Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:57, on 19.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Parallels\Parallels Tools\Services\coherence.exe
C:\Programme\Parallels\Parallels Tools\Services\prl_tools_service.exe
C:\Programme\Parallels\Parallels Tools\Services\prl_tools.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Parallels\Parallels Tools\SIA\SharedIntApp.exe
C:\Programme\Parallels\Parallels Tools\prl_cc.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\System32\reader_s.exe
C:\Dokumente und Einstellungen\+++++\reader_s.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Dokumente und Einstellungen\+++++\reader_s.exe
\.psf\Home\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ++++'s Internet-Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe
O2 - BHO: C:\WINDOWS\system32\ghaf8jkdfd.dll - {a36d2a01-00f3-42bd-f434-00bbc39c8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Parallels Shared Internet Applications] "C:\Programme\Parallels\Parallels Tools\SIA\SharedIntApp.exe" /start
O4 - HKLM\..\Run: [Parallels Tools Center] "C:\Programme\Parallels\Parallels Tools\prl_cc.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [reader_s] C:\Dokumente und Einstellungen\++++\reader_s.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {C61A2E0E-6D7E-4555-ACA0-50DB2CD83D4B} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124287896734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215445320968
O16 - DPF: {C53D21AB-F298-41B8-818F-A975152064F8} (FTPUploader Control (Printeria Generic)) - http://tools.printeria.de/ftpuploader_printeriagen.cab
O16 - DPF: {FDC847F8-DA70-4442-8072-FF883F34D14A} - http://82.98.79.104/toolbar/normal/download/DasOertlicheToolbar.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1712D4FC-7E29-4A30-A1DF-147BBDA1D638}: NameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{44813C5F-ADEF-4AE2-AB89-2516787902F2}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8AAC9EC-B8C2-493E-AF4B-7F57FA489B38}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: ,C:\DOKUME~1\+++++\LOKALE~1\Temp\326738751713mmx.dll
O22 - SharedTaskScheduler: kjhsf87fhjdsfn93rjkndfdf - {A36D2A01-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\ghaf8jkdfd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Programme\Canon\DIAS\CnxDIAS.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Parallels Coherence Service - Parallels, Inc. - C:\Programme\Parallels\Parallels Tools\Services\coherence.exe
O23 - Service: Parallels Tools Service - Parallels, Inc. - C:\Programme\Parallels\Parallels Tools\Services\prl_tools_service.exe
O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8425 bytes

Hallo und

Der Dateiname deutet auf Virut hin, es muss aber nicht zwingend Virut sein.

1.) Starte HJT => Do a system scan only => Markiere:

Zitat:

Alle R0, R1, R3, F2, O2, O3, O6, O8, O9, O16, O20 und O22-Einträge
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [reader_s] C:\Dokumente und Einstellungen\++++\reader_s.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\

=> Fix checked => Neustart

2.) Klicke auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die komplette Liste unter Punkt 2 ab.

ciao, andreas

Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2421
Windows 5.1.2600 Service Pack 3

19.07.2009 20:00:35
mbam-log-2009-07-19 (20-00-35).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 191581
Laufzeit: 34 minute(s), 35 second(s)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 24
Infizierte Registrierungswerte: 15
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 4
Infizierte Dateien: 39

