Einen schönen Sonntag an alle.
Ich bin schier am Verzweifeln... und hoffe, dass mir vielleicht hier jemand helfen kann.

Da mein USB Stick und auch Laptop in den letzten Wochen etwas rumgehurt hat (Internetcafé, Daten von allem und jedem, Downloads und co) steh ich nun vor nem Problem: Antivir sagt: Trojanisches Pferd.

Schlimmer noch: Nun ist das Ding wohl auch auf meinen USB Sticks und sogar auf der Karte meiner Kamera... meine Freunde hassen mich =).
Und auf dem Laptop meiner Mutter kommt nun auch die Trojanisches Pferd Meldung.
Sau dumm von mir und hab auch keine Ahnung davon, deshalb könnt ich die laptops gerad zertrümmern aber ich muss mich jetzt darum kümmern - vielleicht könnt ihr mir helfen?

Also erstma das HijackThis logfile von dem laptop meiner mutter:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:17, on 13.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\acs.exe
C:\Programme\IBM\Messages By IBM\ibmmessages.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Skype\Toolbars\Shared\SkypeNames.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245173748307
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - c:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9382 bytes


Vielen vielen Dank schon jetzt!!!Ehrlich!

Vanessa

Und hier noch das HiJack logfile von meinem laptop, der Virenschleuder schlechthin.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:49, on 13.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\Cursors\lsass.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Sony\VAIO Power Management\SPMgr.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\b.exe
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Cursors\lsass.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mconfig] C:\Dokumente und Einstellungen\Administrator\AnwendunRoaming\Microsoft\mconfig.exe
O4 - HKCU\..\Run: [Microsoft Drive Guard32] C:\Dokumente und Einstellungen\Administrator\DrvGuard32.exe
O4 - HKCU\..\Run: [Cognac] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\b.exe
O4 - HKCU\..\Run: [svchost.exe] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O20 - AppInit_DLLs: ,C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\163359626mxx.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 5870 bytes


Danke!!!

Wie dir bereits im "roten Kasten" beim Thema erstellen angeboten wurde, arbeite bitte das ab
http://www.trojaner-board.de/69886-a...-beachten.html

und bitte nur ein Rechner pro Thread. Eroeffne fuer den 2. ein Neuen....

ok sorry und vielen Dank Ralf.
Zu dem 1. Laptop:

Malwarebyte:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2788
Windows 5.1.2600 Service Pack 2

13.09.2009 15:36:50
mbam-log-2009-09-13 (15-36-50).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 160687
Laufzeit: 43 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-33cf-aax5-35gx1c642122} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Delete on reboot.

Infizierte Dateien:
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe (Generic.Bot.H) -> Delete on reboot.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.

RSit info:

info.txt logfile of random's system information tool 1.06 2009-09-13 18:44:06

======Uninstall list======

-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x7 ControlPanel
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Message Center-->MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools-->C:\Programme\IBM\Access IBM\IBMUINST.EXE
Access IBM-->MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
Dienstprogramm 'IBM ThinkPad EasyEject'-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -cC:\Programme\ThinkPad\Utilities\Tpinsej.dll
Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x7 anything
Digital Line Detect-->C:\Programme\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE -runfromtemp -l0x0007 -removeonly
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly
EMEA Wallpaper-->MsiExec.exe /I{8745DEAB-1126-42F5-9585-C66D5497B47B}
Funktion "IBM TrackPoint-Eingabehilfen"-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Programme\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software (deu)-->C:\Programme\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Premier Software 6.5-->C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IBM 32-bit SDK for Java 2, v1.4.1-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1031
IBM Access Connections-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x7 anything
IBM Cleanup Utility-->MsiExec.exe /X{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
IBM System für aktiven Festplattenschutz-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x7 anything
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad 'Akku-MaxiMiser' und Stromsparfunktionen-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\ThinkPad\Utilities\Unbmm.isu -cC:\Programme\ThinkPad\Utilities\Tpinsbmm.dll
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad 'Präsentationsdirektor'-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -cC:\Programme\ThinkPad\Utilities\Tpinsnpd.dll
IBM ThinkPad UltraNav Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad-Konfiguration-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -cC:\Programme\ThinkPad\Utilities\Tpinswin.dll
IBM ThinkPad-UltraNav-Assistent-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM Update Connector-->MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\SETUP.EXE" -l0x7 UNINSTALLFROMSYS
Installationsprogramm für ThinkPad-Software-->_tpiu000.exe /U
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo WinDVD-->"C:\Programme\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
LECTURNITY Player-->MsiExec.exe /X{8624888C-A959-45A5-98F4-292E956325EA}
LiveReg (Symantec Corporation)-->C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Programme\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9 Essentials-->C:\Programme\Gemeinsame Dateien\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus 2004 (Symantec Corporation)-->C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2004-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PC-Doctor für Windows-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated 56K Modem-->C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -ITkp0559k.inf
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

