Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By "troj/dwnldr-hei" And "trojan-downloader.agent". Cannot Kill Winnt64.dll


  • This topic is locked This topic is locked
12 replies to this topic

#1 PhilSey

PhilSey

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 18 June 2008 - 01:32 PM

Hey guys, I hope you can help me out.

-PC Tool Spyware Doctor says I am infected by"trojan-downloader.agent", and it alway returns after removal.
-tried SDfix, but log said that WinNt64.dll could not be deleted and I can't delete it manually, not even with Killbox or Unlocker.
-My internet connection is active all the time, even when all programms are closed.


Neither Mcafee nor Spyware Doctor can get rid of it. I tried AdAware and Spybot aswell. :thumbsup:


I performed no Kaspersky scan jet but will do so later.


Here is the Log:




Deckard's System Scanner v20071014.68
Run by Philipp Seybold on 2008-06-18 19:53:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.58 GiB (less than 15%) free.


-- HijackThis (run as Philipp Seybold.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:37, on 18.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\Programme\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\Programme\ComfortClipboard\CClipboard.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\UltraMon\UltraMon.exe
C:\Programme\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Programme\TweakRAM\TweakRAM.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\ComfortClipboard\CClipboardCm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Philipp Seybold.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CClipboard] C:\Programme\ComfortClipboard\CClipboard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UltraMon] "C:\Programme\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\RunServices: [Windows Update Host] hoster.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [TweakRAM] C:\Programme\TweakRAM\TweakRAM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'Default user')
O4 - S-1-5-18 Startup: Verknüpfung mit DisplayCall.lnk = C:\Programme\Display Call\DisplayCall.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Verknüpfung mit DisplayCall.lnk = C:\Programme\Display Call\DisplayCall.exe (User 'Default user')
O4 - Startup: Verknüpfung mit DisplayCall.lnk = C:\Programme\Display Call\DisplayCall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Programme\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Programme\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Programme\EverNote\EverNote\enbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O15 - Trusted Zone: http://www.asmallworld.net
O15 - Trusted Zone: www.chip.de
O15 - Trusted Zone: www.download.de
O15 - Trusted Zone: http://www.gayromeo.com
O15 - Trusted Zone: www.hypovereinsbank.de
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04a30f04300bfb...RdxIE601_de.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 217.237.151.115 217.237.148.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winnt64 - C:\WINDOWS\SYSTEM32\WinNt64.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Programme\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (ipod service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13617 bytes

-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 19:53:51 0 d-------- C:\Programme\Trend Micro
2008-06-18 17:43:47 0 d-------- C:\sec31
2008-06-18 16:59:43 0 d-------- C:\Programme\Sophos
2008-06-18 16:39:37 8704 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
2008-06-18 11:18:28 0 d-------- C:\Programme\Lavasoft
2008-06-18 01:57:40 0 d-------- C:\!KillBox
2008-06-15 17:48:38 30208 --a------ C:\WINDOWS\system32\drivers\Lws88.sys
2008-06-14 12:12:18 0 d-------- C:\1 Virus
2008-06-14 11:39:12 13312 -----n--- C:\WINDOWS\system32\WinNt64.dll
2008-06-13 19:57:08 0 d-------- C:\WINDOWS\ERUNT
2008-06-12 11:46:07 0 d-------- C:\WINDOWS\Content.IE5
2008-06-12 11:10:25 0 d-------- C:\Programme\Spyware Doctor
2008-06-11 20:02:54 5082 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 20:02:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-11 20:02:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-11 20:02:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-11 20:02:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-11 20:02:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-11 20:02:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-11 20:02:35 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-11 19:03:38 0 d-------- C:\Programme\Safer Networking
2008-06-11 18:47:58 0 d-------- C:\Programme\DScaler5
2008-06-11 02:32:09 131584 --a------ C:\WINDOWS\system32\drivers\Tseh42.sys
2008-06-11 02:24:19 28416 --a------ C:\WINDOWS\system32\drivers\Hcn05.sys
2008-06-11 01:48:52 0 d-------- C:\DECCHECK
2008-06-05 15:54:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-28 15:37:23 0 d-------- C:\WINDOWS\nview
2008-05-28 09:28:51 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 09:17:54 0 d-------- C:\WINDOWS\system32\de
2008-05-28 09:17:54 0 d-------- C:\WINDOWS\l2schemas
2008-05-27 20:10:14 0 d-------- C:\Programme\Gemeinsame Dateien\Realtime Soft
2008-05-27 20:10:13 0 d-------- C:\Programme\UltraMon
2008-05-27 20:08:01 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 20:02:45 0 d-------- C:\WINDOWS\NV47082716.TMP
2008-05-27 20:01:36 0 d-------- C:\NVIDIA
2008-05-21 01:12:29 0 d-------- C:\WINDOWS\system32\ID Device ActiveX_reg
2008-05-21 01:12:29 0 d-------- C:\Programme\Buhl
2008-05-21 01:11:22 0 d-------- C:\Programme\DataDesign
2008-05-21 01:11:14 0 d-------- C:\Programme\Letstrade
2008-05-19 20:26:20 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\.clipbak
2008-05-19 15:25:52 0 d-------- C:\Programme\IO-Manager
2008-05-19 15:12:02 0 d-------- C:\Programme\Keepsoft


-- Find3M Report ---------------------------------------------------------------

2008-06-18 18:13:02 0 d-------- C:\Programme\Mozilla Thunderbird
2008-06-18 16:38:40 0 d-------- C:\Programme\Symantec
2008-06-18 16:38:40 0 d-------- C:\Programme\Gemeinsame Dateien
2008-06-18 11:17:52 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-06-18 01:20:39 0 d-------- C:\Programme\DScaler
2008-06-17 16:55:04 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Skype
2008-06-17 14:15:39 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\skypePM
2008-06-12 15:48:56 466132 --a------ C:\WINDOWS\system32\perfh007.dat
2008-06-12 15:48:56 87900 --a------ C:\WINDOWS\system32\perfc007.dat
2008-06-12 11:10:25 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\PC Tools
2008-06-11 19:30:30 0 d-------- C:\Programme\iTunes
2008-06-11 19:30:20 0 d-------- C:\Programme\iPod
2008-06-11 18:23:29 0 d-------- C:\Programme\K-Lite Codec Pack
2008-06-11 18:10:14 0 d-------- C:\Programme\DivX
2008-06-11 14:11:17 60460 --a------ C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\wklnhst.dat
2008-06-11 03:26:44 0 d-------- C:\Programme\Bonjour
2008-06-11 02:22:50 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Azureus
2008-06-07 21:14:06 0 d-------- C:\Programme\Display Call
2008-06-05 19:47:13 0 d-------- C:\Programme\ProgDVB
2008-05-28 19:00:04 0 d--h----- C:\Programme\InstallShield Installation Information
2008-05-28 09:18:16 0 d-------- C:\Programme\messenger
2008-05-28 09:17:53 0 d-------- C:\Programme\Movie Maker
2008-05-28 09:14:39 0 d-------- C:\Programme\Windows NT
2008-05-27 16:20:50 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\ATI
2008-05-26 00:35:07 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Buhl Data Service GmbH
2008-05-22 12:11:50 0 d-------- C:\Programme\Apple Software Update
2008-05-21 01:12:49 0 d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-05-15 14:49:35 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Spearit
2008-05-15 14:48:54 0 d-------- C:\Programme\Gemeinsame Dateien\Laplink
2008-05-15 14:48:52 0 d-------- C:\Programme\Laplink
2008-05-15 01:39:30 0 d-------- C:\Programme\Gemeinsame Dateien\Nokia
2008-05-15 01:39:29 0 d-------- C:\Programme\Nokia
2008-05-14 15:16:19 0 d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-05-14 15:16:01 0 d-------- C:\Programme\Gemeinsame Dateien\Real
2008-05-14 15:14:35 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Real
2008-05-14 15:08:29 0 d-------- C:\Programme\AviSynth 2.5
2008-05-14 14:38:12 0 d-------- C:\Programme\Avi2Dvd
2008-05-14 11:03:32 0 d-------- C:\Programme\Hasbro
2008-05-13 00:56:47 148104 --a----c- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-05-13 00:51:26 0 d-------- C:\Programme\MSECache
2008-05-07 11:18:41 0 d-------- C:\Programme\TNT Screen Capture
2008-05-07 01:12:29 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GoodSync
2008-05-06 16:22:14 0 d-------- C:\Programme\Siber Systems
2008-05-06 15:47:00 0 d-------- C:\Programme\PowerFolder.com
2008-05-05 16:02:40 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\smc
2008-05-05 15:50:47 0 d-------- C:\Programme\GIMP-2.0
2008-05-05 15:50:22 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Audacity
2008-05-05 15:50:08 0 d-------- C:\Programme\Audacity 1.3 Beta
2008-05-05 15:47:12 0 d-------- C:\Programme\Foola iPod to PC
2008-05-02 13:27:01 0 d-------- C:\Programme\TweakRAM
2008-05-01 12:36:06 0 d-------- C:\Programme\TrueLaunchBar
2008-04-27 15:22:52 0 d-------- C:\Programme\McAfee
2008-04-25 17:48:54 0 d-------- C:\Programme\Microsoft Picture It! 9
2008-04-24 10:57:34 0 d-------- C:\Programme\YoutubeMusicSoft
2008-04-24 00:26:05 0 d-------- C:\Programme\NeroInstall.bak
2008-04-21 13:50:25 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\TVcentral-Core
2008-04-21 13:17:57 0 d-------- C:\Programme\Gemeinsame Dateien\Sonavis
2008-04-20 12:58:18 0 d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2008-04-20 12:53:47 0 d-------- C:\Programme\PC Connectivity Solution
2008-04-15 13:15:25 257808 --a------ C:\WINDOWS\winfile.exe <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows NT™>
2008-04-08 13:01:44 8192 --a------ C:\WINDOWS\system32\uiwbnp.dll <Not Verified; WEB.DE GmbH; WEB.DE SmartDrive Manager>
2008-04-02 14:11:04 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [30.12.2003 00:33 C:\WINDOWS\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [14.04.2008 04:23 C:\WINDOWS\system32\bthprops.cpl]
"OpwareSE2"="C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [08.05.2003 12:00]
"CTSysVol"="C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [17.09.2003 11:43]
"CTDVDDET"="C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [18.06.2003 02:00]
"SBDrvDet"="C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" [03.12.2002 19:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [11.05.2000 02:00]
"CTHelper"="CTHELPER.EXE" [11.08.2006 15:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11.08.2006 15:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"itype"="C:\Programme\Microsoft IntelliType Pro\itype.exe" [21.11.2006 17:08]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\ipoint.exe" [05.02.2007 15:52]
"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [03.08.2007 23:33 C:\Programme\McAfee.com\Agent\mcagent.exe]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16]
"LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [25.10.2007 17:33]
"LogitechQuickCamRibbon"="C:\Programme\Logitech\QuickCam\Quickcam.exe" [25.10.2007 17:37]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [28.02.2008 10:59]
"CClipboard"="C:\Programme\ComfortClipboard\CClipboard.exe" [05.04.2008 21:04]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [14.05.2008 15:14]
"UltraMon"="C:\Programme\UltraMon\UltraMon.exe" [12.10.2006 21:27]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05.12.2007 01:41]
"nwiz"="nwiz.exe" [05.12.2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05.12.2007 01:41]
"QuickTime Task"="C:\Programme\K-Lite Codec Pack\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [02.06.2008 11:13]
"ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [10.04.2008 15:14]
"UnlockerAssistant"="C:\Programme\Unlocker\UnlockerAssistant.exe" [02.05.2008 06:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 04:22]
"ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [05.04.2006 23:03]
"WEB.DE_WEB.DE SmartDrive Manager"="C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.exe" [08.04.2008 13:02]
"TweakRAM"="C:\Programme\TweakRAM\TweakRAM.exe" [01.05.2008 18:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Update Host"=hoster.exe
"Microsoft Windows Registry Service"=wregistry.exe
"MSPluginSrvc"=p3.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Update Host"=hoster.exe
"MSPluginSrvc"=p3.exe
"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Dokumente und Einstellungen\Philipp Seybold\Startmen\Programme\Autostart\
Verknpfung mit DisplayCall.lnk - C:\Programme\Display Call\DisplayCall.exe [5.11.2007 14:36:10]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [13.2.2001 01:01:04]
OnlineControl.lnk - C:\Programme\OnlineControl\ocontrol.exe [12.1.2007 17:29:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnt64]
WinNt64.dll 18.06.2008 16:23 13312 C:\WINDOWS\system32\WinNt64.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hcn05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lws88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qhb00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sub43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vkk04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HotSync Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdStatus Service]
C:\Program Files\AdStatus Service\AdStatServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hfxp]
C:\Programme\Spybot - Search & Destroy\HF\hfxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Programme\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Programme\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
wuampd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Registry Service]
wregistry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPluginSrvc]
p3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programme\Home Cinema\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Programme\Plaxo\2.11.1.5\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility]
Prismsta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr]
"C:\Programme\Multimedia\T-DSL Support-Center\SpeedMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tuloxFreeWBE]
C:\Programme\Wörterbücher\tuloxFreeWBE\FreeDict.exe AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
C:\WINDOWS\System32\Lsumdp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
c:\Program Files\Washer\washer.exe /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
C:\WINDOWS\system32\defragfatz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows media service]
crsss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
hoster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CA_LIC_SRVR"=3 (0x3)
"CA_LIC_CLNT"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"x10nets"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\AutoRunCD.exe