Infizierte Speicherprozesse:
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\smss.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e524163-8d00-46f3-b239-1f42d48c8ed0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a36d2a01-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\smss.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\drivers\smss.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programme\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programme\MySearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\ghaf8jkdfd.dll (Trojan.Zlob.H) -> Delete on reboot.
c:\WINDOWS\system32\msncache.dll (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\sopidkc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\rjqaorcp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dbckb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-5808581363-8760583270-070619086-2088\wnzip32.exe (Trojan.Dropper) -> Delete on reboot.
c:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\reader_s .exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\reader_s.exe546 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\smss.exe_ (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BNB.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv301247840502.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\****\reader_s .exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\****\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\****\reader_s.exe111 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\****\reader_s.exe144 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\****\reader_s.exe159 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\****\reader_s.exe179 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\****\reader_s.exe414 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\programme\IKS.DLL (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Anwendungsdaten\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\****\Anwendungsdaten\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.06 (written by random/random)
Run by **** at 2009-07-19 20:10:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 55 GB (72%) free of 76 GB
Total RAM: 511 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:00, on 19.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Canon\DIAS\CnxDIAS.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programme\Parallels\Parallels Tools\Services\coherence.exe
C:\Programme\Parallels\Parallels Tools\Services\prl_tools_service.exe
C:\Programme\Parallels\Parallels Tools\Services\prl_tools.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\Parallels\Parallels Tools\SIA\SharedIntApp.exe
C:\Programme\Parallels\Parallels Tools\prl_cc.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programme\Registry Mechanic\RegMech.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Norman\Nvc\bin\cclaw.exe
\.psf\Home\Desktop\RSIT.exe
\.psf\Home\Desktop\xxxxxx.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {a36d2a01-00f3-42bd-f434-00bbc39c8953} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Parallels Shared Internet Applications] "C:\Programme\Parallels\Parallels Tools\SIA\SharedIntApp.exe" /start
O4 - HKLM\..\Run: [Parallels Tools Center] "C:\Programme\Parallels\Parallels Tools\prl_cc.exe"
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKCU\..\Run: [RegistryMechanic] C:\Programme\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1712D4FC-7E29-4A30-A1DF-147BBDA1D638}: NameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{44813C5F-ADEF-4AE2-AB89-2516787902F2}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8AAC9EC-B8C2-493E-AF4B-7F57FA489B38}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Programme\Canon\DIAS\CnxDIAS.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Parallels Coherence Service - Parallels, Inc. - C:\Programme\Parallels\Parallels Tools\Services\coherence.exe
O23 - Service: Parallels Tools Service - Parallels, Inc. - C:\Programme\Parallels\Parallels Tools\Services\prl_tools_service.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 4652 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\{C61CE0EC-2C1B-4DDB-B7AF-05F4D6718A7D}_*****-NOTEBOOK_*****.job
C:\WINDOWS\tasks\{D7FC9871-35F2-4B82-AD7D-8A21B01F030A}_****-NOTEBOOK_*****.job
C:\WINDOWS\tasks\{FC849D3C-7AD9-4AAB-B7EB-267D27C515C1}_*****-NOTEBOOK_*****.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a36d2a01-00f3-42bd-f434-00bbc39c8953}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Programme\Apoint2K\Apoint.exe [2009-07-19 25600]
"Parallels Shared Internet Applications"=C:\Programme\Parallels\Parallels Tools\SIA\SharedIntApp.exe [2009-05-08 129864]
"Parallels Tools Center"=C:\Programme\Parallels\Parallels Tools\prl_cc.exe [2009-05-08 198984]
"Norman ZANDA"=C:\Norman\Npm\bin\ZLH.EXE [2008-06-02 273520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=C:\Programme\Registry Mechanic\RegMech.exe [2009-06-30 2836376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-07-20 122939]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2004-09-02 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-03-15 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2004-08-17 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3
