ICQ sendet sehr viele Nachrichten => Kick / PC Lag's

#1 Hallo liebe Leute

Eigentlich kriege ich meine meisten Computer Probleme selbst hin, aber hier beiße ich auf Granit und hoffe das ihr mir helfen könnt.

Wenn ich mich über ICQ einlogge benutzte ich den Client QIP. Es passiert oft, dass wenn ich connecte, das ich in einem Abstand von 1-2 Sekunden 2 Hinweise von QI bekommen:
1: Warnung, Sie verschicken zu viele Nachrichten in zu kurzer Zeit.
2: Sie haben zu viele Nachrichten verschcikt -> Kick

Oft kriege ich auch "beschwerden" von Freunden das ich irgendwelche Links verschicke. Ich selber habe aber nie ein solchen Link angeklickt...

Vlt könnt ihr mir helfen. Ich habe vorhin sämtliche Log's gemacht, und Poste diese einfach mal. Danke!


==============
ComboFix
==============

ComboFix 08-01-30.1 - Tobi 2008-01-30 0:53:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.657 [GMT 1:00]
ausgeführt von:: C:\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((( Dateien erstellt von 2007-12-28 bis 2008-01-30 ))))))))))))))))))))))))))))))
.

2008-01-30 00:47 . 2008-01-30 00:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-30 00:47 . 2008-01-30 00:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-30 00:47 . 2008-01-30 00:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-30 00:47 . 2008-01-30 00:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-30 00:47 . 2008-01-30 00:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-28 00:48 . 2008-01-28 01:16 <DIR> d-------- C:\Programme\BridgeBuilderDemo
2008-01-23 17:12 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-23 17:12 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-23 17:12 . 2004-08-04 00:57 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-23 17:12 . 2004-08-04 00:57 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-23 17:12 . 2004-08-04 00:46 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-23 17:12 . 2004-08-04 00:46 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-22 00:48 . 2008-01-22 00:48 <DIR> d-------- C:\Programme\Eraser
2008-01-22 00:48 . 2008-01-22 00:48 <DIR> d--h----- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}
2008-01-18 15:59 . 2008-01-19 13:10 285 --a------ C:\WINDOWS\wcx_ftp.ini
2008-01-18 15:58 . 2008-01-18 15:58 <DIR> d-------- C:\totalcmd
2008-01-18 15:58 . 2008-01-19 13:59 1,360 --a------ C:\WINDOWS\wincmd.ini
2008-01-18 15:58 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-01-18 15:58 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-01-18 15:58 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-01-18 15:58 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-01-18 15:58 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-01-18 15:58 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-01-18 15:58 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-01-17 22:07 . 2008-01-17 22:07 <DIR> d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\Microsoft Games
2008-01-14 19:57 . 2008-01-14 22:44 <DIR> d-------- C:\Programme\CommView
2008-01-13 18:47 . 2008-01-13 18:47 <DIR> d-------- C:\Programme\PE Explorer
2008-01-13 18:47 . 2008-01-13 18:47 <DIR> d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\PE Explorer
2008-01-13 18:10 . 2008-01-13 18:30 219 --a------ C:\WINDOWS\w32demo8.ini
2008-01-13 17:26 . 2008-01-13 20:27 <DIR> d-------- C:\Programme\dis
2008-01-08 23:46 . 2008-01-08 23:46 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
2008-01-07 16:32 . 2008-01-07 16:32 <DIR> d-------- C:\Programme\Microsoft Silverlight
2008-01-07 16:32 . 2008-01-07 16:32 1,446,464 --a------ C:\Programme\Silverlight.exe
2008-01-01 16:50 . 2008-01-04 17:39 <DIR> d-------- C:\Programme\TrackMania Nations ESWC
2007-12-31 16:35 . 2007-12-31 16:35 <DIR> d-------- C:\Programme\D-Tools
2007-12-31 16:35 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-31 16:35 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-31 16:17 . 2007-12-31 16:17 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-30 19:31 . 2007-12-30 19:31 1,718,828 --a------ C:\01_figter2.wav
2007-12-30 19:17 . 2007-12-30 19:17 2,350,124 --a------ C:\01_RTL - Newmedia - .wav
2007-12-30 15:31 . 2007-12-30 15:31 44 --a------ C:\02_[ICY 200 OK] http___72_35_226_50_8982.wav
2007-12-30 15:31 . 2007-12-30 15:31 44 --a------ C:\01_[ICY 200 OK] http___205_188_215_228_8022.wav
2007-12-26 22:00 . 2007-12-26 22:01 36,184,552 --a------ C:\01_Kaiser Chiefs - Ruby.wav
2007-12-17 23:17 . 2007-12-17 23:17 <DIR> d-------- C:\Programme\DivX
2007-12-17 19:15 . 2007-12-17 19:15 <DIR> d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\My Games
2007-12-17 19:09 . 2007-12-17 19:09 <DIR> d-------- C:\Programme\Firaxis Games
2007-12-17 16:20 . 2007-12-17 16:20 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-06 19:37 . 2004-07-10 18:37 479,385 --a------ C:\WINDOWS\ALX_1600x1200.jpg
2007-12-06 19:19 . 2006-08-18 12:45 90,889 --a------ C:\WINDOWS\AW_XenoMorph1600.jpg
2007-12-06 19:16 . 2007-12-06 19:16 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Stardock
2007-12-06 19:16 . 2007-12-25 03:40 <DIR> d-------- C:\Programme\AlienGUIse
2007-12-06 19:16 . 2007-12-06 19:16 52 --a------ C:\WINDOWS\wb.ini
2007-12-06 18:40 . 2007-12-06 19:05 39,629,592 --a------ C:\Programme\Xenomorph_slim.exe
2007-12-06 17:22 . 2007-12-22 19:21 <DIR> d-------- C:\Programme\Gamers.IRC
2007-12-06 17:20 . 2007-12-06 17:20 3,455,791 --a------ C:\Programme\girc515.exe
2007-12-06 16:56 . 2007-12-06 16:56 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2
2007-12-03 16:41 . 2008-01-01 17:26 <DIR> d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\Hamachi
2007-12-03 00:30 . 2007-12-03 00:30 6,585,000 --a------ C:\Programme\Opera_9.24_International_Setup.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 22:27 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-01-19 22:24 --------- d-----w C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\AdobeUM
2008-01-17 19:22 --------- d-----w C:\Programme\Microsoft Games
2008-01-11 14:58 162,914 ----a-w C:\Programme\dl381971255141199982925screen2.JPG
2008-01-08 22:45 --------- d-----w C:\Programme\ICQToolbar
2007-12-31 15:50 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-12-30 14:31 --------- d-----w C:\Programme\Winamp
2007-12-25 02:55 14,336 --sha-w C:\Programme\Thumbs.db
2007-12-25 02:43 --------- d-----w C:\Programme\animated_captcha-2007-02-19
2007-12-08 14:53 --------- d-----w C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\MySQL
2007-12-08 14:49 --------- d-----w C:\Programme\MySQL
2007-12-08 14:47 --------- d-----w C:\Programme\hamachi
2007-12-06 16:02 --------- d-----w C:\Programme\SoftMaker Viewer
2007-12-06 16:01 --------- d-----w C:\Programme\PartyGaming
2007-12-06 15:59 --------- d-----w C:\Programme\Passware
2007-12-06 15:58 --------- d-----w C:\Programme\Limeware
2007-12-06 15:33 --------- d-----w C:\Programme\BestLogic
2007-12-06 15:31 --------- d-----w C:\Programme\CACE Technologies
2007-12-03 23:30 --------- d-----w C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\OpenOffice.org2
2007-12-03 15:40 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-18 23:07 2,049,244 ----a-w C:\Programme\qip8040.exe
2007-11-17 19:24 300,646 ----a-w C:\WINDOWS\system32\avmcache.dll
2007-11-12 15:06 0 ----a-w C:\Programme\fr80pe_tb.exe
2007-10-31 13:36 38,057 ----a-w C:\Programme\lightbox-attachment-thumb-integration.zip
2007-10-29 22:42 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 15:31 2,042,905 ----a-w C:\Programme\qip8030.zip