*Newly Created Service* - MEMSWEEP2



-- End of Deckard's System Scanner: finished at 2008-06-18 19:57:49 ------------











Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: German

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 2047.48 MiB / 1192.15 MiB
Pagefile Memory (total/avail): 2664.6 MiB / 1411.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.76 MiB

C: is Fixed (NTFS) - 93.16 GiB total, 7.58 GiB free.
D: is Fixed (NTFS) - 83.38 GiB total, 14.36 GiB free.
E: is Fixed (FAT32) - 9.76 GiB total, 5.63 GiB free.
F: is CDROM (UDF)
G: is CDROM (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)
L: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3200021A - 186.31 GiB - 3 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 93.16 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 93.15 GiB - D: - E:

\\.\PHYSICALDRIVE1 - Generic CF Card CF USB Device

\\.\PHYSICALDRIVE2 - Generic MS Card MS USB Device

\\.\PHYSICALDRIVE3 - Generic SD Card MMC/SD USB Device

\\.\PHYSICALDRIVE4 - Generic SM/XD Card SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=PHILIPP
ComSpec=C:\WINDOWS\system32\cmd.exe
Devmgr_show_details=1
devmgr_show_nonpresent_devices=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Philipp Seybold
LOGONSERVER=\\PHILIPP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Programme\Mozilla Firefox;C:\Programme\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\K-Lite Codec Pack\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\PHILIP~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\PHILIP~1\LOKALE~1\Temp
ULTRAMON_LANGDIR=C:\Programme\UltraMon\Resources\en
USERDOMAIN=PHILIPP
USERNAME=Philipp Seybold
USERPROFILE=C:\Dokumente und Einstellungen\Philipp Seybold
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Philipp Seybold (admin)
Ferdi (admin)
Administrator (new local, admin)
Gast (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Programme\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W /L:GER
--> C:\Programme\Creative\SBAudigy2\Program\Ctzapxx.EXE /W /U /S /L:GER
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Programme\Spybot - Search & Destroy\HF\Original exe\hfxp.exe /u
--> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x7
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x7 /remove
--> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark03 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9
802.11 G Utility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E2A07534-B66D-4FF6-BA59-EF0CB9C42111}\Setup.exe" -l0x9
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\Setup.exe" -l0x7
ASF-AVI-RM-WMV Repair 1.82 --> "C:\Programme\Multimedia\repair\reair all\unins000.exe"
AsfTools 3.1 (remove only) --> C:\Programme\Multimedia\Repair\asftools310\AsfTools 3.1\Uninst.exe
ATI Remote Wonder 3.04 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1031
Audacity 1.3.3 --> "C:\Programme\Audacity 1.3 Beta\unins000.exe"
Avery Zweckform DesignPro --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
Avi2Dvd 0.4.3 beta --> C:\Programme\Avi2Dvd\uninst.exe
Azureus --> C:\Programme\Azureus\Uninstall.exe
BearShare --> C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother HL-2030 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{31115268-2BAE-4D31-A2E2-91D7EC4AFC7B}\SETUP.exe" -l0x7 -removeonly /uninst
Canon CanoScan Toolbox 4.9 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x7 anything
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x7 anything
Classic PhoneTools --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x7 ControlPanel
Click'N Design 3D for AfterBurner™ (V5) --> C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
CloneDVD --> "C:\Programme\Multimedia\Clone DVD\CloneDVD\CloneDVD-uninst.exe" /D="C:\Programme\Multimedia\Clone DVD\CloneDVD"
Comfort Clipboard 3.0.5.0 --> "C:\Programme\ComfortClipboard\unins000.exe"
Command & Conquer™ Generäle --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and Conquer™ Generäle Die Stunde Null --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative-Audiokonsole --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7 /remove
Creative-Systeminformationen --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x7 /remove
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CursorXP --> C:\Programme\CursorXP\CurXPUtil.exe -u
CyberPower Audio Editing Lab 12.8 --> "C:\Programme\CyberPower Audio Editing Lab\unins000.exe"
Dawn 5 --> MsiExec.exe /I{29FD8D69-868E-4535-8F2E-5190561164C3}
Die Stunde Null UncutPatch 1.1 --> "C:\spiele\Die Stunde Null\Uncut it\unins000.exe"
Digital Video Repair 1.0 --> "C:\Programme\Rising Research\Digital Video Repair\uninstall.exe"
DScaler 4.1.15 --> "C:\Programme\DScaler\unins000.exe"
DScaler 5 Mpeg Decoders --> "C:\Programme\DScaler5\unins000.exe"
DVD Shrink 3.1.7 --> "C:\Programme\Multimedia\DVD Shrink\unins000.exe"
Easy Thumbnails (Remove only) --> "C:\Programme\Multimedia\easy Thunbnail\Easy Thumbnails\unins000.exe"
EC Software TNT Screen Capture 2.1 --> "C:\Programme\TNT Screen Capture\unins000.exe"
EverNote --> C:\Programme\InstallShield Installation Information\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}\setup.exe -runfromtemp -l0x0009 -removeonly
FaJo XP File Security Extension v1.2 --> "C:\Programme\FaJo\XP File Security Extension\unins000.exe"
Free YouTube Download 1.3 --> "C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
Futuremark SystemInfo --> C:\Programme\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GameJack 4 --> MsiExec.exe /I{14F364F8-34FE-4754-AB6B-5598E8937F54}
GIMP 2.4.5 --> "C:\Programme\GIMP-2.0\setup\unins000.exe"
GoodSync --> "C:\Programme\Siber Systems\GoodSync\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar4.dll"
gSyncit --> MsiExec.exe /I{DF557220-3280-4639-B699-34896C5EE41D}
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Informationen über Ihren PC --> MsiExec.exe /I{3D1A6B70-3E02-49BC-88B0-916C80274632}
iPod for Windows 2005-06-26 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FE7A3FE1-AF76-44FD-BC70-09868A51887A} /l1031
iPod for Windows 2006-01-10 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1031
ISDN Utility --> C:\WINDOWS\uninst.exe -fC:\Programme\ISDN_UTL\DeIsL1.isu -cC:\Programme\ISDN_UTL\_ISREG32.DLL
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_09 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142090}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.9.5 (Standard) --> "C:\Programme\K-Lite Codec Pack\unins000.exe"
Letstrade --> MsiExec.exe /X{E0091C29-DEE8-4B24-BF65-8C35B5940D77}
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech QuickCam-Treiberpaket --> "C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Luftschlacht --> C:\spiele\Luftschlacht\uninstall.exe
Magic ISO Maker v5.4 (build 0245) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Manual CanoScan LiDE 25 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{838BC0FB-4F8F-47B9-847F-06AE4CCE4181}\setup.exe" -l0x7
McAfee SecurityCenter --> C:\Programme\McAfee\MSC\mcuninst.exe
Medion Flash XL 2.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Enzyklopädie 2004 --> MsiExec.exe /I{04440044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0407-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Foto Premium 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows-Journal-Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Word 2002 --> MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{5B680750-760B-49E4-81E7-21B2B337F9F7}
Microsoft Works Suite-Add-Ins für Microsoft Word --> MsiExec.exe /I{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}
Monopoly by Parker Brothers --> C:\PROGRA~1\Hasbro\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\Hasbro\MONOPO~1\INSTALL.LOG
Moorhuhn 2 V1.1 --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Phenomedia AG\Moorhuhn 2\Uninst.isu"
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891031}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Download! --> MsiExec.exe /X{90ED5EF8-B21E-423C-9E3E-77B54D77EE31}
Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia Multimedia Factory --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite --> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_ger.exe
Nokia PC Suite --> MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47}