"CFSvcs"=2
"CeEPwrSvc"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=00000000
"NoSimpleNetIDList"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Bockwurst.Files\Smart FTP\SmartFTP.exe"="C:\Programme\Bockwurst.Files\Smart FTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Programme\Microsoft ActiveSync\WCESMGR.EXE"="C:\Programme\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\Programme\Adobe\GoLive 6.0_DEU\GoLive.exe"="C:\Programme\Adobe\GoLive 6.0_DEU\GoLive.exe:*:Enabled:Adobe GoLive-Anwendung"
"C:\Programme\wincmd\WINCMD32.EXE"="C:\Programme\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"C:\Programme\FileMaker\FileMaker Pro 7\FileMaker Pro.exe"="C:\Programme\FileMaker\FileMaker Pro 7\FileMaker Pro.exe:*:Enabled:FileMaker Pro"
"C:\Programme\Real\RealPlayer\realplay.exe"="C:\Programme\Real\RealPlayer\realplay.exe:*isabled:RealPlayer"
"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*isabled:Internet Explorer"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Ipswitch\WS_FTP Pro\wsftpgui.exe"="C:\Programme\Ipswitch\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
"C:\Programme\Canon\DIAS\CnxDIAS.exe"="C:\Programme\Canon\DIAS\CnxDIAS.exe:*isabled:Canon Driver Information Assist Service"
"C:\Programme\Canon\Color Network ScanGear\1.5\SgTool.exe"="C:\Programme\Canon\Color Network ScanGear\1.5\SgTool.exe:*:Enabled:SGTOOL"
"C:\Programme\Tobit InfoCenter\PocketSync\PocketSync.exe"="C:\Programme\Tobit InfoCenter\PocketSync\PocketSync.exe:*:Enabled:InfoCenter Pocket Sync"
"C:\Programme\Yahoo!\Messenger\YServer.exe"="C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\start.exe"="C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\start.exe:*:Enabled:Startprogramm Fotobuch Design-Center"
"C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\Fbc.exe"="C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\Fbc.exe:*:Enabled:Fotobuch Design-Center"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen"
"C:\Programme\Red Chair Software\Anapod Explorer\anamgr.exe"="C:\Programme\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer"
"C:\GTS\Update.exe"="C:\GTS\Update.exe:*:Enabled:Update"
"C:\GTS\GTS.exe"="C:\GTS\GTS.exe:*:Enabled:GTS"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\qbw32.exe"="C:\Programme\qbw32.exe:*:Enabled:QuickBooks PLUS 2005"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\ESTOS\ProCall\pcapp.exe"="C:\Programme\ESTOS\ProCall\pcapp.exe:*:Enabledcapp"
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe"="C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc. Player"
"C:\Programme\E.W.E.-Software\Befree4iPhone\befree4iphone.exe"="C:\Programme\E.W.E.-Software\Befree4iPhone\befree4iphone.exe:*isabled:befree4iphone"
"C:\Programme\Winfonie mobile 2\WinfonieMobile2.exe"="C:\Programme\Winfonie mobile 2\WinfonieMobile2.exe:*:Enabled:WinfonieMobile2"
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe"="C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*esigner.exe"
"C:\Programme\Parallels\Parallels Transporter\Parallels Transporter Agent\ParallelsTransporterAgent.exe"="C:\Programme\Parallels\Parallels Transporter\Parallels Transporter Agent\ParallelsTransporterAgent.exe:*:Enabled:ParallelsTransporterAgent"
"C:\Programme\Parallels\Parallels Transporter\Parallels Transporter\ParallelsTransporter.exe"="C:\Programme\Parallels\Parallels Transporter\Parallels Transporter\ParallelsTransporter.exe:*:Enabled:ParallelsTransporter"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##.psf#LernenSieCS4]
shell\AutoRun\command - P:\LernenSieCS4.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup.exe --silent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-07-19 20:10:33 ----D---- C:\rsit
2009-07-19 14:08:40 ----D---- C:\Programme\CCleaner
2009-07-19 13:58:42 ----D---- C:\Dokumente und Einstellungen\******\Anwendungsdaten\Malwarebytes
2009-07-19 13:58:35 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-07-19 13:58:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-19 13:52:41 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-07-19 13:52:36 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-07-19 13:52:35 ----D---- C:\Programme\Registry Mechanic
2009-07-18 15:08:06 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-17 17:11:46 ----A---- C:\aqwiry.exe
2009-07-17 17:11:40 ----A---- C:\errigh.exe
2009-07-17 17:10:22 ----A---- C:\WINDOWS\system32\mobsyn.exe
2009-07-17 17:08:16 ----A---- C:\WINDOWS\system32\reader_s.exe166
2009-07-17 17:08:13 ----A---- C:\scqrp.exe
2009-07-15 15:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 15:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 15:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-06-22 17:44:14 ----D---- C:\Programme\Europa-Arbeitszeugnis 2002
2009-06-21 14:51:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-21 13:37:55 ----D---- C:\Programme\Bonjour
2009-06-21 13:37:04 ----D---- C:\Programme\QuickTime