2007-10-27 17:25 8,287,096 ----a-w C:\Programme\youtubeconverter_setup.exe
2007-10-27 17:24 6,396,258 ----a-w C:\Programme\dvdripper_setup.exe
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 20:03 67,249 ----a-w C:\Programme\animated_captcha-2007-02-19.zip
2007-10-23 18:51 1,314,219 ----a-w C:\Programme\aircrack-ng-0.9.1-win.zip
2007-10-23 18:43 2,390,773 ----a-w C:\Programme\setup_airpcap_3_1.exe
2007-10-23 18:40 561,648 ----a-w C:\Programme\WinPcap_4_0_1.exe
2007-10-23 18:38 4,804,665 ----a-w C:\Programme\setup_kismet_2007-01-R1b.exe
2007-10-23 18:25 1,116,546 ----a-w C:\Programme\odbg110.zip
2007-10-11 05:58 671,744 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-07 12:49 10,656,216 ----a-w C:\Programme\JoostSetup-Beta-1.0.exe
2007-10-06 10:34 11,863,224 ----a-w C:\Programme\pidgin-2.2.1.exe
2007-10-05 00:24 2,497 ----a-w C:\Programme\[isoHunt] board.zip.torrent
2007-10-04 18:19 109,773,352 ----a-w C:\Programme\WinFuture_WinXPsp2_UpdatePack_2.21_August-2007-Vollversion.exe
2007-08-04 16:32 694,679 ----a-w C:\Programme\msvbvm60.zip
2007-08-03 11:00 19,080 ----a-w C:\Programme\hello
2007-08-01 23:27 2,091,456 ----a-w C:\Programme\LanguagePack-1.4.4.9706-win32-de.exe
2007-08-01 23:20 9,214,464 ----a-w C:\Programme\TortoiseSVN-1.4.4.9706-win32-svn-1.4.4.msi
2007-07-31 23:29 8,731,456 ----a-w C:\Programme\Install-SpaceTime3D.exe
2007-07-16 14:51 641,975 ----a-w C:\Programme\hdtune_253.exe
2007-07-15 17:49 1,208,849 ----a-w C:\Programme\Multidecoder1.0.0.25.zip
2007-07-15 15:55 289,217 ----a-w C:\Programme\messenger_key_7.1_build_1467_setup.zip
2007-07-15 15:50 27,651 ----a-w C:\Programme\icq_link_patch.zip
2007-07-15 12:26 12,224,648 ----a-w C:\Programme\Install_ICQ6.exe
2007-07-02 14:30 10,664,456 ----a-w C:\Programme\TU2007TrialDE.exe
2007-06-14 18:57 36,330,811 ----a-w C:\Programme\xampp-win32-1.6.2-installer.exe
2007-06-11 18:51 1,163,592 ----a-w C:\Programme\install_flash_player.exe
2007-06-09 18:04 39,671 ----a-w C:\Programme\5g16Vgg-4579602.jpg
2007-06-09 18:02 36,710 ----a-w C:\Programme\Xp76Vgg-15433594.jpg
2007-06-04 14:17 2,970,488 ----a-w C:\Programme\nightly_04.06.2007.rar
2007-05-30 13:23 9,159,991 ----a-w C:\Programme\phppro15.zip
2007-05-23 13:28 2,816,721 ----a-w C:\Programme\bt.zip
2007-05-20 20:46 6,561,496 ----a-w C:\Programme\Opera_9.20_International_Setup.exe
2007-04-30 09:27 9,559,298 ----a-w C:\Programme\nightly_30.04.2007.rar
2007-04-21 12:51 1,733,901 ----a-w C:\Programme\winscp382setup.exe
2007-04-20 18:25 6,051,840 ----a-w C:\Programme\icq5_1_german_setup.exe
2007-03-18 00:24 16,711,480 ----a-w C:\Programme\InstallIMVU_367.0_full.exe
2007-03-16 00:19 2,974,400 ----a-w C:\Programme\vcssetup.exe
2007-03-16 00:18 3,005,632 ----a-w C:\Programme\vcsetup.exe
2007-03-15 22:25 2,991,808 ----a-w C:\Programme\vbsetup.exe
2007-03-15 21:29 37,844,544 ----a-w C:\Programme\iTunesSetup.exe
2007-03-04 14:41 446 ----a-w C:\Programme\TSClient.log
2007-02-28 20:23 1,645,434 ----a-w C:\Programme\NeoTraceProTrial325.exe
2007-02-22 21:05 6,492,180 ----a-w C:\Programme\miranda_me_rc2.zip
2007-02-22 19:39 1,146,065 ----a-w C:\Programme\miranda-im-v0.6.7-unicode.exe
2007-02-21 15:23 5,355,320 ----a-w C:\Programme\picasaweb-current-setup.exe
2007-01-13 01:42 9,453,630 ----a-w C:\Programme\vlc-0.8.6a-win32.exe
2007-01-08 14:32 9,119,976 ----a-w C:\Programme\icq6_setup.exe
2007-01-08 14:26 1,976,007 ----a-w C:\Programme\qip7997.exe
2007-01-06 18:30 8,503,798 ----a-w C:\Programme\Icq6.rar
2007-01-05 15:32 8,229,888 ----a-w C:\Programme\mjdvd2.exe
2006-10-08 12:44 2,890,335 ----a-w C:\Programme\girc500.exe
2006-09-04 20:26 1,972,768 ----a-w C:\Programme\qip7970.exe
2006-06-21 13:23 3,720,910 ----a-w C:\Programme\gmaker.exe
2006-04-21 11:01 1,334,524 ----a-w C:\Dokumente und Einstellungen\Tobi\WoW-1.10.1.5230-to-0.10.2.5257-deDE-patch.exe
2005-10-09 13:06 466 ----a-w C:\Programme\INSTALL.LOG
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2007-04-13 13:48 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-06-09 12:42 536576 --a------ C:\Programme\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programme\Msn messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"Eraser"="C:\Programme\Eraser\Eraser.exe" [2007-07-28 22:05 277328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
"TCASUTIEXE"="TCAUDIAG.exe" [2002-07-03 00:46 1323008 C:\WINDOWS\system32\TCAUDIAG.EXE]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 18:47 249896]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 C:\WINDOWS\LOGI_MWX.EXE]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07 617984]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"DAEMON Tools-1033"="C:\Programme\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Programme\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Programme\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Tobi^Startmenü^Programme^Autostart^Digimarc Desktop Crawler.lnk]
path=C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\Digimarc Desktop Crawler.lnk
backup=C:\WINDOWS\pss\Digimarc Desktop Crawler.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Tobi^Startmenü^Programme^Autostart^WinMySQLadmin.lnk]
path=C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\WinMySQLadmin.lnk
backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:57 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Programme\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 C:\Programme\Msn messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SimpleScreenshot]
--a------ 2005-04-14 00:00 962048 C:\PROGRA~1\SIPLES~1\SSS\SIMPLESCREENSHOT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-07 01:46 180269 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FileZilla Server"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"msnmsgr"="C:\Programme\Msn messenger\msnmsgr.exe" /background
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"SpybotSD TeaTimer"=C:\Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"InCD"=C:\Programme\Ahead\InCD\InCD.exe
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"MultiRes"=C:\Programme\MultiRes\MultiRes.exe
"WinVNC"="C:\Programme\vnc\UltraVNC\winvnc.exe" -servicehelper
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
"DAEMON Tools-1033"="C:\Programme\D-Tools\daemon.exe" -lang 1033
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~2\UPDATE~1\isuspm.exe -startup
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe

R2 3ComDMIService;3Com DMI Agent;C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE [2001-09-06 13:26]
R2 BCAITDI;3Com BCAITDI DMI TDI;C:\WINDOWS\system32\DRIVERS\BCAItdi.sys [2001-09-06 13:12]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 04:08]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-03 21:22]
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Programme\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 12:22]
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 12:22]
S2 OmniHTTPd;OmniHTTPd Professional;C:\Programme\OmniSecure\ohttpd.exe [2005-02-24 19:29]
S2 XAMPP;XAMPP Service;C:\Programme\typo3\service.exe []
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 FWL;Fwl Packet Filter;C:\Programme\Software602\602LAN SUITE\fwl.sys []
S3 M804mdm;M804mdm;C:\WINDOWS\system32\drivers\amdk7.sys [2004-08-03 23:38]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-01-25 16:24:49 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-09-17 04:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 01:00:20
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-30 1:09:15
.
2008-01-14 21:51:13 --- E O F ---



