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|M:\|N:\|O:\|)
Durchsuchte Objekte: 543540
Laufzeit: 1 Stunde(n), 41 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 22

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Spectrasonics.Omnisphere.v1.0\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Spectrasonics.Omnisphere.v1.0\Updates\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Programme\Lounge Lizard\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Audio Damage\dubuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Blue Tubes Bundle\Nomad Factory Blue Tubes Bundle Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Nomad Factory RAL\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Steinberg\Cubase SX 3\Vstplugins\Saffire Bundle v2.0\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Edirol\Super Quartet Log\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\PSP\Lexicon PSP42\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
C:\Programme\Wizoo\WizooVerb\Uninstall\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully.
O:\Auslagerung\2008 und früher\Gary.Garritan.Jazz.and.Big.Band\Keygen\Key Gen\KONTAKT.v2.02.KEYGEN.EXE (Malware.Packer.Gen) -> Quarantined and deleted successfully.
O:\Auslagerung\2008 und früher\Native.Instruments.B4.II.v2.0.HYBRiD.ISO-DELiRiUM\B4_II_KEYGEN.EXE (Trojan.Agent.CK) -> Quarantined and deleted successfully.
O:\Auslagerung\2008 und früher\Native.Instruments.Traktor.DJ.Studio.3.ISO-DELiRiUM\TRAKTOR_DJ_STUDIO_3_KEYGEN.EXE (Trojan.Goldun) -> Quarantined and deleted successfully.
O:\Auslagerung\2009\Home Studio Bundle\Novation.Bass-Station\Novation.Bass-Station.VSTi.v1.10-H2O\Novation.Bass-Station.VSTi.v1.10-H2O\nbst11kg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
O:\Auslagerung\2009\PTLens.Standalone.And.Photoshop.Plugin.v8.5.2.Multilingual-DVT\DVT\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
O:\Auslagerung\2009\PTLens.Standalone.And.Photoshop.Plugin.v8.5.2.Multilingual-DVT\Setup\ptlens.msi (Trojan.Downloader) -> Quarantined and deleted successfully.
O:\Auslagerung\2009\PTLens.Standalone.And.Photoshop.Plugin.v8.5.2.Multilingual-DVT\Setup\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
O:\Auslagerung\2009\XLN.Audio.Addictive.Drums.DVDR.HYBRID-AiRISO\keygen#\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
O:\Auslagerung\2010\Celemony Melodyne Studio Edition v3.1.2.0 Incl Keygen\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
O:\Auslagerung\2010\East West Quantum Leap Stormdrum Kompakt Edition\stormdrum_kompakt_keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
O:\Auslagerung\2010\Easy Paint tool SAI\crack\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
O:\Auslagerung\2010\PS\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



Nachdem ich mit Malwarebytes den Riesenscan gemacht hab ist der Rechner beim Hochfahren immer häbngengeblieben. 4 Versuche und dann gings wieder. Jetzt läuft OTL:


OTL logfile created on: 26.04.2010 19:25:31 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Fernando Poo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 125,46 Gb Total Space | 22,51 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 12,94 Gb Free Space | 13,26% Space Free | Partition Type: NTFS
Drive E: | 9,76 Gb Total Space | 9,76 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive F: | 7,63 Gb Total Space | 3,40 Gb Free Space | 44,50% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAGBARD
Current User Name: Fernando Poo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()
PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
PRC - C:\Programme\Googlemail Notifier\gnotify.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WTouchService) -- C:\Programme\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (NIHardwareService) -- C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (MA_CMIDI_InstallerService) -- C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe ()


========== Driver Services (SafeList) ==========

DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O)
DRV - (d347prt) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (d347bus) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about.blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about.blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/watch?v=y8qtJ2aPqWI&feature=related"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.23 18:32:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.18 02:21:09 | 000,000,000 | ---D | M]