======List of files/folders modified in the last 1 months======

2009-07-19 20:10:20 ----D---- C:\WINDOWS\Prefetch
2009-07-19 20:03:13 ----D---- C:\WINDOWS\Temp
2009-07-19 20:03:12 ----D---- C:\WINDOWS
2009-07-19 20:03:11 ----D---- C:\Norman
2009-07-19 20:02:53 ----D---- C:\WINDOWS\system32\drivers
2009-07-19 20:02:53 ----D---- C:\WINDOWS\system32
2009-07-19 20:02:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 20:00:35 ----D---- C:\Programme
2009-07-19 20:00:34 ----SD---- C:\WINDOWS\Tasks
2009-07-19 20:00:34 ----RSD---- C:\WINDOWS\Fonts
2009-07-19 14:10:56 ----D---- C:\WINDOWS\Debug
2009-07-19 14:10:55 ----D---- C:\WINDOWS\Minidump
2009-07-19 13:53:33 ----SHD---- C:\WINDOWS\Installer
2009-07-19 13:53:32 ----SHD---- C:\Config.Msi
2009-07-19 13:34:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-19 13:34:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-19 13:34:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-19 12:43:16 ----D---- C:\Programme\Apoint2K
2009-07-19 12:34:44 ----D---- C:\WINDOWS\system32\Restore
2009-07-19 12:25:59 ----D---- C:\Programme\TuneUp Utilities
2009-07-19 11:56:54 ----SHD---- C:\System Volume Information
2009-07-18 15:14:10 ----D---- C:\Programme\Online-Dienste
2009-07-18 15:13:00 ----HD---- C:\WINDOWS\inf
2009-07-18 15:07:01 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2009-07-18 12:38:35 ----D---- C:\Programme\Norton Security Scan
2009-07-17 18:17:56 ----SHD---- C:\RECYCLER
2009-07-17 08:09:28 ----A---- C:\WINDOWS\Tobit.ini
2009-07-16 14:14:48 ----D---- C:\Programme\Steganos 3
2009-07-15 15:15:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-14 15:43:16 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\AdobeUM
2009-07-13 11:55:08 ----A---- C:\WINDOWS\win.ini
2009-07-13 10:32:18 ----A---- C:\WINDOWS\DTABEG~1.INI
2009-07-13 09:55:26 ----D---- C:\Programme\Tobit InfoCenter
2009-07-08 13:19:43 ----D---- C:\WINDOWS\network diagnostic
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-21 15:06:27 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-06-21 15:06:23 ----D---- C:\Programme\iPod
2009-06-21 14:52:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-21 14:52:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-21 13:36:11 ----D---- C:\Programme\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-08-17 90480]
R1 NGS;Norman General Security Driver; \??\c:\norman\nvc\bin\ngs.sys []
R1 prl_boot;prl_boot; C:\WINDOWS\System32\Drivers\prl_boot.sys [2009-05-08 32456]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400]
R1 SrvcEPECioctl;SrvcEPECioctl; C:\WINDOWS\System32\Drivers\ECioctl.sys [2004-08-16 5376]
R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2004-07-30 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]
R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2004-07-30 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R2 Ndiskio;Ndiskio; \??\C:\Norman\Nse\bin\NDISKIO.SYS []
R2 prl_fs;Parallels Shared Folders; C:\WINDOWS\system32\DRIVERS\prl_fs.sys [2009-05-08 148168]
R2 prl_time;Parallels Time Synchronization Helper; \??\C:\WINDOWS\system32\drivers\prl_time.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-07-20 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-07-20 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-07-20 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-07-20 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-07-20 86138]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-07-20 14587]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-07-20 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-07-20 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-07-20 100603]
R3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-09-01 13106]
R3 NvcMFlt;NvcMFlt; C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 prl_eth5;Parallels Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\prl_eth5.sys [2009-05-08 17864]
R3 prl_mouf;Parallels Mouse Synchronization Device; C:\WINDOWS\system32\DRIVERS\prl_mouf.sys [2009-05-08 15432]
R3 prl_tg;Parallels Tool Device; C:\WINDOWS\system32\DRIVERS\prl_tg.sys [2009-05-08 22728]
R3 prl_va;Parallels Video Adapter; C:\WINDOWS\system32\DRIVERS\prl_vamp.sys [2009-05-08 19784]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-06-10 746496]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 cvspydr2;ColorVision Spyder 2; C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 33024]
S3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-01-12 17497]
S3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2004-06-25 58240]
S3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2004-08-19 4224]
S3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2004-07-12 36480]
S3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2004-07-12 330624]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LHidKE;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-09-01 24766]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-09-02 71758]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-08-13 65280]
S3 rtl8029;NT-Treiber für Realtek RTL8029(AS)-basierter PCI-Ethernetadapter; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 scsiscan;SCSI-Scannertreiber; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2008-04-13 11520]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2007-11-20 49792]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbewt;usbewt; \??\C:\WINDOWS\system32\usbewt.sys []
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter-Treiber; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-04-26 104576]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 I80vde2sdtrs;I80vde2sdtrs; C:\WINDOWS\system32\drivers\I80vde2sdtrs.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-04-22 140616]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Programme\Canon\DIAS\CnxDIAS.exe [2004-12-06 1171532]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-17 106496]
R2 eLoggerSvc6;Norman eLogger service 6; C:\Norman\Npm\bin\ELOGSVC.EXE [2007-08-30 150584]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Norman ZANDA;Norman ZANDA; C:\Norman\Npm\Bin\Zanda.exe [2008-04-23 408696]
R2 Parallels Coherence Service;Parallels Coherence Service; C:\Programme\Parallels\Parallels Tools\Services\coherence.exe [2009-05-08 27976]
R2 Parallels Tools Service;Parallels Tools Service; C:\Programme\Parallels\Parallels Tools\Services\prl_tools_service.exe [2009-05-08 138056]
R3 Norman NJeeves;Norman NJeeves; C:\Norman\Npm\bin\NJEEVES.EXE [2008-03-27 150584]
R3 nsesvc;Norman Scanner Engine Service; C:\Norman\nse\bin\NSESVC.EXE [2009-05-19 310328]
R3 nvcoas;Norman Virus Control on-access component; C:\Norman\Nvc\bin\nvcoas.exe [2009-03-06 183352]
R3 NVCScheduler;Norman Virus Control Scheduler; C:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-06-10 376832]
S2 P1C1394;Phase One 1394 Camera Driver; C:\WINDOWS\System32\Drivers\p1c1394.sys []
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-01 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2006-04-24 68096]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 CeEPwrSvc;CeEPwrSvc; C:\Programme\TOSHIBA\Power Management\CeEPwrSvc.exe [2004-06-23 36960]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-19 20:11:03