===========
HijackThis
===========


Logfile of HijackThis v1.99.1
Scan saved at 01:13:48, on 30.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Eraser\Eraser.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\vnc\UltraVNC\winvnc.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programme\qip\qip.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Tobi\Desktop\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Msn messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe -hide
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Programme\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Programme\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} (HWTest.HWTestControl) - http://service.maxdome.de/de/systemcheck/HWTest.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134392957140
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WB - C:\Programme\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: OmniHTTPd Professional (OmniHTTPd) - Unknown owner - C:\Programme\OmniSecure\ohttpd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programme\vnc\UltraVNC\winvnc.exe" -service (file missing)
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Programme\typo3\service.exe (file missing)



=========
datfind
=========

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4CBA-EE20

Verzeichnis von C:\WINDOWS\system32

30.01.2008 00:47 2.550 Uninstall.ico
30.01.2008 00:47 1.406 Help.ico
30.01.2008 00:47 30.590 pavas.ico
21.01.2008 16:32 2.206 wpa.dbl
20.01.2008 17:38 18.254 ssnvfx.ini
17.01.2008 21:54 290.088 FNTCACHE.DAT
14.01.2008 22:47 269.750 TZLog.log
31.12.2007 16:07 403.968 perfh009.dat
31.12.2007 16:07 63.188 perfc009.dat
31.12.2007 16:07 76.014 perfc007.dat
31.12.2007 16:07 418.970 perfh007.dat
31.12.2007 16:07 948.836 PerfStringBackup.INI
11.12.2007 23:34 1.044.480 libdivx.dll
11.12.2007 23:34 200.704 ssldivx.dll
03.12.2007 00:00 18.684.536 MRT.exe
17.11.2007 20:24 300.646 avmcache.dll
17.11.2007 20:23 104 msvcrcom.dat
14.11.2007 08:26 450.560 jscript.dll
13.11.2007 12:31 60.416 tzchange.exe
30.10.2007 10:56 3.086.848 mshtml.dll
29.10.2007 23:42 1.293.312 quartz.dll
29.10.2007 16:07 373.760 xpsp3res.dll
25.10.2007 17:42 8.501.248 shell32.dll
25.10.2007 09:28 222.720 wmasf.dll
11.10.2007 06:58 671.744 wininet.dll
11.10.2007 06:58 620.032 urlmon.dll
11.10.2007 06:58 474.624 shlwapi.dll
11.10.2007 06:58 1.498.112 shdocvw.dll
11.10.2007 06:58 39.424 pngfilt.dll
11.10.2007 06:58 532.480 mstime.dll
11.10.2007 06:58 146.432 msrating.dll
11.10.2007 06:58 449.024 mshtmled.dll
11.10.2007 06:58 357.888 dxtmsft.dll
11.10.2007 06:58 16.384 jsproxy.dll
11.10.2007 06:58 96.768 inseng.dll
11.10.2007 06:58 1.056.256 danim.dll
11.10.2007 06:58 205.824 dxtrans.dll
11.10.2007 06:58 251.904 iepeers.dll
11.10.2007 06:58 55.808 extmgr.dll
11.10.2007 06:58 152.064 cdfview.dll
11.10.2007 06:58 1.024.000 browseui.dll
04.10.2007 20:18 3 EUupdate.installed
04.10.2007 20:18 16.832 amcompat.tlb
04.10.2007 20:18 23.392 nscompat.tlb
04.10.2007 19:44 3 vbrun60sp6.installed
04.10.2007 19:32 3 Wordpad-Converter-ZLib-update.installed
04.10.2007 12:59 5.686 jupdate-1.6.0_03-b05.log


.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4CBA-EE20

Verzeichnis von C:\DOKUME~1\Tobi\LOKALE~1\Temp

30.01.2008 01:27 114.533 datfind.txt
1 Datei(en) 114.533 Bytes
0 Verzeichnis(se), 12.616.593.408 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4CBA-EE20

Verzeichnis von C:\WINDOWS

30.01.2008 01:00 332 system.ini
30.01.2008 00:48 864.196 setupapi.log
29.01.2008 23:59 0 0.log
29.01.2008 23:59 0 TempFile
29.01.2008 23:59 2.048 bootstat.dat
29.01.2008 21:04 32.558 SchedLgU.Txt
29.01.2008 21:04 1.670.123 WindowsUpdate.log
26.01.2008 22:56 214 wiadebug.log
26.01.2008 16:45 50 wiaservc.log
26.01.2008 01:10 49 NeroDigital.ini
19.01.2008 13:59 1.360 wincmd.ini
19.01.2008 13:10 285 wcx_ftp.ini
14.01.2008 22:53 11.450 KB941644.log
14.01.2008 22:51 398.763 comsetup.log
14.01.2008 22:51 1.341.311 iis6.log
14.01.2008 22:51 241.567 ntdtcsetup.log
14.01.2008 22:51 65.043 ocmsn.log
14.01.2008 22:51 548.547 tsoc.log
14.01.2008 22:51 1.374 imsins.log
14.01.2008 22:51 58.596 tabletoc.log
14.01.2008 22:51 21.670 KB937894.log
14.01.2008 22:51 579.155 ocgen.log
14.01.2008 22:51 82.654 medctroc.Log
14.01.2008 22:51 204.421 netfxocm.log
14.01.2008 22:51 59.809 msgsocm.log
14.01.2008 22:51 1.180.068 FaxSetup.log
14.01.2008 22:51 374.124 msmqinst.log
14.01.2008 22:50 1.374 imsins.BAK
14.01.2008 22:50 21.106 KB942840.log
14.01.2008 22:47 32.193 KB942763.log
14.01.2008 22:47 17.092 KB941569.log
14.01.2008 22:46 20.375 KB941568.log
14.01.2008 22:46 65.558 updspapi.log
14.01.2008 22:46 40.089 KB942615.log
14.01.2008 22:46 10.242 KB943485.log
14.01.2008 22:45 153.704 msxml4-KB936181-enu.LOG
14.01.2008 22:45 15.907 KB944653.log
13.01.2008 18:30 219 w32demo8.ini
31.12.2007 16:17 4.096 d3dx.dat
17.12.2007 23:17 12.123 mozver.dat
06.12.2007 19:16 52 wb.ini
06.12.2007 17:16 34.336 spupdsvc.log
06.12.2007 17:03 20.593 KB943460.log
06.12.2007 17:03 18.836 KB933729.log
06.12.2007 17:02 30.622 KB938828.log
06.12.2007 17:02 45.519 KB939653.log
06.12.2007 17:02 13.911 KB927891.log
06.12.2007 16:56 19.878 KB917344.log
06.12.2007 16:44 19.185 KB941202.log
06.12.2007 16:44 11.892 KB929399.log
06.12.2007 16:43 11.621 KB939683.log
06.12.2007 16:42 29.606 KB933360.log
06.12.2007 16:41 19.217 KB930916.log
21.11.2007 22:15 6.590 wmsetup.log
04.10.2007 20:18 726 win.ini
04.10.2007 20:16 316.640 WMSysPr9.prx
04.10.2007 19:56 2.507 ie7_main.log
04.10.2007 19:30 10.407 KB904412.log
02.10.2007 00:55 4.901 aksdrvsetup.log


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4CBA-EE20

Verzeichnis von C:\WINDOWS\temp

.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4CBA-EE20

Verzeichnis von C:\WINDOWS\Downloaded Program Files

26.03.2007 15:46 5.085 swflash.inf
24.08.2006 08:28 141.424 asinst.dll
22.08.2006 09:06 537 asinst.inf
13.07.2006 11:44 1.180 HWTest.INF
13.07.2006 11:43 15.800 HWTEST.OCX
03.06.2005 03:49 752 jinstall-1_5_0_04.inf
26.05.2005 04:19 293 muweb.inf
13.04.2005 12:46 678 mcinsctl.inf
09.02.2005 15:54 1.271 erma.inf
04.10.2004 17:21 114.688 vizable.ocx
04.10.2004 17:21 114.848 IDropENU.dll
04.10.2004 17:21 1.706.800 gdiplus.dll
04.10.2004 17:21 283.296 IDrop.ocx
22 Datei(en) 3.305.319 Bytes
0 Verzeichnis(se), 12.616.581.120 Bytes frei
.
.
.