======Security center information======

AV: Norton AntiVirus

======System event log======

Computer Name: IBM-4FC29D1C96D
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Pml Driver HPZ12" gesendet.

Record Number: 25933
Source Name: Service Control Manager
Time Written: 20090907223704.000000+120
Event Type: Informationen
User: IBM-4FC29D1C96D\cornelia

Computer Name: IBM-4FC29D1C96D
Event Code: 7036
Message: Dienst "Pml Driver HPZ12" befindet sich jetzt im Status "Beendet".

Record Number: 25932
Source Name: Service Control Manager
Time Written: 20090907223643.000000+120
Event Type: Informationen
User:

Computer Name: IBM-4FC29D1C96D
Event Code: 7036
Message: Dienst "Pml Driver HPZ12" befindet sich jetzt im Status "Ausgeführt".

Record Number: 25931
Source Name: Service Control Manager
Time Written: 20090907223643.000000+120
Event Type: Informationen
User:

Computer Name: IBM-4FC29D1C96D
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Pml Driver HPZ12" gesendet.

Record Number: 25930
Source Name: Service Control Manager
Time Written: 20090907223643.000000+120
Event Type: Informationen
User: IBM-4FC29D1C96D\cornelia

Computer Name: IBM-4FC29D1C96D
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Pml Driver HPZ12" gesendet.

Record Number: 25929
Source Name: Service Control Manager
Time Written: 20090907223637.000000+120
Event Type: Informationen
User: IBM-4FC29D1C96D\cornelia

=====Application event log=====

Computer Name: IBM-4FC29D1C96D
Event Code: 1007
Message: Der Endbenutzer-Lizenzvertrag wurde zuvor abgelehnt.

Record Number: 1431
Source Name: WgaSetup
Time Written: 20090830083047.000000+120
Event Type: Informationen
User:

Computer Name: IBM-4FC29D1C96D
Event Code: 1003
Message: Setup fehlgeschlagen. Code = 0x800704c7, Fehler = Der Vorgang wurde durch den Benutzer abgebrochen.


Record Number: 1430
Source Name: WgaSetup
Time Written: 20090830083047.000000+120
Event Type: Informationen
User:

Computer Name: IBM-4FC29D1C96D
Event Code: 0
Message:
Record Number: 1429
Source Name: gusvc
Time Written: 20090829103813.000000+120
Event Type: Informationen
User:

Computer Name: IBM-4FC29D1C96D
Event Code: 0
Message:
Record Number: 1428
Source Name: gusvc
Time Written: 20090829103630.000000+120
Event Type: Informationen
User:

Computer Name: IBM-4FC29D1C96D
Event Code: 0
Message:
Record Number: 1427
Source Name: gusvc
Time Written: 20090829103530.000000+120
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PROGRAMME\THINKPAD\UTILITIES;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\PC-Doctor for Windows\services
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Rsit log:
(Teil 1)
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-09-13 18:44:00
Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (52%) free of 38 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:04, on 13.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\IBM\Messages By IBM\ibmmessages.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
c:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\acs.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Skype\Toolbars\Shared\SkypeNames.exe
C:\Dokumente und Einstellungen\User\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\User.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Programme\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245173748307
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - c:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9522 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - User.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-27 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Programme\Norton AntiVirus\NavShExt.dll [2003-12-05 103344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-27 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Programme\Norton AntiVirus\NavShExt.dll [2003-12-05 103344]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-27 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3Tray2.exe [2001-10-12 69632]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2003-08-28 110592]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2003-08-28 512000]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2003-09-04 77824]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2004-08-07 94208]
"BMMLREF"=C:\Programme\ThinkPad\Utilities\BMMLREF.EXE [2003-07-11 20480]
"QCTRAY"=C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE [2004-08-18 708608]
"QCWLICON"=C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE [2004-08-18 81920]
"TPKMAPHELPER"=C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [2003-09-02 897024]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2002-09-04 53248]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2003-07-18 208896]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-05 28672]
"UC_SMB"= []
"UC_Start"=C:\IBMTools\Updater\ucstartup.exe [2003-03-18 32768]
"ibmmessages"=C:\Programme\IBM\Messages By IBM\ibmmessages.exe [2003-08-18 536576]
"ccApp"=c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2006-03-30 71304]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-09-03 95960]
" Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"ibmmessages"=C:\Programme\IBM\Messages By IBM\ibmmessages.exe [2003-08-18 536576]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-07-16 25604904]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-28 39408]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier – Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-09-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2004-08-18 258048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\D-Link.exe"="D:\D-Link.exe:*:Enabled:Setup Wizard Template"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c80f0d0-7a84-11de-9f8c-000e9baed40a}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c80f0d3-7a84-11de-9f8c-e4e8ad24053a}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c84fd58-953b-11de-9fcf-000e9baed40a}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5269ad-79c9-11de-9f8a-000e9baed40a}]
shell\AutoRun\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\command - E:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe


======List of files/folders created in the last 1 months======

2009-09-13 18:44:00 ----D---- C:\rsit
2009-09-13 14:50:35 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Malwarebytes
2009-09-13 14:50:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-13 14:50:27 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-09-13 14:31:48 ----D---- C:\Programme\CCleaner
2009-09-13 10:59:55 ----D---- C:\Programme\Trend Micro
2009-09-11 12:55:06 ----D---- C:\Programme\LECTURNITY Player
2009-09-10 06:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 06:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 06:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-03 12:54:48 ----D---- C:\Programme\ElsterFormular
2009-09-03 11:35:53 ----RA---- C:\WINDOWS\UpdtNv28.exe
2009-09-03 11:35:36 ----D---- C:\Programme\SymNetDrv
2009-09-03 11:28:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-08-30 22:14:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-29 14:54:42 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\InterVideo
2009-08-27 01:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-25 15:39:14 ----RSHD---- C:\RESTORE
2009-08-17 23:53:43 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Nero
2009-08-17 19:19:48 ----D---- C:\Programme\Nero
2009-08-17 19:19:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2009-08-17 19:19:27 ----D---- C:\Programme\Gemeinsame Dateien\Nero
2009-08-14 08:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 08:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 08:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 08:43:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 08:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-14 08:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 08:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 08:42:18 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-14 08:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-14 08:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-14 08:41:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$

Rsit log (Teil 2):