======Uninstall list======

-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7646-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager 4.1-->C:\WINDOWS\unin0407.exe -f"C:\Programme\Adobe Type Manager\DeIsL1.isu" -c"C:\Programme\Adobe Type Manager\UNINST.DLL"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{93639712-7146-4AC7-9B3B-0F94C53A3F70}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Application Suite-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7C22BE34-6E56-4169-8DE3-16B2938621E4}\Setup.exe" -l0x7
ArZeu-->CDUnInst.exe C:\Programme\Setup.cdi
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Belkin Range Extender-->C:\WINDOWS\IsUninst.exe -f"C:\Programme\Belkin\Belkin Range Extender\Uninst.isu"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Borland Database Engine 5.1 -->C:\WINDOWS\uninstall\Borland Database Engine\setup.exe
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x7
Color Network ScanGear Ver.1.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0E92C4A1-405F-11D8-A7E6-0060081EB30F}\Setup.exe" UNINSTALL
David.InfoCenter -->C:\WINDOWS\UNINSTIC.EXE "C:\Programme\Tobit InfoCenter\Setup\UNINST.INF"
Designer 2.0-->"C:\Programme\fotobuch.de AG\Designer 2.0\unins000.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-RAM-Treiber-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" DVD-RAM Driver
Easy Button-->C:\WINDOWS\UnInst32.exe EzButton.UNI
EasyPrint 1.1-->C:\Programme\Pixum\EasyPrint\.\unins000.exe
Europa-Arbeitszeugnis 2002-->"C:\Programme\Europa-Arbeitszeugnis 2002\unins000.exe"
f/Calc-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\FCALC.INF, DefaultUninstall.ntx86
FinePixViewer Ver.3.2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1031
Fingerprint Attendance System -->C:\PROGRA~1\Att\UNWISE.EXE C:\PROGRA~1\Att\INSTALL.LOG
Fotobuch Design-Center V6.5-->"C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\.\unins000.exe"
funScreenScraping Client Version-->MsiExec.exe /I{32148D5D-909F-4A7B-93EE-5C16B71F4A8C}
funScreenScraping Microsoft Systemdateien-->MsiExec.exe /X{AC849092-6F19-4395-8860-BC3B82CAFE51}
HijackThis 2.0.2-->"\\.psf\Home\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
InfoCenter Pocket Sync-->C:\WINDOWS\unpdasyc.exe "C:\Programme\Tobit InfoCenter\PocketSync\setup\unpdasyc.inf"
InterVideo WinDVD Creator 2-->"C:\Programme\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Ipswitch WS_FTP Pro-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lexware Info Service-->MsiExec.exe /I{BEDFB0D0-CA1E-4CBA-9664-B25A74019D0C}
Lexware lohnauskunft GV 2008-->C:\Programme\InstallShield Installation Information\{FBAD1CA8-D96D-45FF-8D38-A1751C49C38E}\Setup.exe -runfromtemp -l0x0007 -removeonly
Lexware online banking 4.90-->C:\Programme\InstallShield Installation Information\{7D9A486B-DD9E-4526-9B3A-B26B83179EAE}\setup.exe -runfromtemp -l0x0007 -removeonly
Lexware QuickBooks plus 2008-->C:\Programme\InstallShield Installation Information\{38EBEF35-18E3-4B74-A560-8F80685B9626}\setup.exe -runfromtemp -l0x0007 -removeonly
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x7 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MediaLife -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010407-78E1-11D2-B60F-006097C998E7}