Nokia Software Updater --> MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
Nokia Video Manager --> "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe" /MAINTENANCE /SILENT="SGWLRPFCE" /LANG="1031" /O=";EXTUNINSTALL=1"
Nokia Video Manager --> MsiExec.exe /I{B1B4E612-9ACC-4FAB-BD04-1721D9503266}
Nokia Wireless Presenter --> C:\Programme\Nokia\Nokia Wireless Presenter\uninstall.exe
Norton PartitionMagic 8.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Office-Bibliothek 4.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{54971F17-9D16-4D43-95D6-3A86E3D20EDB}\setup.exe" -uninst
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
On-Screen HTML --> MsiExec.exe /I{69BFD78F-146F-48F5-BDE0-6C5DB692FAE0}
OnlineControl 1.2 --> "C:\Programme\OnlineControl\unins000.exe"
Palm Desktop --> C:\WINDOWS\IsUn0407.exe -fC:\Palm\Palm.isu -cC:\Palm\Palmuni.dll
PC-Linq --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{808FAA20-4C3A-11D4-8A57-00201853C903}\Setup.exe"
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Inspector File Recovery --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
PCmover --> MsiExec.exe /X{169E24D1-2972-4B51-AC47-D5BDEC93F453}
PDF reDirect (remove only) --> C:\Programme\PDF reDirect\Uninstall.exe
PowerDirector --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Programme\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall
ProgDVB --> C:\Programme\ProgDVB\uninstall.exe
Programm zum entfernen des Windows Blaster Wurm-Virus(KB833330) --> C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RivaTuner v2.08 --> "C:\Programme\RivaTuner v2.08\uninstall.exe"
RunAlyzer --> "C:\Programme\Safer Networking\RunAlyzer\unins000.exe"
SafeGuard® PrivateCrypto 2.11.0 - Unlicensed Version --> MsiExec.exe /X{CD957DCE-EF23-4257-8E9B-D72F865CAEFA}
Secret Maryo Chronicles --> "C:\spiele\Secret Maryo Chronicles\uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Setup-Start von Microsoft Works 2004 --> C:\Programme\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP F:\
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sophos Anti-Rootkit 1.3.1 --> C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove
Sound Blaster Audigy 2 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CECB9B3D-E681-4458-85F8-8D182941AF1D}\SETUP.EXE" -l0x7
Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Programme\Spyware Doctor\unins000.exe /LOG
Switch Off --> "C:\Programme\Multimedia\Switch Off\uninstall.exe"
TIPP10 Version 2.0.1 --> "C:\Programme\Tipp10\unins000.exe"
Total Video Converter 3.11 070908 --> "C:\Programme\Total Video Converter\unins000.exe"
TreeSize Free V1.7.9 --> "C:\Programme\TreeSizeExplorer\unins000.exe"
True Launch Bar --> "C:\Programme\TrueLaunchBar\Uninstall.exe"
TrueCrypt --> "C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u
TweakRAM --> C:\Programme\TweakRAM\Uninstall TweakRAM.exe
Tweakui Powertoy for Windows XP --> MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Ulead Video ToolBox Basic --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x7
UltraMon --> MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
Uninstall 1.0.0.0 --> "C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Universal SCSI Controller --> MsiExec.exe /I{35A501AD-C538-4286-9A45-AAF5514A482D}
Unlocker 1.8.7 --> C:\Programme\Unlocker\uninst.exe
USB Storage Adapter (TPP) --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AD7BA313-A3D9-11D6-8267-0000E8812330}\Setup.exe"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.6d --> C:\Programme\VideoLAN\VLC\uninstall.exe
VX2 Cleaner plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\VX2CLE~1\INSTALL.LOG
W83L518D --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe" -l0x7
WAV to MP3 Encoder --> C:\PROGRA~1\WAVTOM~1\UNWISE.EXE C:\PROGRA~1\WAVTOM~1\INSTALL.LOG
WEB.DE SmartDrive Manager --> C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\uninst.exe
WinCleaner Memory Optimizer Version 5.2 --> "C:\Programme\WinCleaner Memory Optimizer\unins000.exe"
Windows-Sicherungsprogramm --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (08/03/2007 3.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988\pccs_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (08/08/2007 3.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_32E2E448B53EE5B28E074D88802D0BAF984038DA\pccs_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Messenger --> MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP-Hotfix - KB888162 --> C:\WINDOWS\$NtUninstallKB888162$\spuninst\spuninst.exe
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
WISO Haushaltsbuch 2008 --> MsiExec.exe /I{700AF45E-6BE8-4850-B3D2-37E3971710FD}
WM Recorder + RM Recorder 10.1 --> C:\WINDOWS\iun6002.exe "C:\Programme\Multimedia\WMR Recorder\WM Recorder\irunin.ini"
X10 Hardware™ --> C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XML Paper Specification Shared Components Pack 1.0 -->
Youtube Music Downloader --> "C:\Programme\YoutubeMusicSoft\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type6753831 / Warning
Event Submitted/Written: 06/18/2008 04:24:55 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
Die ausgehende Verteilerregel ist nicht gültig, weil kein gültiges Gerät gefunden werden kann. Ausgehende Faxe, die diese Regel verwenden, werden nicht weitergeleitet. Stellen Sie sicher, dass das angezielte Gerät bzw. die angezielten Geräte angeschlossen, korrekt installiert und angeschaltet sind. Stellen Sie außerdem sicher, dass die Gruppe korrekt konfiguriert ist, falls die Weiterleitung an eine Gruppe von Geräten erfolgen soll.
Landes-/Regionskennzahl: "*"
Ortskennzahl: "*"

Event Record #/Type6753830 / Warning
Event Submitted/Written: 06/18/2008 04:24:55 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fehler beim Initialisieren der zugewiesenen Faxgeräte (virtuell oder TAPI) durch den Faxdienst.
Es können keine Faxe gesendet werden, bis ein Faxgerät installiert ist.

Event Record #/Type6753822 / Warning
Event Submitted/Written: 06/18/2008 04:18:46 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
Die ausgehende Verteilerregel ist nicht gültig, weil kein gültiges Gerät gefunden werden kann. Ausgehende Faxe, die diese Regel verwenden, werden nicht weitergeleitet. Stellen Sie sicher, dass das angezielte Gerät bzw. die angezielten Geräte angeschlossen, korrekt installiert und angeschaltet sind. Stellen Sie außerdem sicher, dass die Gruppe korrekt konfiguriert ist, falls die Weiterleitung an eine Gruppe von Geräten erfolgen soll.
Landes-/Regionskennzahl: "*"
Ortskennzahl: "*"

Event Record #/Type6753821 / Warning
Event Submitted/Written: 06/18/2008 04:18:46 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fehler beim Initialisieren der zugewiesenen Faxgeräte (virtuell oder TAPI) durch den Faxdienst.
Es können keine Faxe gesendet werden, bis ein Faxgerät installiert ist.

Event Record #/Type6753811 / Warning
Event Submitted/Written: 06/18/2008 04:03:53 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
Die ausgehende Verteilerregel ist nicht gültig, weil kein gültiges Gerät gefunden werden kann. Ausgehende Faxe, die diese Regel verwenden, werden nicht weitergeleitet. Stellen Sie sicher, dass das angezielte Gerät bzw. die angezielten Geräte angeschlossen, korrekt installiert und angeschaltet sind. Stellen Sie außerdem sicher, dass die Gruppe korrekt konfiguriert ist, falls die Weiterleitung an eine Gruppe von Geräten erfolgen soll.
Landes-/Regionskennzahl: "*"
Ortskennzahl: "*"



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type202288 / Warning
Event Submitted/Written: 06/18/2008 06:16:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.

Event Record #/Type202284 / Error
Event Submitted/Written: 06/18/2008 05:43:23 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "MDM" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type202281 / Warning
Event Submitted/Written: 06/18/2008 05:22:22 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.

Event Record #/Type202279 / Error
Event Submitted/Written: 06/18/2008 04:59:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "MDM" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type202278 / Warning
Event Submitted/Written: 06/18/2008 04:55:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.