[2009.03.30 20:53:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Extensions
[2010.04.26 02:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions
[2010.04.15 17:13:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.22 21:56:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.12.31 19:13:40 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.01.19 18:00:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Mozilla\Firefox\Profiles\bus468u9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.14 20:17:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.12 18:52:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 18:52:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 18:52:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 18:52:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 18:52:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.11.25 12:33:43 | 000,001,302 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Fernando Poo\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Fernando Poo\Startmenü\Programme\Autostart\gnotify.lnk = C:\Programme\Googlemail Notifier\gnotify.exe (Google Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.30 20:03:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.26 14:05:52 | 000,000,121 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{674c33ca-a2d9-11de-8ac2-000c76710209}\Shell - "" = AutoRun
O33 - MountPoints2\{674c33ca-a2d9-11de-8ac2-000c76710209}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8715acb0-7792-11de-8a87-000c76710209}\Shell\AutoRun\command - "" = N:\MI.exe -- File not found
O33 - MountPoints2\{d4ffac94-0860-11df-8b79-000c76710209}\Shell\AutoRun\command - "" = ·Ë
O33 - MountPoints2\{d4ffac94-0860-11df-8b79-000c76710209}\Shell\explore\Command - "" = K:\RECYCLER\INFO.exe -- File not found
O33 - MountPoints2\{d4ffac94-0860-11df-8b79-000c76710209}\Shell\open\Command - "" = K:\RECYCLER\INFO.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.26 17:19:31 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe
[2010.04.26 14:16:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.26 14:16:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.26 13:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\Malwarebytes
[2010.04.26 13:58:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.26 13:58:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 13:58:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.26 13:58:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.04.26 13:53:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Recent
[2010.04.26 13:51:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.24 22:01:50 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.04.24 22:01:49 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.04.24 22:01:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Anwendungsdaten\TuneUp Software
[2010.04.24 22:01:19 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.04.24 22:00:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.04.24 22:00:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.22 04:26:21 | 000,000,000 | ---D | C] -- C:\Programme\Wbcm and Screen Recorder
[2010.04.22 04:10:00 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\msvcr71.dll
[2010.04.22 03:59:44 | 000,000,000 | ---D | C] -- C:\Programme\Zeallsoft
[2010.04.21 21:31:50 | 000,000,000 | ---D | C] -- C:\videooutput
[2010.04.21 21:31:47 | 000,139,264 | ---- | C] (Xvid.org: Home of the Xvid Codec) -- C:\WINDOWS\System32\xvid.ax
[2010.04.21 21:31:47 | 000,000,000 | ---D | C] -- C:\Programme\FLV to AVI MPEG WMV Converter
[2010.04.21 21:27:43 | 000,000,000 | ---D | C] -- C:\Programme\Webcam Simulator
[2010.04.21 21:27:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\wcs
[2010.04.21 16:31:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\Downloads
[2010.04.18 02:21:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\Eigene Videos
[2010.04.18 01:22:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2010.04.18 01:21:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\DivX Movies
[2010.03.31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010.03.29 07:17:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\My Recordings
[2010.03.28 16:00:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Fernando Poo\Eigene Dateien\Addictive Drums
[2009.04.15 22:35:48 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009.04.15 22:35:48 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.26 19:24:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.26 19:24:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010.04.26 19:24:02 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010.04.26 19:24:02 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010.04.26 19:24:01 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010.04.26 19:22:40 | 000,244,806 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.04.26 19:22:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.26 19:22:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.26 19:14:19 | 010,223,616 | -H-- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\NTUSER.DAT
[2010.04.26 19:14:19 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\ntuser.ini
[2010.04.26 17:19:39 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\OTL.exe
[2010.04.26 14:15:04 | 000,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\RSIT.exe
[2010.04.26 13:58:06 | 000,000,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 13:55:56 | 000,048,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\cc_20100426_135540.reg
[2010.04.26 13:51:30 | 000,001,513 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\CCleaner.lnk
[2010.04.26 13:41:52 | 003,923,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\ComboFix.exe
[2010.04.26 12:59:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.26 02:18:42 | 000,181,248 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.24 22:01:48 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk
[2010.04.22 04:51:16 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010.04.22 04:51:16 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010.04.21 21:31:47 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Freez FLV to AVI MPEG WMV Converter.lnk
[2010.04.21 15:23:30 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.04.20 17:50:22 | 000,001,487 | ---- | M] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Rechner.lnk
[2010.04.01 15:17:48 | 000,030,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010.03.31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.28 15:11:04 | 001,043,836 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.28 15:11:04 | 000,448,918 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.03.28 15:11:04 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.28 15:11:04 | 000,080,464 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.03.28 15:11:04 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.26 14:15:03 | 000,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\RSIT.exe
[2010.04.26 13:58:06 | 000,000,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.26 13:55:43 | 000,048,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\cc_20100426_135540.reg
[2010.04.26 13:51:30 | 000,001,513 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\CCleaner.lnk
[2010.04.26 13:41:43 | 003,923,062 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\ComboFix.exe
[2010.04.24 22:01:48 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk
[2010.04.21 21:31:47 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll
[2010.04.21 21:31:47 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.04.21 21:31:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.04.21 21:31:47 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Freez FLV to AVI MPEG WMV Converter.lnk
[2010.04.20 17:50:19 | 000,001,487 | ---- | C] () -- C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Rechner.lnk
[2010.01.15 03:29:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.11.04 14:46:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.05.28 00:55:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009.05.20 03:00:15 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll
[2009.04.27 19:07:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009.04.27 18:42:23 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2009.03.30 20:46:47 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2009.03.30 20:46:04 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009.02.18 14:44:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.02.18 14:44:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.02.18 14:44:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.02.18 14:44:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.03.09 10:15:22 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\ELVideoCapture.dll
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004.08.04 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.02.18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >


_________________________________________________________________



OTL Extras logfile created on: 26.04.2010 19:25:31 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Fernando Poo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 125,46 Gb Total Space | 22,51 Gb Free Space | 17,94% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 12,94 Gb Free Space | 13,26% Space Free | Partition Type: NTFS
Drive E: | 9,76 Gb Total Space | 9,76 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive F: | 7,63 Gb Total Space | 3,40 Gb Free Space | 44,50% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAGBARD
Current User Name: Fernando Poo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Programme\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23773C74-EBEE-41FB-86ED-58B599A2B586}" = PTLens
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66BA35B0-1911-47EF-B170-1DCFFDA362F1}" = AmpliTube Jimi Hendrix
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7F60B4-F1E9-473F-A6BA-1C1C73A63592}" = ILLUSION Sexyビーチ3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CF1D7323-8A0A-49C7-83B0-088DB90721E2}" = AmpegSVX
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype・4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Generic USB CardReader 2.0
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5DCB11C-8F09-4C71-B952-B96DBB4E6584}" = ILLUSION Sexyビーチ3~キャラクター追加DISC~
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"Applian Director1.1" = Applian Director
"Arturia Modular System v1.0" = Arturia Modular System v1.0
"Atmosphere_is1" = Atmosphere
"Audio Damage DubStation VST v1.0.2.0" = Audio Damage DubStation VST v1.0.2.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BigTick Rhino v1.01" = BigTick Rhino v1.01
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Daphne" = Daphne 1.46
"DCoder Image Source" = DCoder Image Source (remove only)
"Deus Ex" = Deus Ex
"Dfine 2.0" = Dfine 2.0
"DirectVobSub" = DirectVobSub (remove only)
"Discord 2 VST plug-in" = Discord 2 VST plug-in
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DreamWorks Interactive: Trespasser" = Trespasser
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"East West Stormdrum Kompakt" = East West Stormdrum Kompakt
"Edirol SuperQuartet v1.5" = Edirol SuperQuartet v1.5
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FabFilter One 3.05" = FabFilter One 3.05
"FabFilter Pro-C VST RTAS_is1" = FabFilter Pro-C VST RTAS v1.10
"FabFilter Simplon_is1" = FabFilter Simplon VST RTAS v1.01
"FabFilter Timeless v1.00 VST" = FabFilter Timeless v1.00 VST
"FabFilter Volcano 2.00" = FabFilter Volcano 2.00
"Fallout" = Fallout
"FileZilla Client" = FileZilla Client 3.2.4.1
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"Focusrite Saffire Bundle VST v2.0" = Focusrite Saffire Bundle VST v2.0
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Garritan Jazz Big Band" = Garritan Jazz Big Band
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"iZotope Alloy_is1" = iZotope Alloy
"iZotope Ozone 4_is1" = iZotope Ozone 4
"JPGVideo_is1" = JPGVideo 1.05.0.0
"Lexicon PSP42 1.4" = Lexicon PSP42 1.4
"LightZone 3.8" = LightZone 3.8
"Lounge Lizard EP-2 v2.0" = Lounge Lizard EP-2 v2.0
"LucasArts' Grim Fandango" = LucasArts' Grim Fandango
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 2.0.2" = N.I. Guitar Rig v2.0.2
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Massive v1.0.1.008 VSTi DXi RTAS" = Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
"Native Instruments Service Center" = Native Instruments Service Center
"Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS" = Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
"Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0
"Nomad Factory Rock Amp Legends VST v1.0" = Nomad Factory Rock Amp Legends VST v1.0