======List of files/folders modified in the last 1 months======

2009-09-13 18:42:59 ----D---- C:\WINDOWS\Prefetch
2009-09-13 18:40:08 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Skype
2009-09-13 15:40:23 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\skypePM
2009-09-13 15:39:35 ----AD---- C:\WINDOWS
2009-09-13 15:39:21 ----RD---- C:\Programme
2009-09-13 15:39:21 ----D---- C:\Programme\Gemeinsame Dateien
2009-09-13 15:38:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-13 14:50:29 ----D---- C:\WINDOWS\system32\drivers
2009-09-13 14:41:10 ----D---- C:\WINDOWS\Debug
2009-09-13 14:41:07 ----D---- C:\WINDOWS\Temp
2009-09-13 11:00:51 ----AD---- C:\WINDOWS\system32
2009-09-13 10:47:32 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2009-09-11 12:55:47 ----SHD---- C:\WINDOWS\Installer
2009-09-11 12:55:28 ----HD---- C:\Config.Msi
2009-09-10 06:51:13 ----HD---- C:\WINDOWS\inf
2009-09-10 06:51:09 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-10 06:51:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 06:50:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-03 13:02:12 ----SD---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft
2009-09-03 12:54:48 ----HD---- C:\Programme\InstallShield Installation Information
2009-09-03 12:54:19 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2009-09-03 11:41:27 ----D---- C:\Programme\Norton AntiVirus
2009-09-03 11:35:44 ----D---- C:\Programme\Symantec
2009-09-03 11:30:43 ----SD---- C:\WINDOWS\Tasks
2009-09-03 11:28:46 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-09-03 11:27:58 ----D---- C:\Programme\Adobe
2009-08-21 08:50:37 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-17 19:19:22 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-08-17 19:19:21 ----D---- C:\WINDOWS\WinSxS
2009-08-17 18:38:27 ----D---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\AdobeUM
2009-08-14 09:16:59 ----D---- C:\WINDOWS\system32\Setup
2009-08-14 08:42:55 ----D---- C:\Programme\Outlook Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2004-08-18 11520]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2004-08-18 2432]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 SAVRT;SAVRT; \??\c:\Programme\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Programme\Norton AntiVirus\SAVRTPEL.SYS []
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2003-07-03 14848]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2003-07-03 8830]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-06-10 16340]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2003-07-11 15360]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2003-09-12 7168]
R2 irda;IrDA-Protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-05-20 15781]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2003-07-24 4225]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-07-03 100256]
R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-07-23 393408]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-09-12 596480]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-06-13 104448]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-28 990592]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2006-08-28 247808]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [2004-02-26 11344]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20090909.004\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20090909.004\NavEx15.Sys []
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-28 578304]
R3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-08-28 270288]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-28 728576]
S1 P3;Intel PentiumIII-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 46592]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-05-16 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-05-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-05-16 21568]
S3 LucentSoftModem;Lucent Technologies Soft Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2001-08-17 802683]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2004-08-18 12288]
S3 S3SSavage;S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 TwoTrack;IBM PS/2 TrackPoint-Filtertreiber; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-09-12 323584]
R2 ccEvtMgr;Symantec Event Manager; c:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [2006-03-30 255624]
R2 ccSetMgr;Symantec Settings Manager; c:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [2006-03-30 235144]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\System32\ibmpmsvc.exe [2004-02-26 57344]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 navapsvc;Norton AntiVirus Auto-Protect-Dienst; c:\Programme\Norton AntiVirus\navapsvc.exe [2005-08-26 158832]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2004-08-18 73728]
R2 SymWSC;SymWMI Service; c:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-12 32768]
R3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2004-07-17 36864]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe [2003-06-25 66784]
S3 aspnet_state;ASP.NET-Statusdienst; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe [2006-03-30 87688]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-28 182768]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Programme\Norton AntiVirus\SAVScan.exe [2005-01-25 194272]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]

-----------------EOF-----------------

Nutze bitte Avenger zum loeschen von Resten in der Registrierung:


1.) Anleitung Avenger (by swandog46)

Lade dir das Tool Avenger und speichere es auf dem Desktop:

• Doppelklick auf das Avenger-Symbol

• Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code: Alles auswählenAufklappen

ATTFilter

Registry keys to delete:
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4c80f0d0-7a84-11de-9f8c-000e9baed40a}
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4c80f0d3-7a84-11de-9f8c-e4e8ad24053a}
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5c84fd58-953b-11de-9fcf-000e9baed40a}
HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6e5269ad-79c9-11de-9f8a-000e9baed40a}
         

• Schliesse nun alle Programme und Browser-Fenster

• Um den Avenger zu starten klicke auf -> Execute

• Dann bestätigen mit "Yes" das der Rechner neu startet

• Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

• Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Schliesse keine externen Datentraeger an das Notebook an! Diese sollten zusammen mit dem anderen Rechner bereinigt werden!