-- End of Deckard's System Scanner: finished at 2008-06-18 19:51:48 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 PM

Posted 18 June 2008 - 04:39 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

You are running an older version of Java. This can be a security risk so let's get you the latest version.
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

=================




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\WinNt64.dll
    C:\WINDOWS\system32\drivers\tcpsr.sys
    C:\WINDOWS\system32\drivers\Lws88.sys
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 PhilSey

PhilSey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 19 June 2008 - 10:10 AM

Hi Sam, I am very grateful that you help me. Thank you very much.

I did as you said:

-All old Java version are removed and the new Java Update is installed.

-But the WinNt64.dll could not be moved. (I have it twice, because at the beginning of my infection I moved it on the desktop in hope that this would solve the problem. Moving was possible then, now I can´t delete or move neither the WinNt64.dll in c:\windows\system32\ nor the copy of the file on my desktop. Originally, the the WinNt64.dll was located in c:\windows\system32\DRIVERS. I think that after movin it, it was reestablished c:\windows\system32\, but maybe it was there in the first place, too.)

-The tcpsr.sys and Lws88.sys were moved successfully, BUT they are back in C:\WINDOWS\system32\drivers\ again after I went online!!!!!!!!!!


Below I posted the following:
1. The Log from MoveIt:
2. A KASPERSKY ONLINE SCANNER 7 REPORT (it was executed BEFORE I followed the steps in your reply)
3. The new DSS scan log (only a "Main" Log was created)




1. Here is the Log from MoveIt:




DllUnregisterServer procedure not found in C:\WINDOWS\system32\WinNt64.dll
C:\WINDOWS\system32\WinNt64.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\WinNt64.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\drivers\tcpsr.sys moved successfully.
File move failed. C:\WINDOWS\system32\drivers\Lws88.sys scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\WinNt64.dll
C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\WinNt64.dll NOT unregistered.
File move failed. C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\WinNt64.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06192008_162351

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\WinNt64.dll
C:\WINDOWS\system32\WinNt64.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\WinNt64.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\Lws88.sys scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\WinNt64.dll
C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\WinNt64.dll NOT unregistered.
File move failed. C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\WinNt64.dll scheduled to be moved on reboot.






2. Here is the KASPERSKY ONLINE SCANNER 7 REPORT (it was executed BEFORE I followed the steps in your reply):






--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 19, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, June 18, 2008 15:36:21
Records in database: 878919
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
C:\Dokumente und Einstellungen\Philipp Seybold\Startmenü\Programme\Autostart
C:\Program Files
C:\Programme
C:\WINDOWS

Scan statistics:
Files scanned: 84730
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 03:52:34


File name / Threat name / Threats count
C:\WINDOWS\system32\WinNt64.dll/C:\WINDOWS\system32\WinNt64.dll Infected: Trojan-Downloader.Win32.Mutant.age 1
C:\Programme\BearShare\Installer\BSInstall5.2.5.1.exe Infected: not-a-virus:AdWare.Win32.180Solutions.ao 1
C:\WINDOWS\system32\drivers\Tseh42.sys Infected: Rootkit.Win32.Qandr.cp 1
C:\WINDOWS\system32\WinNt64.dll Infected: Trojan-Downloader.Win32.Mutant.age 1

The selected area was scanned.






3. Here is the new DSS scan log (only a "Main" Log was created):





Deckard's System Scanner v20071014.68
Run by Philipp Seybold on 2008-06-19 16:42:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.24 GiB (less than 15%) free.


-- HijackThis (run as Philipp Seybold.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:48, on 19.6.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
C:\Programme\McAfee\VirusScan\McShield.exe
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programme\Logitech\QuickCam\Quickcam.exe
C:\Programme\ComfortClipboard\CClipboard.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\UltraMon\UltraMon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Programme\TweakRAM\TweakRAM.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Display Call\DisplayCall.exe
C:\Programme\ComfortClipboard\CClipboardCm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PHILIP~1.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe"
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [itype] "C:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CClipboard] C:\Programme\ComfortClipboard\CClipboard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UltraMon] "C:\Programme\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Windows Update Host] hoster.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Registry Service] wregistry.exe
O4 - HKLM\..\RunServices: [MSPluginSrvc] p3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [TweakRAM] C:\Programme\TweakRAM\TweakRAM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe (User 'Default user')
O4 - S-1-5-18 Startup: Verknüpfung mit DisplayCall.lnk = C:\Programme\Display Call\DisplayCall.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Verknüpfung mit DisplayCall.lnk = C:\Programme\Display Call\DisplayCall.exe (User 'Default user')
O4 - Startup: Verknüpfung mit DisplayCall.lnk = C:\Programme\Display Call\DisplayCall.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Programme\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Programme\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Programme\EverNote\EverNote\enbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://www.medionshop.de/ (file missing) (HKCU)
O15 - Trusted Zone: http://www.asmallworld.net
O15 - Trusted Zone: www.chip.de
O15 - Trusted Zone: www.download.de
O15 - Trusted Zone: http://www.gayromeo.com
O15 - Trusted Zone: www.hypovereinsbank.de
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/04a30f04300bfb...RdxIE601_de.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/bfbbe9...0/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 217.237.151.115 217.237.148.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winnt64 - C:\WINDOWS\SYSTEM32\WinNt64.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Unknown owner - C:\Programme\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (ipod service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13771 bytes

-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-19 16:29:10 6784 --a------ C:\WINDOWS\system32\drivers\tcpsr.sys
2008-06-19 16:12:33 0 d-------- C:\Programme\Sun
2008-06-19 16:09:20 0 d-------- C:\Programme\Gemeinsame Dateien\Java
2008-06-18 19:53:51 0 d-------- C:\Programme\Trend Micro
2008-06-18 17:43:47 0 d-------- C:\sec31
2008-06-18 16:59:43 0 d-------- C:\Programme\Sophos
2008-06-18 11:18:28 0 d-------- C:\Programme\Lavasoft
2008-06-18 01:57:40 0 d-------- C:\!KillBox
2008-06-15 17:48:38 30208 --a------ C:\WINDOWS\system32\drivers\Lws88.sys
2008-06-14 12:12:18 0 d-------- C:\1 Virus
2008-06-14 11:39:12 13312 --a------ C:\WINDOWS\system32\WinNt64.dll
2008-06-13 19:57:08 0 d-------- C:\WINDOWS\ERUNT
2008-06-12 11:46:07 0 d-------- C:\WINDOWS\Content.IE5
2008-06-12 11:10:25 0 d-------- C:\Programme\Spyware Doctor
2008-06-11 20:02:54 5082 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 20:02:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-11 20:02:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-11 20:02:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-11 20:02:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-11 20:02:35 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-11 20:02:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-11 20:02:35 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-11 19:03:38 0 d-------- C:\Programme\Safer Networking
2008-06-11 18:47:58 0 d-------- C:\Programme\DScaler5
2008-06-11 02:32:09 131584 --a------ C:\WINDOWS\system32\drivers\Tseh42.sys
2008-06-11 02:24:19 28416 --a------ C:\WINDOWS\system32\drivers\Hcn05.sys
2008-06-11 01:48:52 0 d-------- C:\DECCHECK
2008-06-05 15:54:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-28 15:37:23 0 d-------- C:\WINDOWS\nview
2008-05-28 09:28:51 0 d-------- C:\WINDOWS\Prefetch
2008-05-28 09:17:54 0 d-------- C:\WINDOWS\system32\de
2008-05-28 09:17:54 0 d-------- C:\WINDOWS\l2schemas
2008-05-27 20:10:14 0 d-------- C:\Programme\Gemeinsame Dateien\Realtime Soft
2008-05-27 20:10:13 0 d-------- C:\Programme\UltraMon
2008-05-27 20:08:01 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 20:02:45 0 d-------- C:\WINDOWS\NV47082716.TMP
2008-05-27 20:01:36 0 d-------- C:\NVIDIA
2008-05-21 01:12:29 0 d-------- C:\WINDOWS\system32\ID Device ActiveX_reg
2008-05-21 01:12:29 0 d-------- C:\Programme\Buhl
2008-05-21 01:11:22 0 d-------- C:\Programme\DataDesign
2008-05-21 01:11:14 0 d-------- C:\Programme\Letstrade
2008-05-19 20:26:20 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\.clipbak
2008-05-19 15:25:52 0 d-------- C:\Programme\IO-Manager
2008-05-19 15:12:02 0 d-------- C:\Programme\Keepsoft