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Pen Tablet Driver" = Stifttablett
"PhotomatixPro3Betax32_is1" = Photomatix Pro version 3.2
"PSP 84 v1.0" = PSP 84 v1.0
"PSP EasyVerb 1.5.4" = PSP EasyVerb 1.5.4
"PSP MasterQ 1.5.0" = PSP MasterQ 1.5.0
"PSP PianoVerb1.0" = PSP PianoVerb 1.0
"PSP VintageWarmer 2.0.0" = PSP VintageWarmer 2.0.0
"PSP_Nitro" = PSP Nitro 1.1.0
"RealMedia" = RealMedia (remove only)
"Replay Converter 3" = Replay Converter 3
"Replay Media Catcher 3.11" = Replay Media Catcher
"Requiem: Avenging Angel(TM)" = Requiem: Avenging Angel(TM)
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Silver Efex Pro" = Silver Efex Pro
"SpeedFan" = SpeedFan (remove only)
"Steinberg Cubase SX 3" = Steinberg Cubase SX 3
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Trilogy_is1" = Trilogy
"TuneUp Utilities" = TuneUp Utilities
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Vanguard Demo_is1" = Vanguard Demo 1.03
"Viveza" = Viveza
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WaveLabPro" = WaveLab 6
"Waves API Collection" = Waves API Collection
"Waves GTR 3" = Waves GTR 3
"Waves L3 LL" = Waves L3 LL
"Waves Mercury Bundle" = Waves Mercury Bundle
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"Webcam and Screen Recorder_is1" = Webcam and Screen Recorder 4.5.6
"Webcam Simulator_is1" = Webcam Simulator 6.3
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"Wizoo WizooVerb W2 VST RTAS v1.0" = Wizoo WizooVerb W2 VST RTAS v1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zeallsoft Super Webcam Recorder_is1" = Zeallsoft Super Webcam Recorder 4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04.11.2009 14:08:45 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung flvplayer.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 04.11.2009 14:20:58 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung flvplayer.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 05.11.2009 02:00:50 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3576, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 05.11.2009 10:31:39 | Computer Name = HAGBARD | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00157983.

Error - 08.11.2009 22:35:26 | Computer Name = HAGBARD | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00157983.

Error - 24.11.2009 17:51:54 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ACDSeeQV11.exe, Version 2.0.100.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 24.11.2009 17:51:58 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ACDSeeQV11.exe, Version 2.0.100.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 25.11.2009 23:30:07 | Computer Name = HAGBARD | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acdseeqv11.exe, Version 2.0.100.0, fehlgeschlagenes
Modul ide_psd.apl, Version 5.0.49.0, Fehleradresse 0x000194ea.

Error - 02.12.2009 16:53:00 | Computer Name = HAGBARD | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung photoshop.exe, Version 11.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0b578f6b.

Error - 03.12.2009 00:41:38 | Computer Name = HAGBARD | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.2180, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 25.04.2010 10:39:39 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 10:39:49 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 10:40:00 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 10:40:11 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 10:40:22 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 10:40:32 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 10:40:43 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 10:40:54 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 12:22:26 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.