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MicroStaff WINASPI-->C:\MWASPI\uninst.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetObjects Fusion 7-->C:\WINDOWS\IsUn0407.exe -f"C:\NetObjects Fusion 7\Uninst.isu" -c"C:\NetObjects Fusion 7\uninst.dll"
Nimo Codecs Pack v5.0 (Remove Only)-->"C:\Programme\NimoCodec Pack\uninstall.exe"
Norman Virus Control-->C:\Norman\NVC\BIN\DelNVC5.exe
Norton Security Scan-->MsiExec.exe /I{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
PantsOff 2.0-->C:\Programme\PantsOff\unins000.exe
Parallels Tools-->MsiExec.exe /X{471953AA-5C1F-47BD-B732-0DE3F50D78CA}
Parallels Transporter-->MsiExec.exe /X{6A7D7B1F-D8A6-4249-829D-CE823EA777F1}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Pixelspeed Layouter -->"C:\WINDOWS\Pixelspeed Layouter\uninstall.exe" "/U:C:\Programme\Pixelspeed Layouter\irunin.xml"
PL-2303 USB-to-Serial-->"C:\Programme\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\setup.exe" -runfromtemp -l0x0009Installed -removeonly
PUMATECH Desktop Setup Component(nur entfernen)-->C:\PROGRA~1\GEMEIN~1\PUMATE~2\PUMATE~1\DSSetupUninstall
QuarkXPress 6.52-->MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}
QuarkXPress 7.31-->MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
QuickTime-->MsiExec.exe /I{0CD08E86-ADFE-4227-AFB1-AE002E12DA2F}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek Fast Ethernet Adapter Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x7 REMOVE
Registry Mechanic 8.0-->"C:\Programme\Registry Mechanic\unins000.exe" /Log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Server-Logins-->C:\Programme\Server-Logins\.\unins000.exe
SHARP AR-550/620/700 Series PS Printer Driver-->C:\WINDOWS\ISUN0407.EXE -fC:\WINDOWS\sj0h.isu -cC:\WINDOWS\system32\usj0h.dll
Sibank für Windows-->C:\WINDOWS\unin0407.exe -fc:\programme\ilka_zeugnis\DeIsL1.isu -cc:\programme\ilka_zeugnis\_ISREG32.DLL -cc:\PROGRA~1\ILKA_Z~1\_ISREG32.DLL
Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
SMSC IrCC V5.1.3600.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x7 UNINSTALL
SnapAPI-->MsiExec.exe /X{E901C3E0-E37C-4645-9906-718C3A5FE59F}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1}
Steganos 3 Release 7 Compact Edition-->MsiExec.exe /X{AD030748-5E48-11D4-A2AB-0050BAEF260F}
Sync Action Engine v4(nur entfernen)-->C:\Programme\Gemeinsame Dateien\Pumatech Shared\Sync Action Engine v4\SyncAEUninstall
Tobit InfoCenter PDA Synchronisation-->C:\WINDOWS\undvsync.exe UNDVSYNC.INF
TOSHIBA Energieverwaltung-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D674A81F-0216-4523-B6AB-3F18D789798E} /l1031
TOSHIBA Hotkey-Dienstprogramm-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A933190B-9C8E-4E81-B4D4-038D594A1675} /l1031
Touch and Launch-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3470FBE6-B743-420F-B5CE-0D27FA749C16}\Setup.exe" -l0x7
Touchpad EIN/AUS-Utility-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7EF2432D-8C52-40C1-962A-1EB0413F25ED} /l1031
Transaction Manager (nur entfernen) -->C:\Programme\Gemeinsame Dateien\PUMATECH Shared\Transaction Manager\TMUninstall
TuneUp Utilities 2003-->MsiExec.exe /I{9665B325-3F96-11D6-A1FA-000374890932}
Update für Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
Winzep 4.6 -->C:\WINDOWS\uninstall\Winzep\setup.exe
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Z-DBackup-->C:\WINDOWS\AKDeInstall.exe "/C:\Programme\Z-DBackup\"