-- Find3M Report ---------------------------------------------------------------

2008-06-19 16:12:22 0 d-------- C:\Programme\Java
2008-06-19 16:09:20 0 d-------- C:\Programme\Gemeinsame Dateien
2008-06-19 13:29:18 0 d-------- C:\Programme\Mozilla Thunderbird
2008-06-19 03:31:33 0 d-------- C:\Programme\DScaler
2008-06-18 16:38:40 0 d-------- C:\Programme\Symantec
2008-06-18 11:17:52 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-06-17 16:55:04 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Skype
2008-06-17 14:15:39 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\skypePM
2008-06-12 15:48:56 466132 --a------ C:\WINDOWS\system32\perfh007.dat
2008-06-12 15:48:56 87900 --a------ C:\WINDOWS\system32\perfc007.dat
2008-06-12 11:10:25 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\PC Tools
2008-06-11 19:30:30 0 d-------- C:\Programme\iTunes
2008-06-11 19:30:20 0 d-------- C:\Programme\iPod
2008-06-11 18:23:29 0 d-------- C:\Programme\K-Lite Codec Pack
2008-06-11 18:10:14 0 d-------- C:\Programme\DivX
2008-06-11 14:11:17 60460 --a------ C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\wklnhst.dat
2008-06-11 03:26:44 0 d-------- C:\Programme\Bonjour
2008-06-11 02:22:50 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Azureus
2008-06-07 21:14:06 0 d-------- C:\Programme\Display Call
2008-06-05 19:47:13 0 d-------- C:\Programme\ProgDVB
2008-05-28 19:00:04 0 d--h----- C:\Programme\InstallShield Installation Information
2008-05-28 09:18:16 0 d-------- C:\Programme\messenger
2008-05-28 09:17:53 0 d-------- C:\Programme\Movie Maker
2008-05-28 09:14:39 0 d-------- C:\Programme\Windows NT
2008-05-27 16:20:50 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\ATI
2008-05-26 00:35:07 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Buhl Data Service GmbH
2008-05-22 12:11:50 0 d-------- C:\Programme\Apple Software Update
2008-05-21 01:12:49 0 d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-05-15 14:49:35 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Spearit
2008-05-15 14:48:54 0 d-------- C:\Programme\Gemeinsame Dateien\Laplink
2008-05-15 14:48:52 0 d-------- C:\Programme\Laplink
2008-05-15 01:39:30 0 d-------- C:\Programme\Gemeinsame Dateien\Nokia
2008-05-15 01:39:29 0 d-------- C:\Programme\Nokia
2008-05-14 15:16:19 0 d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-05-14 15:16:01 0 d-------- C:\Programme\Gemeinsame Dateien\Real
2008-05-14 15:14:35 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Real
2008-05-14 15:08:29 0 d-------- C:\Programme\AviSynth 2.5
2008-05-14 14:38:12 0 d-------- C:\Programme\Avi2Dvd
2008-05-14 11:03:32 0 d-------- C:\Programme\Hasbro
2008-05-13 00:56:47 148104 --a----c- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-05-13 00:51:26 0 d-------- C:\Programme\MSECache
2008-05-07 11:18:41 0 d-------- C:\Programme\TNT Screen Capture
2008-05-07 01:12:29 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GoodSync
2008-05-06 16:22:14 0 d-------- C:\Programme\Siber Systems
2008-05-06 15:47:00 0 d-------- C:\Programme\PowerFolder.com
2008-05-05 16:02:40 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\smc
2008-05-05 15:50:47 0 d-------- C:\Programme\GIMP-2.0
2008-05-05 15:50:22 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Audacity
2008-05-05 15:50:08 0 d-------- C:\Programme\Audacity 1.3 Beta
2008-05-05 15:47:12 0 d-------- C:\Programme\Foola iPod to PC
2008-05-02 13:27:01 0 d-------- C:\Programme\TweakRAM
2008-05-01 12:36:06 0 d-------- C:\Programme\TrueLaunchBar
2008-04-27 15:22:52 0 d-------- C:\Programme\McAfee
2008-04-25 17:48:54 0 d-------- C:\Programme\Microsoft Picture It! 9
2008-04-24 10:57:34 0 d-------- C:\Programme\YoutubeMusicSoft
2008-04-24 00:26:05 0 d-------- C:\Programme\NeroInstall.bak
2008-04-21 13:50:25 0 d-------- C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\TVcentral-Core
2008-04-21 13:17:57 0 d-------- C:\Programme\Gemeinsame Dateien\Sonavis
2008-04-20 12:58:18 0 d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2008-04-20 12:53:47 0 d-------- C:\Programme\PC Connectivity Solution
2008-04-15 13:15:25 257808 --a------ C:\WINDOWS\winfile.exe <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows NT™>
2008-04-08 13:01:44 8192 --a------ C:\WINDOWS\system32\uiwbnp.dll <Not Verified; WEB.DE GmbH; WEB.DE SmartDrive Manager>
2008-04-02 14:11:04 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14.04.2008 04:22]
"ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [05.04.2006 23:03]
"WEB.DE_WEB.DE SmartDrive Manager"="C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.exe" [08.04.2008 13:02]
"TweakRAM"="C:\Programme\TweakRAM\TweakRAM.exe" [01.05.2008 18:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Update Host"=hoster.exe
"Microsoft Windows Registry Service"=wregistry.exe
"MSPluginSrvc"=p3.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Update Host"=hoster.exe
"MSPluginSrvc"=p3.exe
"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Dokumente und Einstellungen\Philipp Seybold\Startmen\Programme\Autostart\
Verknpfung mit DisplayCall.lnk - C:\Programme\Display Call\DisplayCall.exe [5.11.2007 14:36:10]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [13.2.2001 01:01:04]
OnlineControl.lnk - C:\Programme\OnlineControl\ocontrol.exe [12.1.2007 17:29:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winnt64]
WinNt64.dll 19.06.2008 16:26 13312 C:\WINDOWS\system32\WinNt64.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hcn05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lws88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qhb00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sub43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vkk04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HotSync Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdStatus Service]
C:\Program Files\AdStatus Service\AdStatServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hfxp]
C:\Programme\Spybot - Search & Destroy\HF\hfxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Programme\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Programme\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]
wuampd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Registry Service]
wregistry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPluginSrvc]
p3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Programme\Home Cinema\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Programme\Plaxo\2.11.1.5\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility]
Prismsta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr]
"C:\Programme\Multimedia\T-DSL Support-Center\SpeedMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tuloxFreeWBE]
C:\Programme\Wörterbücher\tuloxFreeWBE\FreeDict.exe AUTOSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
C:\WINDOWS\System32\Lsumdp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
c:\Program Files\Washer\washer.exe /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
C:\WINDOWS\system32\defragfatz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows media service]
crsss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
hoster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CA_LIC_SRVR"=3 (0x3)
"CA_LIC_CLNT"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"x10nets"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\AutoRunCD.exe




-- End of Deckard's System Scanner: finished at 2008-06-19 16:47:31 ------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 PM

Posted 19 June 2008 - 12:47 PM

It's hanging in there, but we'll get rid of it.



Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 PhilSey

PhilSey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 23 June 2008 - 04:27 AM

It´s gone!!

Thank you very much for your help, you guys are great!!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 PM

Posted 23 June 2008 - 08:00 AM

There's more to it than that. Please post the log so we can finish up.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 PhilSey

PhilSey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 23 June 2008 - 11:52 AM

okay, below is the Log. I also bought and installed Kapersky Online Security which got rid of a lot of malware.
McAfee which I had before is crap!






ComboFix 08-06-20.4 - Philipp Seybold 2008-06-23 18:06:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.1514 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_TCPSR


((((((((((((((((((((((( Dateien erstellt von 2008-05-23 bis 2008-06-23 ))))))))))))))))))))))))))))))
.