#2 Tobbes

1.
lade
AboutBuster + ADS Spy - poste hier beide reporte
http://www.virus-protect.org/streams.html

2.
scanne mit Bitdefender + poste hier den report
http://board.protecus.de/t8642.htm
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#3 Hallo,


nach gut 6 Stunden ist der Bitdefender nun endlich fertig.

ADS Spy:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP : 1E8CCDDE (114 bytes, MD5: 659910E6C09C8B35215DC6820F635DAD)

Aboutbuster:

AboutBuster 6.07
Scan started on [30.01.2008] at [12:52:05]
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:52:14


Bitdefender:

[General]
App = "BitDefender Online Scanner v8"
Date = 30:01:2008
Time = 18:04:16
Scan Path = A:\;C:\;D:\;E:\;

[Engines Info]
Virus Definitions = 978161
Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)"
Scan plugins = 16
Archive plugins = 41
Unpack plugins = 7
E-mail plugins = 6
System plugins = 5

[Scan Statistics]
Folders = 32287
Files = 963234
Archives = 4389
Packed files = 57920
Identified viruses = 10
Infected files = 17
Warnings = 0
Suspect files = 2
Disinfected files = 0
Deleted files = 19
Copied files = 0
Moved files = 0
Renamed files = 0
I/O Errors = 37

[Scan Settings]
SecondAction = Delete
FirstAction = Disinfect
Heuristics = 1
Enable Warnings = 1
Exclude Ext =
Extensions = *;
Scan Emails = 1
Scan Archives = 1
Scan Packed = 1
Scan Files = 1
Scan Boot = 1
Verify Memory = 0

[Scan Results]
Line00000047 = "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Snapshots\RegUBP2b-Tobi.reg Infected with: Trojan.Startpage.AKT"
Line00000046 = "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Snapshots\RegUBP2b-Tobi.reg Deleted"
Line00000045 = "C:\Programme\cain&Abel\ca_setup.exe=>wise0026 Infected with: Virtool.Cain.A"
Line00000044 = "C:\Programme\cain&Abel\ca_setup.exe=>wise0026 Deleted"
Line00000043 = "C:\Programme\cain&Abel\ca_setup.exe Update failed"
Line00000042 = "C:\Programme\emule\overnet0.53.exe=>(NSIS o)=>zlib_nsis0007 Detected with: Application.Overnet.H"
Line00000041 = "C:\Programme\emule\overnet0.53.exe=>(NSIS o)=>zlib_nsis0007 Deleted"
Line00000040 = "C:\Programme\emule\overnet0.53.exe=>(NSIS o) Update failed"
Line00000039 = "C:\Programme\Gamers.IRC\bin\dll\moo.dll Detected with: Application.Motherboardmonitor.B"
Line00000038 = "C:\Programme\Gamers.IRC\bin\dll\moo.dll Disinfection failed"
Line00000037 = "C:\Programme\Gamers.IRC\bin\dll\moo.dll Deleted"
Line00000036 = "C:\Programme\girc500.exe=>(NSIS o)=>lzma_solid_nsis0027 Detected with: Application.Motherboardmonitor.B"
Line00000035 = "C:\Programme\girc500.exe=>(NSIS o)=>lzma_solid_nsis0027 Deleted"
Line00000034 = "C:\Programme\girc500.exe=>(NSIS o) Update failed"
Line00000033 = "C:\Programme\girc515.exe=>(NSIS o)=>lzma_solid_nsis0027 Detected with: Application.Motherboardmonitor.B"
Line00000032 = "C:\Programme\girc515.exe=>(NSIS o)=>lzma_solid_nsis0027 Deleted"
Line00000031 = "C:\Programme\girc515.exe=>(NSIS o) Update failed"
Line00000030 = "C:\Programme\messenger_key_7.1_build_1467_setup.zip=>Messenger Key 7.1 Build #1467 Setup.exe Detected with: Application.Pwcrack.Passware.B"
Line00000029 = "C:\Programme\messenger_key_7.1_build_1467_setup.zip=>Messenger Key 7.1 Build #1467 Setup.exe Deleted"
Line00000028 = "C:\Programme\messenger_key_7.1_build_1467_setup.zip Updated"
Line00000027 = "C:\Programme\Metasploit\Framework3\framework\modules\exploits\windows\browser\.svn\text-base\ms06_057_webview_setslice.rb.svn-base Infected with: Trojan.Exploit.Cve2006.H"
Line00000026 = "C:\Programme\Metasploit\Framework3\framework\modules\exploits\windows\browser\.svn\text-base\ms06_057_webview_setslice.rb.svn-base Deleted"
Line00000025 = "C:\Programme\Metasploit\Framework3\framework\modules\exploits\windows\browser\ms06_057_webview_setslice.rb Infected with: Trojan.Exploit.Cve2006.E"
Line00000024 = "C:\Programme\Metasploit\Framework3\framework\modules\exploits\windows\browser\ms06_057_webview_setslice.rb Deleted"
Line00000023 = "C:\Programme\Mozilla Firefox\plugins\NPMyWebS.dll Detected with: Adware.Toolbar.MyWebSearch.AC"
Line00000022 = "C:\Programme\Mozilla Firefox\plugins\NPMyWebS.dll Deleted"
Line00000021 = "C:\Programme\Msn messenger\riched20.dll Detected with: Adware.MyWebSearch.AV"
Line00000020 = "C:\Programme\Msn messenger\riched20.dll Disinfection failed"
Line00000019 = "C:\Programme\Msn messenger\riched20.dll Deleted"
Line00000018 = "C:\Programme\VCP 2.0\save.bat Suspected of: BehavesLike:Bat.Malware"
Line00000017 = "C:\Programme\VCP 2.0\save.bat Disinfection failed"
Line00000016 = "C:\Programme\VCP 2.0\save.bat Deleted"
Line00000015 = "C:\Spiele\Anno 1701\anno1701_trainer\Anno1701.trainer.exe Infected with: Trojan.Delf.OWJ"
Line00000014 = "C:\Spiele\Anno 1701\anno1701_trainer\Anno1701.trainer.exe Deleted"
Line00000013 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141548.reg Infected with: Trojan.Startpage.AKT"
Line00000012 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141548.reg Deleted"
Line00000011 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141549.dll Detected with: Application.Motherboardmonitor.B"
Line00000010 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141549.dll Deleted"
Line00000009 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141550.dll Detected with: Adware.Toolbar.MyWebSearch.AC"
Line00000008 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141550.dll Deleted"
Line00000007 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141551.dll Detected with: Adware.MyWebSearch.AV"
Line00000006 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141551.dll Disinfection failed"
Line00000005 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141551.dll Deleted"
Line00000004 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141552.bat Suspected of: BehavesLike:Bat.Malware"
Line00000003 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141552.bat Disinfection failed"
Line00000002 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141552.bat Deleted"
Line00000001 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141554.exe Infected with: Trojan.Delf.OWJ"
Line00000000 = "C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP897\A0141554.exe Deleted"


Danke

#4 Hallo

lade sdfix - in Normalmodus - RunThis.bat doppelt klicken - wähle 3 (Sophos) - scanne (option 6 ) + poste hier den report
http://www.virus-protect.org/artikel/tools/sdfix.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#5 So hier der Report. Ein Stelle ist ein bisl Zensiert, da dies Private Dateien sind Siehst du/Ihr ja

Sophos Anti-Virus
Version 4.25.0 [Win32/Intel]
Virus data version 4.25E, January 2008
Includes detection for 331890 viruses, trojans and worms
Copyright (c) 1989-2008 Sophos Plc, www.sophos.com

System time 15:04:38, System date 31 January 2008
Command line qualifiers are: -f -remove -nc -nb --stop-scan

IDE directory is: C:\SDFix\IDE

Full Scanning

Password protected file C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\****\***** Haus Preisliste.xls
Password protected file C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\****\***** Haus Preisliste.xls
Password protected file C:\Dokumente und Einstellungen\Tobi\Eigene Dateien\***\***** Haus Preisliste.xls
>>> Virus 'Mal/Packer' found in file C:\Programme\ICQ\downloads_Tools~ICQ_Status-Mixer_ISM\ISM.exe
Removal successful
Could not open C:\Spiele\Diabolo\DLoad.exe
>>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP901\A0141667.exe



«
Removal successful
Could not open C:\System Volume Information\_restore{152EB107-7CB4-43BA-BB0B-37E1D387945F}\RP901\A0141668.exe
>>> Virus fragment 'W95/Sledge-A' found in file C:\WINDOWS\system32\ActiveScan\pskavs.dll
Removal successful
Could not open C:\WINDOWS\system32\drivers\sptd.sys
Could not open C:\WINDOWS\system32\drivers\sptd0061.sys
Could not open C:\WINDOWS\TempFile

1 boot sector swept.
134025 files swept in 5 hours, 51 minutes and 13 seconds.
8 errors were encountered.
3 viruses were discovered.
3 files out of 134025 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
3 encrypted files were not checked.
Ending Sophos Anti-Virus.