======Hosts File======

127.0.0.1 .psf

======Security center information======

AV: Norman Virus Control ver. 5.99

======System event log======

Computer Name: ******-NOTEBOOK
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 82699
Source Name: Service Control Manager
Time Written: 20090508183627.000000+120
Event Type: Informationen
User: ******-NOTEBOOK\******

Computer Name: ******-NOTEBOOK
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".

Record Number: 82698
Source Name: Service Control Manager
Time Written: 20090508183627.000000+120
Event Type: Informationen
User:

Computer Name: ******-NOTEBOOK
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 82697
Source Name: Service Control Manager
Time Written: 20090508183152.000000+120
Event Type: Informationen
User:

Computer Name: ******-NOTEBOOK
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.

Record Number: 82696
Source Name: Service Control Manager
Time Written: 20090508183152.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ******-NOTEBOOK
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NvcMFlt" gesendet.

Record Number: 82695
Source Name: Service Control Manager
Time Written: 20090508183132.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: *****-NOTEBOOK
Event Code: 0
Message: Die Datei capicom.dll wurde verändert. Installieren Sie das Programm neu!

Record Number: 15654
Source Name: QuickBooks
Time Written: 20080923125215.000000+120
Event Type: Fehler
User:

Computer Name: ******-NOTEBOOK
Event Code: 11707
Message: Produkt: Norton Security Scan -- Installation erfolgreich abgeschlossen.

Record Number: 15653
Source Name: MsiInstaller
Time Written: 20080923082409.000000+120
Event Type: Informationen
User: ******-NOTEBOOK\*****

Computer Name: *****-NOTEBOOK
Event Code: 0
Message:
Record Number: 15652
Source Name: iPod Service
Time Written: 20080923075747.000000+120
Event Type: Informationen
User:

Computer Name: *****-NOTEBOOK
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 15651
Source Name: SecurityCenter
Time Written: 20080923075711.000000+120
Event Type: Informationen
User:

Computer Name: *****-NOTEBOOK
Event Code: 1
Message:
Record Number: 15650
Source Name: Bonjour Service
Time Written: 20080923075711.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;%NpmLib%;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"Username"=*****
"windir"=%SystemRoot%
"NpmLib"=C:\Norman\Npm\Bin
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

My 2 cents:

Wenn du mir deine HJT-Log privat gezeigt hättest, dann hätte ich dir alleine aufgrund einiger seltsamen Dienste, die man bei dir sieht auf deine Eingangsfrage mit NEIN geantwortet!

Zitat:

Zitat von theol

My 2 cents:

Wenn du mir deine HJT-Log privat gezeigt hättest, dann hätte ich dir alleine aufgrund einiger seltsamen Dienste, die man bei dir sieht auf deine Eingangsfrage mit NEIN geantwortet!

Mit dieser Antwort kann ich nicht so viel anfangen.

gruß Georg

Da kann ich meinem Vorposter leider nur zustimmen. Das Log von Malwarebytes ist ein Katastrophe, das von RSIT ist nicht viel besser. Wenn es keinen wirklich schwerwiegenden Grund gibt, der gegen die schnelle und sichere Lösung Neuinstallation spricht, dann ist das der richtige Weg.

Alleine den Zeitaufwand setze ich mit mindestens 10 Tagen an. Das ist es beim besten Willen nicht wert.

ciao, andreas

Zitat:

Zitat von john.doe

Da kann ich meinem Vorposter leider nur zustimmen. Das Log von Malwarebytes ist ein Katastrophe, das von RSIT ist nicht viel besser. Wenn es keinen wirklich schwerwiegenden Grund gibt, der gegen die schnelle und sichere Lösung Neuinstallation spricht, dann ist das der richtige Weg.

Alleine den Zeitaufwand setze ich mit mindestens 10 Tagen an. Das ist es beim besten Willen nicht wert.

ciao, andreas

Ok! Was für Probleme habe ich, wenn ich mit diesem System weiter arbeite? Wie lange ist der Rechner wohl schon befallen?

Was für Viren habe ich und was machen diese?

Im Grunde benötige ich die XP-Oberfläche nur für zwei Programme Tobit und Quickbook.

Gruß Georg

Weißt du was ein Backdoor ist?

Sieh dir das Log von Malwarebytes an, den Eintrag findest du dort ziemlich häufig. Weißt du was Stolen.Data bedeutet? Auch den Eintrag findest du häufiger. Dann lies doch erstmal hier: http://www.trojaner-board.de/65029-t...tml#post394394

Dort findest du die Antworten auf deine Fragen. Jede zweite Datei im Filelisting gehört da nicht hin und ist hoher Wahrscheinlichkeit ein Schädling.

ciao, andreas

OK Andreas, das habe ich verstanden. Das Problem ist Freitag Abend aufgetreten. Es waren auf einmal alle Zugangsdaten über den IE verschwunden. Ich bin dann stutzig geworden und habe meinen Virenscanner gestartet. Ich dachte ich hätte mit der teueren Software Norman und dem Abo alle Sicherheitsvorkehrungen getroffen. Dem war dann wohl nicht so.

Lassen sich denn die Viren nicht löschen?

Gruß Georg

Das schon, aber das ist mit einem immensen Zeitaufwand verbunden. Für eine Neuinstallation brauchst du maximal einen Tag, denn du brauchst ja nur zwei Programme, wie du geschrieben hast. Danach hast du einen schnellen und sauberen Rechner.