2008-06-19 17:43 . 2008-06-19 17:56 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-19 17:43 . 2008-06-19 17:56 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-19 17:41 . 2008-06-19 17:41 <DIR> d-------- C:\Programme\Kaspersky Lab
2008-06-19 17:41 . 2008-06-23 18:20 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-06-19 17:41 . 2008-06-23 18:16 4,838,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-19 17:41 . 2008-06-23 18:19 770,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-19 17:41 . 2008-06-23 18:16 39,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-19 17:41 . 2008-06-23 18:19 3,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-19 17:39 . 2008-06-19 17:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2008-06-19 16:58 . 2008-06-19 16:58 457 --a------ C:\WINDOWS\Verknpfung mit system32.lnk
2008-06-19 16:23 . 2008-06-19 16:23 <DIR> d-------- C:\_OTMoveIt
2008-06-19 16:12 . 2008-06-19 16:12 <DIR> d-------- C:\Programme\Sun
2008-06-19 16:12 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-19 16:09 . 2008-06-19 16:09 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-06-18 19:53 . 2008-06-18 19:53 <DIR> d-------- C:\Programme\Trend Micro
2008-06-18 19:44 . 2008-06-18 19:44 <DIR> d-------- C:\Deckard
2008-06-18 17:43 . 2008-06-18 17:43 <DIR> d-------- C:\sec31
2008-06-18 16:59 . 2008-06-18 16:59 <DIR> d-------- C:\Programme\Sophos
2008-06-18 13:50 . 2008-06-18 13:50 <DIR> d-------- C:\Programme\Unlocker
2008-06-18 11:18 . 2008-06-18 11:18 <DIR> d-------- C:\Programme\Lavasoft
2008-06-18 11:18 . 2008-06-18 11:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-06-18 01:57 . 2008-06-18 01:57 <DIR> d-------- C:\!KillBox
2008-06-14 12:12 . 2008-06-14 12:12 <DIR> d-------- C:\1 Virus
2008-06-13 19:57 . 2008-06-13 19:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-13 19:37 . 2008-06-18 15:51 <DIR> d-------- C:\SDFix
2008-06-13 17:11 . 2008-06-18 16:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-06-12 11:46 . 2008-06-12 11:46 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-06-11 20:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-11 20:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-11 20:02 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-11 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-11 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-11 20:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-11 20:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-11 20:02 . 2008-06-11 20:02 5,082 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 19:03 . 2008-06-11 19:03 <DIR> d-------- C:\Programme\Safer Networking
2008-06-11 18:47 . 2008-06-11 18:47 <DIR> d-------- C:\Programme\DScaler5
2008-06-11 16:49 . 2008-06-11 16:49 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 16:41 . 2008-06-14 19:32 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:40 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 11:33 . 2008-06-11 16:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-11 11:33 . 2008-06-11 11:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 02:32 . 2008-06-11 02:32 29 --a------ C:\WINDOWS\system32\ergqopta.tmp
2008-06-11 01:48 . 2008-06-11 18:50 <DIR> d-------- C:\DECCHECK
2008-06-05 15:54 . 2008-06-05 15:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-28 15:41 . 2008-05-28 15:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
2008-05-28 15:37 . 2008-05-28 15:37 <DIR> d-------- C:\WINDOWS\nview
2008-05-28 15:37 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-28 15:37 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-28 15:37 . 2008-06-07 13:35 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-28 15:37 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-28 09:17 . 2008-05-28 09:17 <DIR> d-------- C:\WINDOWS\system32\de
2008-05-28 09:17 . 2008-05-28 09:17 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-28 08:56 . 2008-04-14 04:22 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-28 08:56 . 2008-04-14 04:22 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-28 08:56 . 2008-04-14 04:22 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-28 08:56 . 2008-04-14 04:22 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-05-28 08:56 . 2008-04-14 04:23 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-05-28 08:56 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-27 22:02 . 2008-05-27 22:02 209,715,200 --a------ C:\timeshift.dat_0
2008-05-27 20:10 . 2008-05-27 20:10 <DIR> d-------- C:\Programme\UltraMon
2008-05-27 20:10 . 2008-05-27 20:10 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Realtime Soft
2008-05-27 20:10 . 2008-05-27 20:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Realtime Soft
2008-05-27 20:08 . 2008-06-07 10:07 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 20:02 . 2008-05-27 20:05 <DIR> d-------- C:\WINDOWS\NV47082716.TMP
2008-05-27 20:01 . 2008-05-27 20:01 <DIR> d-------- C:\NVIDIA
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-25 19:12 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-25 19:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-25 19:12 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-25 19:12 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-25 19:12 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-25 19:12 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 3,051 --a------ C:\WINDOWS\system32\dtu_de.qm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 16:19 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-06-23 07:58 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-06-22 22:52 --------- d-----w C:\Programme\DScaler
2008-06-20 11:18 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Azureus
2008-06-20 00:13 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Skype
2008-06-19 23:33 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\skypePM
2008-06-19 15:38 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2008-06-19 15:27 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-06-19 14:12 --------- d-----w C:\Programme\Java
2008-06-18 14:38 --------- d-----w C:\Programme\Symantec
2008-06-18 09:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 17:30 --------- d-----w C:\Programme\iTunes
2008-06-11 17:30 --------- d-----w C:\Programme\iPod
2008-06-11 16:23 --------- d-----w C:\Programme\K-Lite Codec Pack
2008-06-11 16:10 --------- d-----w C:\Programme\DivX
2008-06-11 15:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-06-11 14:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-06-11 14:50 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-06-11 12:11 60,460 ----a-w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\wklnhst.dat
2008-06-11 01:26 --------- d-----w C:\Programme\Bonjour
2008-06-07 19:14 --------- d-----w C:\Programme\Display Call
2008-06-05 17:47 --------- d-----w C:\Programme\ProgDVB
2008-05-28 17:41 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV
2008-05-28 17:00 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-27 14:20 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\ATI
2008-05-27 14:20 --------- d-----w C:\Dokumente und Einstellungen\Ferdi\Anwendungsdaten\ATI
2008-05-25 22:35 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Buhl Data Service GmbH
2008-05-22 10:11 --------- d-----w C:\Programme\Apple Software Update
2008-05-20 23:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
2008-05-20 23:12 --------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-05-20 23:12 --------- d-----w C:\Programme\Buhl
2008-05-20 23:11 --------- d-----w C:\Programme\Letstrade
2008-05-20 23:11 --------- d-----w C:\Programme\DataDesign
2008-05-19 13:32 --------- d-----w C:\Programme\IO-Manager
2008-05-19 13:12 --------- d-----w C:\Programme\Keepsoft
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Ferdi\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Spearit
2008-05-15 12:48 --------- d-----w C:\Programme\Laplink
2008-05-15 12:48 --------- d-----w C:\Programme\Gemeinsame Dateien\Laplink
2008-05-14 23:39 --------- d-----w C:\Programme\Nokia
2008-05-14 23:39 --------- d-----w C:\Programme\Gemeinsame Dateien\Nokia
2008-05-14 23:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
2008-05-14 13:16 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
2008-05-14 13:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-05-14 13:08 --------- d-----w C:\Programme\AviSynth 2.5
2008-05-14 12:38 --------- d-----w C:\Programme\Avi2Dvd
2008-05-14 09:03 --------- d-----w C:\Programme\Hasbro
2008-05-12 22:56 148,104 -c--a-w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-05-12 22:51 --------- d-----w C:\Programme\MSECache
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 09:18 --------- d-----w C:\Programme\TNT Screen Capture
2008-05-06 23:12 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GoodSync
2008-05-06 14:22 --------- d-----w C:\Programme\Siber Systems
2008-05-06 13:47 --------- d-----w C:\Programme\PowerFolder.com
2008-05-05 14:02 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\smc
2008-05-05 13:50 --------- d-----w C:\Programme\GIMP-2.0
2008-05-05 13:50 --------- d-----w C:\Programme\Audacity 1.3 Beta
2008-05-05 13:50 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Audacity
2008-05-05 13:47 --------- d-----w C:\Programme\Foola iPod to PC
2008-05-02 11:27 --------- d-----w C:\Programme\TweakRAM
2008-05-01 20:44 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings
2008-05-01 10:36 --------- d-----w C:\Programme\TrueLaunchBar
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-25 15:48 --------- d-----w C:\Programme\Microsoft Picture It! 9
2008-04-24 08:57 --------- d-----w C:\Programme\YoutubeMusicSoft
2008-04-23 22:26 --------- d-----w C:\Programme\NeroInstall.bak
2008-04-15 11:15 257,808 ----a-w C:\WINDOWS\winfile.exe
2008-04-14 02:23 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 02:23 288,768 ----a-w C:\WINDOWS\winhlp32.exe
2008-03-17 20:11 139,264 ----a-w C:\Programme\ratio_faker_v0.6.2.exe
2008-02-18 21:50 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2007-11-25 16:10 22,328 ----a-w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\PnkBstrK.sys
2006-10-10 15:40 301,881 ----a-w C:\Programme\BootVis.zip
2006-10-10 15:40 1,458,008 ----a-w C:\Programme\ccsetup131.exe
2006-10-10 15:39 2,627,869 ----a-w C:\Programme\powertoysetup2.zip
2006-02-02 11:55 32,768 ----a-w C:\Programme\shutdown.exe
2005-06-30 21:52 268 -c--a-w C:\Dokumente und Einstellungen\Ferdi\Anwendungsdaten\wklnhst.dat
2002-04-24 11:18 788,584 -c--a-w C:\Programme\HtmlgenPowertoySetup.exe
2002-04-24 11:18 624,216 -c--a-w C:\Programme\TimershotPowertoySetup.exe
2002-04-24 11:18 562,912 -c--a-w C:\Programme\DeskmanPowertoySetup.exe
2002-04-24 11:18 560,824 -c--a-w C:\Programme\SlideshowPowertoySetup.exe
2002-04-24 11:18 532,616 -c--a-w C:\Programme\ImageResizerPowertoySetup.exe
2002-04-24 11:18 526,448 -c--a-w C:\Programme\MagnifierPowertoySetup.exe
2002-04-24 11:17 638,544 -c--a-w C:\Programme\PowerCalcPowertoySetup.exe
2002-04-24 11:17 577,088 -c--a-w C:\Programme\TweakUiPowertoySetup.exe
2002-04-24 11:17 545,936 -c--a-w C:\Programme\TaskswitchPowertoySetup.exe
2002-04-24 11:17 525,920 -c--a-w C:\Programme\CmdHerePowertoySetup.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360]
"ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-05 23:03 1622016]
"TweakRAM"="C:\Programme\TweakRAM\TweakRAM.exe" [2008-05-01 18:29 1188352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2003-12-30 00:33 94208 C:\WINDOWS\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"OpwareSE2"="C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"CTSysVol"="C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"CTDVDDET"="C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056]
"SBDrvDet"="C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"itype"="C:\Programme\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Programme\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"CClipboard"="C:\Programme\ComfortClipboard\CClipboard.exe" [2008-04-05 21:04 2365952]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-05-14 15:14 185896]
"UltraMon"="C:\Programme\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"QuickTime Task"="C:\Programme\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"UnlockerAssistant"="C:\Programme\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Update Host"="hoster.exe" []
"Microsoft Windows Registry Service"="wregistry.exe" []
"MSPluginSrvc"="p3.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:22 15360]
"Windows Update Host"="hoster.exe" []
"MSPluginSrvc"="p3.exe" []
"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe" [2006-11-10 00:46 190072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hcn05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lws88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qhb00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sub43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vkk04.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HotSync Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdStatus Service]
C:\Program Files\AdStatus Service\AdStatServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hfxp]
C:\Programme\Spybot - Search & Destroy\HF\hfxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 1828136 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a--c--- 2002-12-10 18:32 155648 C:\Programme\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a--c--- 2002-12-10 18:31 61440 C:\Programme\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Registry Service]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2003-06-17 17:14 50688 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:22 1695232 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPluginSrvc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Programme\Home Cinema\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Programme\Plaxo\2.11.1.5\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility]
--------- 2004-01-14 17:09 215552 C:\WINDOWS\system32\PRISMSTA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr]
C:\Programme\Multimedia\T-DSL Support-Center\SpeedMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-14 15:14 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tuloxFreeWBE]
C:\Programme\Wörterbücher\tuloxFreeWBE\FreeDict.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
C:\WINDOWS\System32\Lsumdp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
c:\Program Files\Washer\washer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
C:\WINDOWS\system32\defragfatz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows media service]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CA_LIC_SRVR"=3 (0x3)
"CA_LIC_CLNT"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"x10nets"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Internet Explorer\\iexplore.exe"=
"C:\\spiele\\Die Stunde Null\\game.dat"=
"C:\\spiele\\Die Stunde Null\\patchget.dat"=
"C:\\Programme\\Multimedia\\WMR Recorder\\WM Recorder\\WMR90.exe"=
"C:\\Programme\\Windows Media Player\\wmplayer.exe"=
"C:\\Programme\\BearShare\\BearShare.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Multimedia\\Bit Torrent\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"D:\\Spiele\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Spiele\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Programme\\Nero\\Nero8\\Nero Burning Rom\\nero.exe"=
"C:\\Programme\\Java\\jre1.6.0_05\\launch4j-tmp\\PowerFolder.exe"=
"C:\\Programme\\Laplink\\PCmover\\PCmover.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2002-12-17 19:36]
R1 HFSYS;HFSYS;C:\WINDOWS\System32\drivers\HFSYS.SYS [2004-01-12 00:34]
R1 uiwbrdr;uiwbrdr;C:\WINDOWS\system32\DRIVERS\uiwbrdr.sys [2008-04-08 13:01]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 11:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-06-23 18:19]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 11:47]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 18:41]
R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 13:07]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2002-12-09 19:21]
S0 Hcn05;Hcn05;C:\WINDOWS\system32\Drivers\Hcn05.sys []
S0 Lws88;Lws88;C:\WINDOWS\system32\Drivers\Lws88.sys []
S0 sub43;sub43;C:\WINDOWS\system32\Drivers\suB43.sys []
S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys []
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\2B.tmp []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys []
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 10:31]
S3 TSMPacket;T-DSL SpeedManager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys []
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);C:\WINDOWS\system32\DRIVERS\TTCinergyT2BDA.sys [2007-07-12 22:38]
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 18:13]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 10:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRunCD.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-06-20 09:40:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
"2007-08-16 11:33:59 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Programme\Microsoft IntelliPoint\ipoint.exe
"2007-08-16 11:31:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Programme\Microsoft IntelliType Pro\itype.exe
"2008-06-23 16:22:23 C:\WINDOWS\Tasks\User_Feed_Synchronization-{09BF10C6-08B2-4707-A072-5EE3442227F0}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 18:20:32
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\2B.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Display Call\DisplayCall.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ComfortClipboard\CClipboardCm.exe
C:\Programme\Microsoft Works\WkDStore.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-23 18:32:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 16:32:16