#6 Tobbes

scanne , lasse alles gefundene loeschen + poste den report
http://www.virus-protect.org/artikel/tools/kaspersky.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#7

Zitat

Pinguin postete
Tobbes

scanne , lasse alles gefundene loeschen + poste den report
http://www.virus-protect.org/artikel/tools/kaspersky.html

Ok werde ich morgen machen!

Aber eine Frage zwischendurch. Ich benutze Antivir, muss ich es vorher deaktivieren? Habe gehört das verschiedene Antiviren Programme sich nicht besonders mögen sollen ^^

#8 ich habe den Avira drauf + und habe den Kaspersky angewendet..no Problem
dazu kommt, dass es nicht die Vollversion von Kaspersky ist, sondern eine kleine, abgespeckte Version.

Hauptproblem war wohl:
>>> Virus 'Mal/Packer' found in file C:\Programme\ICQ\downloads_Tools~ICQ_Status-Mixer_ISM\ISM.exe
..hat Sophos erkannt.
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#9 Nabend...

Ist es normal das Kaspersky fast 25 Stunden braucht, bis es endlich die 90% geknackt hat?

Ich habe zwischendurch den PC ausmachen müssen, und dementsprechend den "Stop" Button benutzt und anschließend an der Stelle weiterlaufen lassen. Allerdings ist bei ca. 94-95% die Sicherung rausgeflogen und der Scan hat danach bei 1% angefangen... es gab also kein "Speicherpunkt" und ich habe eigentlich keine Lust den Rechner erneut 30 Stunden laufen zu lassen.


Irgendwann hatte ich einen Report anfertigen lassen. Ich glaube das war bei 60%. Dort war der Scan noch nicht in dem "Programm" Ordner. Aber bis dahin hatte er noch nichts gefunden...


EDIT: Und mein Windows Style ändert sich zwischendurch von selbst^^


Gruß,

#10 nun, das zeugt ja nicht gerade von grosser Speicherleistung -

wende Comboscan an + poste beide logs - main.txt + extra.txt
http://virus-protect.org/artikel/tools/comboscan.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#11 Eigentlich bin ich davon ausgegangen, dass ein gigabyte Arbeitsspeicher genügen sollte

Aber dann werde ich den Comboscan mal anweden.
Was mir auch auffällt, ist das, dass mein svchost.exe gerne 100% CPU beansprucht. Kurz nachdem ich es beende, ändert sich mein Windows XP Design in das Klassik Design und wieder zurück Oo
Wobei ich bei dem svchost glaube, das es am Update von Microsoft liegt. Geht mir seit gut 2-3 Tagen auf die Nerven damit.

Danke

#12 deinstalliere das Update
oder:
du kanst es ja auch erst mal mit einer Systemwiederherstellung versuchen - auf einen Tag vor dem Update ....
Dann besteht aber auch die Gefahr, dass die ism.exe + messenger_key_7.1_build_1467_setup.zip wieder drauf ist, dann kann man aber wieder mit Sophos + Bitdefender scannen...
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#13 So, hier die geforderten Log's

Main:

Zitat

Deckard's System Scanner v20071014.68
Run by Tobi on 2008-02-05 14:14:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
35: 2008-02-05 13:07:41 UTC - RP907 - Software Distribution Service 3.0
34: 2008-02-04 16:09:01 UTC - RP906 - Software Distribution Service 3.0
33: 2008-02-03 02:01:19 UTC - RP905 - Software Distribution Service 3.0
32: 2008-02-02 11:46:15 UTC - RP904 - Software Distribution Service 3.0
31: 2008-02-01 13:24:26 UTC - RP903 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-31 15:30:03 UTC - RP873 - Removed DAEMON Tools


Backed up registry hives.
Performed disk cleanup.

[color=red]System Drive C: has 7.99 GiB (less than 15%) free.[/color]


-- HijackThis (run as Tobi.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-05 14:17:38
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\3com_dmi\3CDMINIC.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programme\Viewpoint\Common\ViewpointService.exe
C:\Programme\vnc\UltraVNC\winvnc.exe
C:\Programme\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\svchost.exe
C:\Downloads\dss.exe
C:\Dokumente und Einstellungen\Tobi\Desktop\Security\Tobi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Programme\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVP] "C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_01.02.2008_08-00.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Msn messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Programme\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Programme\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (file missing)
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} (HWTest.HWTestControl) - http://service.maxdome.de/de/systemcheck/HWTest.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134392957140
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Msn messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Msn messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\system32\3com_dmi\3CDMINIC.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\incdsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: OmniHTTPd Professional (OmniHTTPd) - Unknown owner - C:\Programme\OmniSecure\OHTTPD.exe
O23 - Service: setup_7.0.0.180_01.02.2008_08-00 - Kaspersky Lab - C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_01.02.2008_08-00.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programme\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\vnc\UltraVNC\winvnc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Programme\typo3\service.exe


--
End of file - 11688 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71[/COLOR]
[COLOR=red].inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR]
[COLOR=red].ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR]
[COLOR=red].js - JSFile - DefaultIcon - unable to read value[/COLOR]
[COLOR=red].js - JSFile - shell\open\command - unable to read value[/COLOR]
[COLOR=red].txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 BCAITDI (3Com BCAITDI DMI TDI) - c:\windows\system32\drivers\bcaitdi.sys <Not Verified; 3Com Corporation; 3Com DMI Agent TDI Driver>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 tcaicchg - c:\windows\system32\tcaicchg.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic/Configuration>
R2 TCAITDI (TCAITDI Protocol) - c:\windows\system32\drivers\tcaitdi.sys <Not Verified; 3Com Corporation; 3Com Windows NT NIC Diagnostic TDI Driver>
R3 EU3_USB (WLAN miniUSB USB Driver) - c:\windows\system32\drivers\eu3usb.sys <Not Verified; Inc.; WLAN miniUSB>

S3 CV2K1 (CommView Network Monitor) - c:\windows\system32\drivers\cv2k1.sys (file missing)
S3 FWL (Fwl Packet Filter) - c:\programme\software602\602lan suite\fwl.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys (file missing)
S3 Packet (Packet Protocol Driver) - c:\windows\system32\packet.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 3ComDMIService (3Com DMI Agent) - c:\windows\system32\3com_dmi\3cdminic.exe <Not Verified; 3Com Corporation; 3Com DMI Agent>
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - c:\programme\antivir personaledition classic\sched.exe <Not Verified; Avira GmbH; Scheduler>
R2 Autodesk Licensing Service - "c:\programme\gemeinsame dateien\autodesk shared\service\adskscsrv.exe"
R2 Viewpoint Manager Service - "c:\programme\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 winvnc (VNC Server) - "c:\programme\vnc\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>

S2 OmniHTTPd (OmniHTTPd Professional) - c:\programme\omnisecure\ohttpd.exe
S2 XAMPP (XAMPP Service) - c:\programme\typo3\service.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-01 17:17:29 394 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job
2007-09-17 05:41:02 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-05 and 2008-02-05 -----------------------------