Eine Reinigung, bei einer verseuchten Kiste, wie deiner dauert mindestens 5 Tage, eher länger und ich kann dir nicht garantieren, dass wir tatsächlich alle erwischen. Wo soll da der Sinn sein?

Lies dir diesen Fall durch, da haben wir 5 Tage gebraucht und sein Rechner war bei weitem nicht so verseucht wie deiner: http://www.trojaner-board.de/75270-infiziert.html

Den anderen Fall müsste ich erst suchen, aber da waren wir über 3 Wochen beschäftigt. Irgendwann macht es einfach nicht den geringsten Sinn so viel Zeit reinzustecken, wenn du in einem Tag einen sauberen Rechner haben kannst.

ciao, andreas

Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
SMSC IrCC V5.1.3600.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x7 UNINSTALL
SnapAPI-->MsiExec.exe /X{E901C3E0-E37C-4645-9906-718C3A5FE59F}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1}
Steganos 3 Release 7 Compact Edition-->MsiExec.exe /X{AD030748-5E48-11D4-A2AB-0050BAEF260F}
Sync Action Engine v4(nur entfernen)-->C:\Programme\Gemeinsame Dateien\Pumatech Shared\Sync Action Engine v4\SyncAEUninstall
Tobit InfoCenter PDA Synchronisation-->C:\WINDOWS\undvsync.exe UNDVSYNC.INF
TOSHIBA Energieverwaltung-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D674A81F-0216-4523-B6AB-3F18D789798E} /l1031
TOSHIBA Hotkey-Dienstprogramm-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A933190B-9C8E-4E81-B4D4-038D594A1675} /l1031
Touch and Launch-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3470FBE6-B743-420F-B5CE-0D27FA749C16}\Setup.exe" -l0x7
Touchpad EIN/AUS-Utility-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7EF2432D-8C52-40C1-962A-1EB0413F25ED} /l1031
Transaction Manager (nur entfernen) -->C:\Programme\Gemeinsame Dateien\PUMATECH Shared\Transaction Manager\TMUninstall
TuneUp Utilities 2003-->MsiExec.exe /I{9665B325-3F96-11D6-A1FA-000374890932}
Update für Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
Winzep 4.6 -->C:\WINDOWS\uninstall\Winzep\setup.exe
WinZip-->"C:\Programme\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Z-DBackup-->C:\WINDOWS\AKDeInstall.exe "/C:\Programme\Z-DBackup\"

======Hosts File======

127.0.0.1 .psf

======Security center information======

AV: Norman Virus Control ver. 5.99

======System event log======

Computer Name: ******-NOTEBOOK
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 82699
Source Name: Service Control Manager
Time Written: 20090508183627.000000+120
Event Type: Informationen
User: ******-NOTEBOOK\******

Computer Name: ******-NOTEBOOK
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".

Record Number: 82698
Source Name: Service Control Manager
Time Written: 20090508183627.000000+120
Event Type: Informationen
User:

Computer Name: ******-NOTEBOOK
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 82697
Source Name: Service Control Manager
Time Written: 20090508183152.000000+120
Event Type: Informationen
User:

Computer Name: ******-NOTEBOOK
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.

Record Number: 82696
Source Name: Service Control Manager
Time Written: 20090508183152.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ******-NOTEBOOK
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NvcMFlt" gesendet.

Record Number: 82695
Source Name: Service Control Manager
Time Written: 20090508183132.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: *****-NOTEBOOK
Event Code: 0
Message: Die Datei capicom.dll wurde verändert. Installieren Sie das Programm neu!

Record Number: 15654
Source Name: QuickBooks
Time Written: 20080923125215.000000+120
Event Type: Fehler
User:

Computer Name: ******-NOTEBOOK
Event Code: 11707
Message: Produkt: Norton Security Scan -- Installation erfolgreich abgeschlossen.

Record Number: 15653
Source Name: MsiInstaller
Time Written: 20080923082409.000000+120
Event Type: Informationen
User: ******-NOTEBOOK\*****

Computer Name: *****-NOTEBOOK
Event Code: 0
Message:
Record Number: 15652
Source Name: iPod Service
Time Written: 20080923075747.000000+120
Event Type: Informationen
User:

Computer Name: *****-NOTEBOOK
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 15651
Source Name: SecurityCenter
Time Written: 20080923075711.000000+120
Event Type: Informationen
User:

Computer Name: *****-NOTEBOOK
Event Code: 1
Message:
Record Number: 15650
Source Name: Bonjour Service
Time Written: 20080923075711.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;%NpmLib%;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"Username"=*****
"windir"=%SystemRoot%
"NpmLib"=C:\Norman\Npm\Bin
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------