29 Verzeichnis(se), 7,863,672,832 Bytes frei
33 Verzeichnis(se), 8,322,080,768 Bytes frei

446 --- E O F --- 2008-06-20 15:07:47

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 PM

Posted 23 June 2008 - 12:15 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\Program Files\AdStatus Service

File::
C:\WINDOWS\system32\ergqopta.tmp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows media service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update Host]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdStatus Service]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Update Host"=-
"MSPluginSrvc"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Update Host"=-
"Microsoft Windows Registry Service"=-
"MSPluginSrvc"=-
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


Let me know how everything is working and any problems that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 PhilSey

PhilSey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 23 June 2008 - 01:46 PM

did it. As far as I can see there are no more problems on my machine.
What do you think? Here is the Log:







ComboFix 08-06-20.4 - Philipp Seybold 2008-06-23 19:24:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.1517 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Philipp Seybold\Desktop\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ergqopta.tmp
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ergqopta.tmp

.
((((((((((((((((((((((( Dateien erstellt von 2008-05-23 bis 2008-06-23 ))))))))))))))))))))))))))))))
.

2008-06-19 17:43 . 2008-06-19 17:56 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-19 17:43 . 2008-06-19 17:56 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-19 17:41 . 2008-06-19 17:41 <DIR> d-------- C:\Programme\Kaspersky Lab
2008-06-19 17:41 . 2008-06-23 18:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2008-06-19 17:41 . 2008-06-23 19:54 4,838,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-19 17:41 . 2008-06-23 19:54 778,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-19 17:41 . 2008-06-23 19:54 39,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-19 17:41 . 2008-06-23 19:54 3,740 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-19 17:39 . 2008-06-19 17:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2008-06-19 16:58 . 2008-06-19 16:58 457 --a------ C:\WINDOWS\Verknpfung mit system32.lnk
2008-06-19 16:23 . 2008-06-19 16:23 <DIR> d-------- C:\_OTMoveIt
2008-06-19 16:12 . 2008-06-19 16:12 <DIR> d-------- C:\Programme\Sun
2008-06-19 16:12 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-19 16:09 . 2008-06-19 16:09 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-06-18 19:53 . 2008-06-18 19:53 <DIR> d-------- C:\Programme\Trend Micro
2008-06-18 19:44 . 2008-06-18 19:44 <DIR> d-------- C:\Deckard
2008-06-18 17:43 . 2008-06-18 17:43 <DIR> d-------- C:\sec31
2008-06-18 16:59 . 2008-06-18 16:59 <DIR> d-------- C:\Programme\Sophos
2008-06-18 13:50 . 2008-06-18 13:50 <DIR> d-------- C:\Programme\Unlocker
2008-06-18 11:18 . 2008-06-18 11:18 <DIR> d-------- C:\Programme\Lavasoft
2008-06-18 11:18 . 2008-06-18 11:19 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-06-18 01:57 . 2008-06-18 01:57 <DIR> d-------- C:\!KillBox
2008-06-14 12:12 . 2008-06-14 12:12 <DIR> d-------- C:\1 Virus
2008-06-13 19:57 . 2008-06-13 19:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-13 19:37 . 2008-06-18 15:51 <DIR> d-------- C:\SDFix
2008-06-13 17:11 . 2008-06-18 16:38 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-06-12 11:46 . 2008-06-12 11:46 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-06-11 20:02 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-11 20:02 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-11 20:02 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-11 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-11 20:02 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-11 20:02 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-11 20:02 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-11 20:02 . 2008-06-11 20:02 5,082 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-11 19:03 . 2008-06-11 19:03 <DIR> d-------- C:\Programme\Safer Networking
2008-06-11 18:47 . 2008-06-11 18:47 <DIR> d-------- C:\Programme\DScaler5
2008-06-11 16:49 . 2008-06-11 16:49 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 16:41 . 2008-06-14 19:32 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:40 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 11:33 . 2008-06-11 16:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-11 11:33 . 2008-06-11 11:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-11 01:48 . 2008-06-11 18:50 <DIR> d-------- C:\DECCHECK
2008-06-05 15:54 . 2008-06-05 15:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-28 15:41 . 2008-05-28 15:41 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
2008-05-28 15:37 . 2008-05-28 15:37 <DIR> d-------- C:\WINDOWS\nview
2008-05-28 15:37 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-28 15:37 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-28 15:37 . 2008-06-07 13:35 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-28 15:37 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-28 09:17 . 2008-05-28 09:17 <DIR> d-------- C:\WINDOWS\system32\de
2008-05-28 09:17 . 2008-05-28 09:17 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-28 08:56 . 2008-04-14 04:22 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-28 08:56 . 2008-04-14 04:22 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-28 08:56 . 2008-04-14 04:22 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-28 08:56 . 2008-04-14 04:22 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-05-28 08:56 . 2008-04-14 04:23 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-05-28 08:56 . 2008-04-13 20:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-27 22:02 . 2008-05-27 22:02 209,715,200 --a------ C:\timeshift.dat_0
2008-05-27 20:10 . 2008-05-27 20:10 <DIR> d-------- C:\Programme\UltraMon
2008-05-27 20:10 . 2008-05-27 20:10 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Realtime Soft
2008-05-27 20:10 . 2008-05-27 20:10 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Realtime Soft
2008-05-27 20:08 . 2008-06-07 10:07 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-27 20:02 . 2008-05-27 20:05 <DIR> d-------- C:\WINDOWS\NV47082716.TMP
2008-05-27 20:01 . 2008-05-27 20:01 <DIR> d-------- C:\NVIDIA
2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-05-25 19:12 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-05-25 19:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-25 19:12 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-25 19:12 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-25 19:12 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-05-25 19:12 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-23 00:19 . 2008-05-23 00:19 3,051 --a------ C:\WINDOWS\system32\dtu_de.qm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 18:04 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-06-23 17:18 --------- d-----w C:\Programme\DScaler
2008-06-23 16:58 --------- d-----w C:\Programme\Mozilla Thunderbird
2008-06-23 16:37 60,354 ----a-w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\wklnhst.dat
2008-06-20 11:18 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Azureus
2008-06-20 00:13 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Skype
2008-06-19 23:33 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\skypePM
2008-06-19 15:38 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2008-06-19 15:27 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-06-19 14:12 --------- d-----w C:\Programme\Java
2008-06-18 14:38 --------- d-----w C:\Programme\Symantec
2008-06-18 09:17 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 17:30 --------- d-----w C:\Programme\iTunes
2008-06-11 17:30 --------- d-----w C:\Programme\iPod
2008-06-11 16:23 --------- d-----w C:\Programme\K-Lite Codec Pack
2008-06-11 16:10 --------- d-----w C:\Programme\DivX
2008-06-11 15:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-06-11 14:51 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-06-11 14:50 --------- d-----w C:\Programme\Spybot - Search & Destroy
2008-06-11 01:26 --------- d-----w C:\Programme\Bonjour
2008-06-07 19:14 --------- d-----w C:\Programme\Display Call
2008-06-05 17:47 --------- d-----w C:\Programme\ProgDVB
2008-05-28 17:41 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV
2008-05-28 17:00 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-05-27 14:20 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\ATI
2008-05-27 14:20 --------- d-----w C:\Dokumente und Einstellungen\Ferdi\Anwendungsdaten\ATI
2008-05-25 22:35 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Buhl Data Service GmbH
2008-05-22 10:11 --------- d-----w C:\Programme\Apple Software Update
2008-05-20 23:14 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
2008-05-20 23:12 --------- d-----w C:\Programme\Gemeinsame Dateien\Buhl Data Service
2008-05-20 23:12 --------- d-----w C:\Programme\Buhl
2008-05-20 23:11 --------- d-----w C:\Programme\Letstrade
2008-05-20 23:11 --------- d-----w C:\Programme\DataDesign
2008-05-19 13:32 --------- d-----w C:\Programme\IO-Manager
2008-05-19 13:12 --------- d-----w C:\Programme\Keepsoft
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Ferdi\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spearit
2008-05-15 12:49 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Spearit
2008-05-15 12:48 --------- d-----w C:\Programme\Laplink
2008-05-15 12:48 --------- d-----w C:\Programme\Gemeinsame Dateien\Laplink
2008-05-14 23:39 --------- d-----w C:\Programme\Nokia
2008-05-14 23:39 --------- d-----w C:\Programme\Gemeinsame Dateien\Nokia
2008-05-14 23:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
2008-05-14 13:16 --------- d-----w C:\Programme\Gemeinsame Dateien\xing shared
2008-05-14 13:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Real
2008-05-14 13:08 --------- d-----w C:\Programme\AviSynth 2.5
2008-05-14 12:38 --------- d-----w C:\Programme\Avi2Dvd
2008-05-14 09:03 --------- d-----w C:\Programme\Hasbro
2008-05-12 22:56 148,104 -c--a-w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2008-05-12 22:51 --------- d-----w C:\Programme\MSECache
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 09:18 --------- d-----w C:\Programme\TNT Screen Capture
2008-05-06 23:12 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\GoodSync
2008-05-06 14:22 --------- d-----w C:\Programme\Siber Systems