2008-02-05 01:18:15 0 d--hs---- C:\Dokumente und Einstellungen\Tobi\Recent
2008-02-01 17:53:49 452640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-31 15:03:54 0 d-------- C:\SAV32CLI
2008-01-30 17:56:17 0 d-------- C:\Programme\EA Games
2008-01-30 12:59:44 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-30 00:47:07 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-28 00:48:59 0 d-------- C:\Programme\BridgeBuilderDemo
2008-01-22 00:48:46 0 d-------- C:\Programme\Eraser
2008-01-18 15:58:46 545 --a------ C:\WINDOWS\UC.PIF
2008-01-18 15:58:46 545 --a------ C:\WINDOWS\RAR.PIF
2008-01-18 15:58:46 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-01-18 15:58:46 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-01-18 15:58:46 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-01-18 15:58:46 545 --a------ C:\WINDOWS\LHA.PIF
2008-01-18 15:58:46 545 --a------ C:\WINDOWS\ARJ.PIF
2008-01-18 15:58:46 0 d-------- C:\totalcmd
2008-01-14 19:57:39 0 d-------- C:\Programme\CommView
2008-01-13 18:47:30 0 d-------- C:\Programme\PE Explorer
2008-01-13 17:26:50 0 d-------- C:\Programme\dis
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-07 16:32:33 0 d-------- C:\Programme\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-02-05 14:04:10 0 --a------ C:\WINDOWS\TempFile
2008-01-30 19:29:30 0 d--h----- C:\Programme\InstallShield Installation Information
2008-01-30 19:28:04 1480 --a------ C:\WINDOWS\eReg.dat
2008-01-30 16:34:08 0 d-------- C:\Programme\VCP 2.0
2008-01-30 15:20:10 0 d-------- C:\Programme\Msn messenger
2008-01-30 15:00:20 22 --a------ C:\Programme\messenger_key_7.1_build_1467_setup.zip
2008-01-30 01:11:33 0 d-------- C:\Programme\ICQToolbar
2008-01-24 14:19:55 0 d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\Adobe
2008-01-19 23:27:28 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2008-01-19 23:24:40 0 d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\AdobeUM
2008-01-17 22:07:04 0 d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\Microsoft Games
2008-01-17 20:22:55 0 d-------- C:\Programme\Microsoft Games
2008-01-13 18:47:58 0 d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\PE Explorer
2008-01-11 15:58:15 162914 --a------ C:\Programme\dl381971255141199982925screen2.JPG
2008-01-04 17:39:22 0 d-------- C:\Programme\TrackMania Nations ESWC
2008-01-01 17:26:24 0 d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\Hamachi
2007-12-31 16:35:24 0 d-------- C:\Programme\D-Tools
2007-12-31 16:17:34 4096 --a------ C:\WINDOWS\d3dx.dat
2007-12-31 16:07:44 418970 --a------ C:\WINDOWS\system32\perfh007.dat
2007-12-31 16:07:44 76014 --a------ C:\WINDOWS\system32\perfc007.dat
2007-12-30 15:31:28 0 d-------- C:\Programme\Winamp
2007-12-25 03:55:37 14336 --ahs---- C:\Programme\Thumbs.db
2007-12-25 03:43:37 0 d-------- C:\Programme\animated_captcha-2007-02-19
2007-12-25 03:40:33 0 d-------- C:\Programme\AlienGUIse
2007-12-22 19:21:07 0 d-------- C:\Programme\Gamers.IRC
2007-12-17 23:17:59 12123 --a------ C:\WINDOWS\mozver.dat
2007-12-17 23:17:49 0 d-------- C:\Programme\DivX
2007-12-17 19:15:24 0 d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\My Games
2007-12-17 19:09:03 0 d-------- C:\Programme\Firaxis Games
2007-12-08 15:53:13 0 d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\MySQL
2007-12-08 15:49:02 0 d-------- C:\Programme\MySQL
2007-12-08 15:47:48 0 d-------- C:\Programme\hamachi
2007-12-06 19:16:38 0 d-------- C:\Programme\Gemeinsame Dateien
2007-12-06 19:16:38 0 d-------- C:\Programme\Gemeinsame Dateien\Stardock
2007-12-06 19:05:45 39629592 --a------ C:\Programme\Xenomorph_slim.exe
2007-12-06 17:20:58 3455791 --a------ C:\Programme\girc515.exe
2007-12-06 17:02:15 0 d-------- C:\Programme\SoftMaker Viewer
2007-12-06 17:01:33 0 d-------- C:\Programme\PartyGaming
2007-12-06 16:59:04 0 d-------- C:\Programme\Passware
2007-12-06 16:58:33 0 d-------- C:\Programme\Limeware
2007-12-06 16:56:14 0 d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2
2007-12-06 16:33:05 0 d-------- C:\Programme\BestLogic
2007-12-06 16:31:10 0 d-------- C:\Programme\CACE Technologies
2007-11-19 00:07:00 2049244 --a------ C:\Programme\qip8040.exe
2007-11-17 20:24:26 300646 --a------ C:\WINDOWS\system32\avmcache.dll
2007-11-17 20:23:47 104 --a------ C:\WINDOWS\system32\msvcrcom.dat
2007-11-12 16:06:22 0 --a------ C:\Programme\fr80pe_tb.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [13.11.2002 08:34 C:\WINDOWS\system32\sstray.exe]
"TCASUTIEXE"="TCAUDIAG.exe" [03.07.2002 00:46 C:\WINDOWS\system32\TCAUDIAG.EXE]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [10.10.2007 18:47]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [06.12.2002 16:07]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [27.04.2007 08:41]
"DAEMON Tools-1033"="C:\Programme\D-Tools\daemon.exe" [22.08.2004 17:05]
"AVP"="C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_01.02.2008_08-00.exe" [12.10.2007 15:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programme\Msn messenger\msnmsgr.exe" [19.01.2007 11:55]
"Eraser"="C:\Programme\Eraser\Eraser.exe" [28.07.2007 22:05]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 21:05:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Programme\AlienGUIse\fastload.dll 20.12.2001 23:34 24576 C:\Programme\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Tobi^Startmenü^Programme^Autostart^Digimarc Desktop Crawler.lnk]
path=C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\Digimarc Desktop Crawler.lnk
backup=C:\WINDOWS\pss\Digimarc Desktop Crawler.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Tobi^Startmenü^Programme^Autostart^WinMySQLadmin.lnk]
path=C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\WinMySQLadmin.lnk
backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Programme\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Programme\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Programme\Msn messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SimpleScreenshot]
C:\PROGRA~1\SIPLES~1\SSS\SIMPLESCREENSHOT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FileZilla Server"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"msnmsgr"="C:\Programme\Msn messenger\msnmsgr.exe" /background
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"SpybotSD TeaTimer"=C:\Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"InCD"=C:\Programme\Ahead\InCD\InCD.exe
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"MultiRes"=C:\Programme\MultiRes\MultiRes.exe
"WinVNC"="C:\Programme\vnc\UltraVNC\winvnc.exe" -servicehelper
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
"DAEMON Tools-1033"="C:\Programme\D-Tools\daemon.exe" -lang 1033
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~2\UPDATE~1\isuspm.exe -startup
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-02-05 14:18:40 ------------

Extra

Zitat

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: AMD Athlon(tm) XP 1800+
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 1023.49 MiB / 674.63 MiB
Pagefile Memory (total/avail): 1693.26 MiB / 1406.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.31 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 7.99 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installierbares Dateisystem - 76.68 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Avira AntiVir PersonalEdition v 7.0.2.94
(Avira GmbH) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Programme\\qip\\qip.exe"="C:\\Programme\\qip\\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\\Programme\\Msn messenger\\msnmsgr.exe"="C:\\Programme\\Msn messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Programme\\EA Games\\Command & Conquer Generäle Stunde Null\\game.dat"="C:\\Programme\\EA Games\\Command & Conquer Generäle Stunde Null\\game.dat:*:Enabled:game"
"C:\\Programme\\miranda_me_rc2\\Miranda ME 2.0 RC2\\miranda32.exe"="C:\\Programme\\miranda_me_rc2\\Miranda ME 2.0 RC2\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\Last.fm\\LastFM.exe"="C:\\Programme\\Last.fm\\LastFM.exe:*isabled:LastFM"
"C:\\Programme\\Zend\\ZendStudio-5.5.0\\jre\\bin\\javaw.exe"="C:\\Programme\\Zend\\ZendStudio-5.5.0\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"