Error - 25.04.2010 17:49:29 | Computer Name = HAGBARD | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.


< End of report >




Soll ich mit OTL noch was anderes machen, wie Run Fix oder CleanUp?

Naja, so weit erst mal.

Besten Dank für die schnelle schnele Antwort!!
__________________

Alt 26.04.2010, 21:13   #4
maci321
 
win32.tdss.rtk - Standard

win32.tdss.rtk



Hi, wenn ich mich kurz einmischen darf, eigentlich dürfte er keinen support mehr erhalten(@ cosinus)
WEIL :
Zitat:
Infizierte Dateien:
C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Spectrasonics.Omnisphere.v1.0\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Fernando Poo\Desktop\Spectrasonics.Omnisphere.v1.0\Updates\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Alt 26.04.2010, 22:23   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
win32.tdss.rtk - Standard

win32.tdss.rtk



Jop, richtig erkannt! Denn: Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Atoll geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.04.2010, 13:23   #6
Atoll
 
win32.tdss.rtk - Standard

win32.tdss.rtk



Ok, danke dennoch.

Antwort

Themen zu win32.tdss.rtk
?????, ad-aware, ad-watch, adobe, applaus, bho, browser, c:\windows\system32\rundll32.exe, components, cubase, desktop, dropbox, einstellungen, explorer, flash player, fontcache, ftp, googlemail, hdaudio.sys, hijackthis, install.exe, lizenz, mozilla, mp3, msiexec.exe, nvidia, pdf, photoshop, plug-ins, programme, registry, rundll, security, service pack 1, shell32.dll, skype.exe, software, svchost.exe, system, trojaner, warum, win32.tdss.rtk, windows xp, wscript.exe, wuauclt



Ähnliche Themen: win32.tdss.rtk


  1. Bin ich Win32.TDSS.rtk los?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (3)
  2. win32.tdss.rtk entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (14)
  3. Trojan.Win32.TDSS.qdw
    Plagegeister aller Art und deren Bekämpfung - 27.06.2010 (9)
  4. rootkit.win32.tdss.d
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (2)
  5. rootkit.win32.tdss.d
    Plagegeister aller Art und deren Bekämpfung - 21.04.2010 (1)
  6. Rootkit.Win32.TDSS.d
    Plagegeister aller Art und deren Bekämpfung - 15.04.2010 (28)
  7. Trojaner win32.tdss!IK
    Plagegeister aller Art und deren Bekämpfung - 25.12.2009 (1)
  8. Trojan.TDss!K - Packed.Win32.Tdss!IK - und wer weiß was noch alles!
    Plagegeister aller Art und deren Bekämpfung - 09.12.2009 (1)
  9. Packed.Win32.TDSS.z
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (8)
  10. Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (3)
  11. win32.tdss.rtk von s&d gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.09.2009 (11)
  12. Win32.TDSS.reg
    Plagegeister aller Art und deren Bekämpfung - 20.08.2009 (1)
  13. win32.tdss.rtk eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.08.2009 (16)
  14. Trojaner WIN32.TDSS.rtk
    Plagegeister aller Art und deren Bekämpfung - 02.07.2009 (0)
  15. Packed.Win32.Tdss.m ; Win32.WhenU.a
    Plagegeister aller Art und deren Bekämpfung - 29.06.2009 (2)
  16. Rootkit.Win32.TDSS.a
    Plagegeister aller Art und deren Bekämpfung - 16.05.2009 (15)
  17. trojan.Win32.Tdss.why (Engine A)
    Plagegeister aller Art und deren Bekämpfung - 30.04.2009 (7)

Zum Thema win32.tdss.rtk - Hallo hallo, Spybot findet immerwieder den Trojaner win32.tdss.rtk . Zudem gab's ein paar Probleme mit Mozilla, der hängenbleibt und ich dann meinen Rechner nicht mehr runterfahren konnte. Affengriff (str+alt+entf) ging - win32.tdss.rtk...
Archiv
Du betrachtest: win32.tdss.rtk auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.