2008-05-06 13:47 --------- d-----w C:\Programme\PowerFolder.com
2008-05-05 14:02 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\smc
2008-05-05 13:50 --------- d-----w C:\Programme\GIMP-2.0
2008-05-05 13:50 --------- d-----w C:\Programme\Audacity 1.3 Beta
2008-05-05 13:50 --------- d-----w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\Audacity
2008-05-05 13:47 --------- d-----w C:\Programme\Foola iPod to PC
2008-05-02 11:27 --------- d-----w C:\Programme\TweakRAM
2008-05-01 20:44 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings
2008-05-01 10:36 --------- d-----w C:\Programme\TrueLaunchBar
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-25 15:48 --------- d-----w C:\Programme\Microsoft Picture It! 9
2008-04-24 08:57 --------- d-----w C:\Programme\YoutubeMusicSoft
2008-04-23 22:26 --------- d-----w C:\Programme\NeroInstall.bak
2008-04-15 11:15 257,808 ----a-w C:\WINDOWS\winfile.exe
2008-04-14 02:23 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 02:23 288,768 ----a-w C:\WINDOWS\winhlp32.exe
2008-03-17 20:11 139,264 ----a-w C:\Programme\ratio_faker_v0.6.2.exe
2008-02-18 21:50 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2007-11-25 16:10 22,328 ----a-w C:\Dokumente und Einstellungen\Philipp Seybold\Anwendungsdaten\PnkBstrK.sys
2006-10-10 15:40 301,881 ----a-w C:\Programme\BootVis.zip
2006-10-10 15:40 1,458,008 ----a-w C:\Programme\ccsetup131.exe
2006-10-10 15:39 2,627,869 ----a-w C:\Programme\powertoysetup2.zip
2006-02-02 11:55 32,768 ----a-w C:\Programme\shutdown.exe
2005-06-30 21:52 268 -c--a-w C:\Dokumente und Einstellungen\Ferdi\Anwendungsdaten\wklnhst.dat
2002-04-24 11:18 788,584 -c--a-w C:\Programme\HtmlgenPowertoySetup.exe
2002-04-24 11:18 624,216 -c--a-w C:\Programme\TimershotPowertoySetup.exe
2002-04-24 11:18 562,912 -c--a-w C:\Programme\DeskmanPowertoySetup.exe
2002-04-24 11:18 560,824 -c--a-w C:\Programme\SlideshowPowertoySetup.exe
2002-04-24 11:18 532,616 -c--a-w C:\Programme\ImageResizerPowertoySetup.exe
2002-04-24 11:18 526,448 -c--a-w C:\Programme\MagnifierPowertoySetup.exe
2002-04-24 11:17 638,544 -c--a-w C:\Programme\PowerCalcPowertoySetup.exe
2002-04-24 11:17 577,088 -c--a-w C:\Programme\TweakUiPowertoySetup.exe
2002-04-24 11:17 545,936 -c--a-w C:\Programme\TaskswitchPowertoySetup.exe
2002-04-24 11:17 525,920 -c--a-w C:\Programme\CmdHerePowertoySetup.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-23_18.31.41.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 16:18:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 17:56:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-23 16:18:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-23 17:56:25 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-23 16:18:41 425,984 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 17:56:25 425,984 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-23 16:18:41 147,456 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2008-06-23 17:56:25 147,456 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:22 15360]
"ATI Remote Control"="C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-05 23:03 1622016]
"TweakRAM"="C:\Programme\TweakRAM\TweakRAM.exe" [2008-05-01 18:29 1188352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2003-12-30 00:33 94208 C:\WINDOWS\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"OpwareSE2"="C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"CTSysVol"="C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"CTDVDDET"="C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056]
"SBDrvDet"="C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"itype"="C:\Programme\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Programme\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"CClipboard"="C:\Programme\ComfortClipboard\CClipboard.exe" [2008-04-05 21:04 2365952]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-05-14 15:14 185896]
"UltraMon"="C:\Programme\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"QuickTime Task"="C:\Programme\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"UnlockerAssistant"="C:\Programme\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:22 15360]
"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe" [2006-11-10 00:46 190072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.dvacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\GEMEIN~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hcn05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lws88.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qhb00.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sub43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vkk04.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HotSync Manager.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hfxp]
C:\Programme\Spybot - Search & Destroy\HF\hfxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 1828136 C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-06-02 11:13 267048 C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a--c--- 2002-12-10 18:32 155648 C:\Programme\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a--c--- 2002-12-10 18:31 61440 C:\Programme\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 17:54 127022 C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Registry Service]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2003-06-17 17:14 50688 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:22 1695232 C:\Programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPluginSrvc]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Programme\Home Cinema\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Programme\Plaxo\2.11.1.5\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility]
--------- 2004-01-14 17:09 215552 C:\WINDOWS\system32\PRISMSTA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr]
C:\Programme\Multimedia\T-DSL Support-Center\SpeedMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-14 15:14 185896 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tuloxFreeWBE]
C:\Programme\Wörterbücher\tuloxFreeWBE\FreeDict.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\version]
C:\WINDOWS\System32\Lsumdp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Washer]
c:\Program Files\Washer\washer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CA_LIC_SRVR"=3 (0x3)
"CA_LIC_CLNT"=3 (0x3)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"x10nets"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Internet Explorer\\iexplore.exe"=
"C:\\spiele\\Die Stunde Null\\game.dat"=
"C:\\spiele\\Die Stunde Null\\patchget.dat"=
"C:\\Programme\\Multimedia\\WMR Recorder\\WM Recorder\\WMR90.exe"=
"C:\\Programme\\Windows Media Player\\wmplayer.exe"=
"C:\\Programme\\BearShare\\BearShare.exe"=
"C:\\Programme\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Multimedia\\Bit Torrent\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"D:\\Spiele\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Spiele\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Programme\\Nero\\Nero8\\Nero Burning Rom\\nero.exe"=
"C:\\Programme\\Java\\jre1.6.0_05\\launch4j-tmp\\PowerFolder.exe"=
"C:\\Programme\\Laplink\\PCmover\\PCmover.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2002-12-17 19:36]
R1 HFSYS;HFSYS;C:\WINDOWS\System32\drivers\HFSYS.SYS [2004-01-12 00:34]
R1 uiwbrdr;uiwbrdr;C:\WINDOWS\system32\DRIVERS\uiwbrdr.sys [2008-04-08 13:01]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 11:04]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-06-23 20:04]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 11:47]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]
R3 uscsc108;uscsc108;C:\WINDOWS\system32\DRIVERS\uscsc108.sys [2003-03-09 18:41]
R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 13:07]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2002-12-09 19:21]
S0 Hcn05;Hcn05;C:\WINDOWS\system32\Drivers\Hcn05.sys []
S0 Lws88;Lws88;C:\WINDOWS\system32\Drivers\Lws88.sys []
S0 sub43;sub43;C:\WINDOWS\system32\Drivers\suB43.sys []
S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys []
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\2B.tmp []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys []
S3 PRISM_A00;PRISM 802.11g Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-01-16 10:31]
S3 TSMPacket;T-DSL SpeedManager Service;C:\WINDOWS\system32\DRIVERS\tsmpkt.sys []
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);C:\WINDOWS\system32\DRIVERS\TTCinergyT2BDA.sys [2007-07-12 22:38]
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 18:13]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 10:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\AutoRunCD.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-06-20 09:40:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
"2007-08-16 11:33:59 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
- C:\Programme\Microsoft IntelliPoint\ipoint.exe
"2007-08-16 11:31:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Programme\Microsoft IntelliType Pro\itype.exe
"2008-06-23 18:09:04 C:\WINDOWS\Tasks\User_Feed_Synchronization-{09BF10C6-08B2-4707-A072-5EE3442227F0}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 20:04:04
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\2B.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe
C:\Programme\ComfortClipboard\CClipboardCm.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\OnlineControl\ocontrol.exe
C:\Programme\Display Call\DisplayCall.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-06-23 20:16:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 18:16:39
ComboFix2.txt 2008-06-23 16:32:21

29 Verzeichnis(se), 8,281,186,304 Bytes frei
32 Verzeichnis(se), 8,260,583,424 Bytes frei

442 --- E O F --- 2008-06-20 15:07:47

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 PM

Posted 23 June 2008 - 03:56 PM

Looks good! :)

Just a few last things and you should be good to go! :thumbup2:


First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :spacer:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 PhilSey

PhilSey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 24 June 2008 - 03:52 AM

Hey Sam, thank you very much for your great help, you are fantastic!!
I will donate a little something right away.
All the best,
Phil

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 PM

Posted 24 June 2008 - 06:45 AM

Glad I was able to help out! :thumbsup:
And thank you for the donation!
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:59 PM

Posted 04 July 2008 - 01:36 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users