-- User Profiles ---------------------------------------------------------------

Tobi (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Com DMI Agent --> C:\WINDOWS\System32\3Com_DMI\UNDMIW2K.EXE
3Com NIC Diagnostics --> un3cdiag.exe /remove
3ds max 7 --> MsiExec.exe /I{F92AB933-9FE7-4335-92BD-D1C3BA27613C}
A4Desk R4 --> C:\Programme\A4Desk\unins000.exe
ActivePerl 5.8.3 Build 809 --> MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}
Ad-Aware SE Personal --> C:\PROGRA~1\adaware\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\adaware\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ASCII Art Studio --> "C:\Programme\ASCII Art Studio\uninstall.exe"
ASUS Probe V2.19.07 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ATI - Software Uninstall Utility --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{D84E40A2-380A-46E9-A750-6F55D398D973}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BigPad --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\newvet\BigPad\Uninst.isu
Black and White --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Bridge Builder Demo --> C:\PROGRA~1\BRIDGE~1\UNWISE.EXE C:\PROGRA~1\BRIDGE~1\INSTALL.LOG
Client Hack 1.9.2d --> C:\WINDOWS\iun6002.exe "C:\Spiele\wow\World of Warcraft\irunin.ini"
Command & Conquer 3 Tiberium Wars™ Demo --> MsiExec.exe /I{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}
Command & Conquer(TM) Generäle --> C:\PROGRA~1\GEMEIN~1\INSTAL~2\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and Conquer(TM) Generäle Die Stunde Null --> C:\PROGRA~1\GEMEIN~1\INSTAL~2\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Defcon v1.43 --> "C:\Programme\Defcon\unins000.exe"
DH Driver Cleaner Professional Edition --> C:\Programme\Driver Cleaner Pro\Uninstall.exe
DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDx --> "C:\Programme\DVDx\unins000.exe"
Eraser --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser --> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1}\EraserSetup32.exe
EVEREST Home Edition v2.20 --> "C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
FileSpecs plug-in for Ad-Aware SE --> C:\PROGRA~1\adaware\AD-AWA~1\Plugins\FILESP~1\UNWISE.EXE C:\PROGRA~1\adaware\AD-AWA~1\Plugins\FILESP~1\INSTALL.LOG
FileZilla (remove only) --> "C:\Programme\FileZilla\uninstall.exe"
Flash FLV to Video Audio Converter v3.0 --> "C:\Programme\Flash FLV to Video Audio Converter\unins000.exe"
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Programme\FLV Player\Uninstall\uninstall.xml"
Gamers.IRC 5.15 --> C:\Programme\Gamers.IRC\uninstall.exe
GCFScape 1.4.1 --> "C:\Programme\GCFScape\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~2\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.10.13 rev a (nur entfernen) --> C:\Programme\Gemeinsame Dateien\GTK\2.0\uninst.exe
Hamachi 1.0.2.4 --> C:\Programme\Hamachi\uninstall.exe
HD Tune 2.53 --> "C:\Programme\HD Tune\unins000.exe"
HexDump plug-in for Ad-Aware SE --> C:\PROGRA~1\adaware\Plugins\hexdump\UNWISE.EXE C:\PROGRA~1\adaware\Plugins\hexdump\INSTALL.LOG
HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\Tobi\Desktop\Security\HijackThis.exe /uninstall
Hotfix für Windows XP (KB889527) --> "C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB897338) --> "C:\WINDOWS\$NtUninstallKB897338$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB898900) --> "C:\WINDOWS\$NtUninstallKB898900$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB899271) --> "C:\WINDOWS\$NtUninstallKB899271$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB903234) --> "C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB904412) --> "C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB907865) --> "C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB912817) --> "C:\WINDOWS\$NtUninstallKB912817$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB913296) --> "C:\WINDOWS\$NtUninstallKB913296$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB913538) --> "C:\WINDOWS\$NtUninstallKB913538$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB914841) --> "C:\WINDOWS\$NtUninstallKB914841$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB917021) --> "C:\WINDOWS\$NtUninstallKB917021$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB917730) --> "C:\WINDOWS\$NtUninstallKB917730$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB918005) --> "C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB918093) --> "C:\WINDOWS\$NtUninstallKB918093$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB924867) --> "C:\WINDOWS\$NtUninstallKB924867$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB924941) --> "C:\WINDOWS\$NtUninstallKB924941$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB929120) --> "C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ICQ6 --> C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
IEEE 802.11b WLAN Utility --> C:\WINDOWS\System32\UnAWLAN_USB.exe
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{3592F5CB-B524-43AA-92F2-2377268199CC}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joost (tm) Beta 1.0 --> C:\Programme\Joost\uninst.exe
Kismet 2006-11-R1 for Windows --> C:\Programme\Kismet\uninstall.exe
Language pack for Ad-Aware SE --> C:\PROGRA~1\adaware\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\adaware\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Last.fm 1.1.3.0 --> "C:\Programme\Last.fm\unins000.exe"
Logitech MouseWare 9.80 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x7 -l0007 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Metasploit Framework 3.0 --> C:\Programme\Metasploit\Framework3\uninst.exe
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Rise of Nations-Testversion --> "C:\Programme\Microsoft Games\Rise of Nations-Testversion\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual Basic 2005 Express Edition - DEU --> C:\Programme\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - DEU\setup.exe
Microsoft Visual C# 2005 Express Edition - DEU --> C:\Programme\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - DEU\setup.exe
Microsoft Visual C++ 2005 Express Edition - DEU --> C:\Programme\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - DEU\setup.exe
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
MIKSOFT Mobile 3GP converter --> "C:\Programme\MIKSOFT\Mobile 3GP converter\unins000.exe"
Moyea FLV to Video Converter version 1.10.1.0 --> "C:\Programme\Moyea\Moyea FLV to Video Converter\unins000.exe"
Moyea YouTube Converter Version: 1.1.1.52 --> "C:\Programme\Moyea\YouTube Converter\unins000.exe"
Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN BackUp 1.3.2 --> C:\Programme\MSN BackUp\uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{C4A230B7-518F-4224-A5A3-27F06CC57111}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MultiRes (remove only) --> C:\Programme\MultiRes\uninstal.exe
MuPAD Pro 4.0.2 --> "C:\Programme\SciFace\MuPAD Pro 4.0\unins000.exe"
MyPhoneExplorer --> C:\Programme\myphon\MyPhoneExplorer\uninstall.exe
MySQL Administrator 1.0 --> MsiExec.exe /I{437E061E-F98D-4D6C-A764-DAA16B7CA8B7}
MySQL Query Browser 1.1 --> MsiExec.exe /X{1444B16A-766B-4AD1-8AE8-F0C04C782E2F}
MySQL Tools for 5.0 --> MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
NVIDIA nForce Treiber für Windows 2000/XP --> rundll32.exe C:\WINDOWS\System32\NVNFINST.DLL,NvUninstallCrush
NVIDIA nForce Utilities --> C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_SSUtilsNT 132 C:\WINDOWS\INF\nvautlml.inf
OmniSecure 3.0a4 --> MsiExec.exe /I{807F01C6-6A78-401C-9508-A65568D1CCE4}
OpenOffice.org 2.0 --> MsiExec.exe /I{55A4E9CC-3F8D-4940-A2A4-EE04D3BADF74}
Opera 9.24 --> MsiExec.exe /X{16913489-B5E3-403E-AFD3-2B19BBE464D4}
Pack Crystal Clear 1.0 --> C:\WINDOWS\BricoPacks\Crystal Clear\Remove.exe
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PE Explorer 1.99 R2 --> "C:\Programme\PE Explorer\unins000.exe"
Pidgin --> C:\Programme\Pidgin\pidgin-uninst.exe
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Psi (remove only) --> C:\Programme\Psi\uninstall.exe
PureBasic --> C:\Programme\PureBasic\unins000.exe
QIP 2005 Uninstall --> "C:\Programme\QIP\unqip.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Refresher 1.2 --> "C:\Programme\Refresher 1.2\unins000.exe"
Security Task Manager 1.6f --> C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
ShellExtension --> C:\Programme\Tools\ShellExtension\uninstall.exe
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917537) --> "C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 Demo --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~2\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A241A64-9AD1-4D94-A227-6C3D5D2F854D}\setup.exe" -l0x7 -removeonly
SimpleScreenshot 1.30 --> C:\WINDOWS\SSSUn.EXE /UnInst:"C:\WINDOWS\SimpleScreenshot_Uninstall.in"
Skype 2.5 --> "C:\Programme\Skype\Phone\unins000.exe"
Sony Ericsson PC Suite --> MsiExec.exe /I{C037D08B-4883-491D-9329-DC5ACA90F797}
Spybot - Search & Destroy 1.4 --> "C:\Programme\Spybot\Spybot - Search & Destroy\unins000.exe"
STANLY Track EDDF --> C:\WINDOWS\system32\javaws.exe -uninstall "http://stanlytrack.dfs.de/stanlytrack/stanlytrackEDDF.jnlp"
Streamripper Plugin 1.61.27 (Remove only) --> C:\Programme\Winamp\streamripper_uninstall.exe
SUPER © Version 2006.19 (FIX) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
TeamSpeak 2 RC2 --> C:\Programme\Teamspeak2_RC2\unins000.exe
TeamSpeak 2 Server RC2 --> C:\Programme\ts_s\Teamspeak2_RC2\unins000.exe
The GIMP 2.2.11 --> "C:\Programme\gimp\GIMP-2.0\unins000.exe"
TOPSIM - General Management II - TLN --> C:\WINDOWS\system32\GKSUI18.EXE C:\TOPSIM\GM2\TLN\UNINSTAL.DAT
TortoiseSVN 1.4.4.9706 (32 bit) --> MsiExec.exe /X{182A59A6-1AAB-44AC-9C37-59A2A88F2D70}
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
TrackMania Nations ESWC 1.7.9 --> "C:\Programme\TrackMania Nations ESWC\unins000.exe"
Trillian --> C:\Programme\Trillian\trillian.exe /uninstall
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Tycoon City - New York --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~2\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A5101403-2C42-40E0-8D9E-5E49E7C3B89E}\SETUP.EXE" -l0x7
UltraVNC v1.0.2 --> "C:\Programme\vnc\UltraVNC\unins000.exe"
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Update für Windows XP (KB896427) --> "C:\WINDOWS\$NtUninstallKB896427$\spuninst\spuninst.exe"
Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB897663) --> "C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB907265) --> "C:\WINDOWS\$NtUninstallKB907265$\spuninst\spuninst.exe"
Update für Windows XP (KB908521) --> "C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB916846) --> "C:\WINDOWS\$NtUninstallKB916846$\spuninst\spuninst.exe"
Update für Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922120) --> "C:\WINDOWS\$NtUninstallKB922120$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Uplink Demo (remove only) --> C:\Programme\Uplink Demo\Uninstall.exe
VCam 3.1.1 --> "C:\Programme\SciFace\VCam 3.1\unins000.exe"
VideoLAN VLC media player 0.8.6a --> C:\Programme\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Programme\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Programme\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB319740 --> "C:\WINDOWS\$NtUninstallKB319740$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Windows XP-Hotfix - KB884883 --> C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885222 --> "C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885626 --> C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886716 --> "C:\WINDOWS\$NtUninstallKB886716$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB889016 --> C:\WINDOWS\$NtUninstallKB889016$\spuninst\spuninst.exe
Windows XP-Hotfix - KB889673 --> "C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890831 --> C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB896626 --> "C:\WINDOWS\$NtUninstallKB896626$\spuninst\spuninst.exe"
WinRAR Archivierer --> C:\Programme\Winrar\uninstall.exe
WinSCP 3.8.2 --> "C:\Programme\WinSCP3\unins000.exe"
XAMPP 1.6.2 --> "c:\xampp\uninstall.exe"
XDCC Catcher Basic --> MsiExec.exe /I{4B8AA99D-9295-4B0D-AF7F-FF63D666D0C4}
Xfire (remove only) --> "C:\Programme\xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XviD 1.1 final uninstall --> "C:\Programme\XviD\unins000.exe"
ZendStudio-5.5.0 --> "C:\Programme\Zend\ZendStudio-5.5.0\Uninstall ZendStudio-5.5.0\Uninstall ZendStudio-5.5.0.exe"
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-02-05 14:18:40 ------------

#14 Hallo

poste bitte das log vom Silentrunner
http://virus-protect.org/silentrunner.html
__________
Gruss
Pinguin

bin dabei, meine Seite + Proggies zu aktualisieren: http://www.virus-protect.org/

#15 Bitte sehr
Wie gut, das es euch gibt *g

Zitat

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Programme\Msn messenger\msnmsgr.exe" /background" [MS]
"Eraser" = "C:\Programme\Eraser\Eraser.exe -hide" ["Heidi Computers Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"]
"TCASUTIEXE" = "TCAUDIAG.exe -off" [empty string]
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"ASUS Probe" = "C:\Program Files\ASUS\Probe\AsusProb.exe" [null data]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"AVP" = ""C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_01.02.2008_08-00.exe"" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{055FD26D-3A88-4e15-963D-DC8493744B1D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "XTTBPos00 Class"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["IE Toolbar"]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson Datei-Manager"
-> {HKLM...CLSID} = "Sony Ericsson Datei-Manager"
\InProcServer32\(Default) = "C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\Winrar\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Programme\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{30351348-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{30351347-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134A-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134C-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{30351346-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{30351349-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134B-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134D-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{3035134E-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> WB\DLLName = "C:\Programme\AlienGUIse\fastload.dll" ["Stardock"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{30351349-7B7D-4FCC-81B4-1E394CA267EB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
FirmConvert\(Default) = "{70F51CDA-99D4-4e65-8743-85AEBE9F8263}"
-> {HKLM...CLSID} = "FirmConv Class"
\InProcServer32\(Default) = "C:\Programme\Tools\ShellExtension\shellext.dll" ["FirmTools"]
MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}"
-> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"
\InProcServer32\(Default) = "C:\Programme\myphon\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\Winrar\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\WINDOWS\BricoPacks\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."]
TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Programme\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\Winrar\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}"
-> {HKLM...CLSID} = "Eraser Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}"
-> {HKLM...CLSID} = "TortoiseSVN"
\InProcServer32\(Default) = "C:\Programme\TortoiseSVN\bin\tortoisesvn.dll" ["www.tortoisesvn.org"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\Winrar\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Tobi" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
"AppleSoftwareUpdate" -> launches: "C:\Programme\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["IE Toolbar"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{95188727-288F-4581-A48D-EAB3BD027314}" = (no title provided)
-> {HKLM...CLSID} = "Zend Studio"
\InProcServer32\(Default) = "C:\PROGRA~1\Zend\ZENDST~1.0\bin\ZENDIE~1.DLL" [empty string]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["IE Toolbar"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{0E921E80-267A-42AA-AEE4-60B9A1222A44}\
"ButtonText" = "Klicke hier um das Projekt xp-AntiSpy zu unterstützen"
"MenuText" = "Unterstützung für xp-AntiSpy"
"Exec" = "C:\Programme\xp-AntiSpy\sponsoring\sponsor.html" [null data]

{9885224C-1217-4C5F-83C2-00002E6CEF2B}\
"ButtonText" = "NeoTrace It!"
"Script" = "C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{A26ABCF0-1C8F-46E7-A67C-0489DC21B9CC}\
"ButtonText" = "Zend Studio Toolbar"
"MenuText" = "Zend Studio"

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "C:\Programme\PartyGaming\PartyPoker\RunApp.exe" [file not found]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" [file not found]

{D9288080-1BAA-4BC4-9CF8-A92D743DB949}\
"ButtonText" = "Run IMVU"
"Exec" = "C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\IMVU\Run IMVU.lnk" [file not found]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]

{F4430FE8-2638-42E5-B849-800749B94EED}\
"ButtonText" = "PartyPoker.net"
"MenuText" = "PartyPoker.net"
"Exec" = "C:\Programme\PartyPoker.net\partypokernet.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["IE Toolbar"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

3Com DMI Agent, 3ComDMIService, "C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE" ["3Com Corporation"]
AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["Avira GmbH"]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe"" [null data]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
TuneUp Designerweiterung, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Viewpoint Manager Service, Viewpoint Manager Service, ""C:\Programme\Viewpoint\Common\ViewpointService.exe"" ["Viewpoint Corporation"]
VNC Server, winvnc, ""C:\Programme\vnc\UltraVNC\winvnc.exe" -service" ["UltraVNC"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Fax602 Port Monitor\Driver = "f602mon.dll" [file not found]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2008-02-05 15:11:48)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 115 seconds, including 13 seconds for message boxes)