Hier das GMEG logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-26 23:09:37
Windows 5.1.2600 Service Pack 3
Running: 2v08heo8.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kgtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT            8AA3A4A0                                                                                                                          ZwConnectPort
SSDT            sptd.sys                                                                                                                          ZwCreateKey [0xB7EBE0D0]
SSDT            \??\C:\Programme\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                              ZwDeleteValueKey [0xA9966350]
SSDT            sptd.sys                                                                                                                          ZwEnumerateKey [0xB7EC3FB2]
SSDT            sptd.sys                                                                                                                          ZwEnumerateValueKey [0xB7EC4340]
SSDT            sptd.sys                                                                                                                          ZwOpenKey [0xB7EBE0B0]
SSDT            sptd.sys                                                                                                                          ZwQueryKey [0xB7EC4418]
SSDT            8ABF3E88                                                                                                                          ZwQueryValueKey
SSDT            8AA430E8                                                                                                                          ZwResumeThread
SSDT            \??\C:\Programme\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                              ZwSetValueKey [0xA9966580]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2EFC                                                                                              80504798 4 Bytes  CALL E4DAEBCD 
?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                              Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           USBPORT.SYS!DllUnload                                                                                                             B4E8D8AC 5 Bytes  JMP 8AD40770 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                [B7EBEAD4] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                        [B7EBEC1A] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                               [B7EBEB9C] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                       [B7EBF748] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                               [B7EBF61E] sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                [B7ED429A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                            8AE081E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                            SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device          \FileSystem\Fastfat \FatCdrom                                                                                                     8A8F5440

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                          SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbohci \Device\USBPDO-0                                                                                                  8AC7F5D8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                         8AE0A1E8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                           8AE0A1E8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                              8AE0A1E8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                             8AE0A1E8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                                  8ACB11E8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{189E787C-DBBF-41D8-8023-F386B04AC9DA}                                                          8AA45790

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                            8AE7D1E8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                      8ACBE790
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                            8AE7D1E8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                            8AE7D1E8
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                                            8AE7D1E8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                           8AA45790
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                  8AA45790

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                                  8AC7F5D8
Device          \Driver\usbehci \Device\USBFDO-1                                                                                                  8ACB11E8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                 8A8B9790
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                       8A8B9790
Device          \Driver\Ftdisk \Device\FtControl                                                                                                  8AE7D1E8
Device          \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0                                                                            8AE091E8
Device          \Driver\nvgts \Device\Scsi\nvgts1                                                                                                 8AE091E8
Device          \Driver\nvgts \Device\Scsi\nvgts2                                                                                                 8AE091E8
Device          \FileSystem\Fastfat \Fat                                                                                                          8A8F5440

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                          SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                            8AC00500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                               0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                            0x32 0xDC 0xFC 0x09 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                   D:\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                   0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0x47 0xA9 0xB0 0x59 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                       0x8D 0x6F 0x6D 0x7F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                  0x89 0x24 0x28 0xF3 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                  0xBF 0xE8 0xFB 0x28 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                   0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0x32 0xDC 0xFC 0x09 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EAD28C50BE647342945EB3391ABE428\Usage@Phone  993657008

---- EOF - GMER 1.0.15 ----
         

Grüße

1.) Rootkitscan mit RootRepeal

• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
  .
  Drivers
  Files
  Processes
  SSDT
  Stealth Objects
  Hidden Services
  .
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.

2.) Systemdetails mit RSIT prüfen

• Lade Random's System Information Tool (RSIT) von random/random herunter,
• speichere es auf Deinem Desktop.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Poste erstmal alle Logs.

Alles klar, vielen Dank. Dazu werde ich wohl erst morgen kommen.
RootRepeal hat sich vorhin so lange ausgemährt, das ich es erstmal abgeschossen hab. Werde ich über Nacht durchlaufen lassen.

vielen Dank

Okeh, wenn es zu immensen problemen kommen wird, bitte sag bescheid.

Und neeee nicht abhetzen bitte

moin,

also RootRepeal ist immer noch am Scannen und ich bin mir nicht sicher ob da überhaupt noch was vorwärts geht. Das Programm scant immer noch files und hat einen Size mismatch gefunden der Desktop.ini für den default user
Wäre das erste mal das sich in der desktop.ini was versteckt.

Ich hab gelesen, daß Rootkits auch Scanner blocken können.. sieht hier fast so aus als wenn das der Fall wäre. RootRepeal hängt jetzt schon seit mindestens 2 Stunden im dllcache-Ordner und ab und zu gibts auch hörbare Festplattenaktivität.

Unter anderem habe ich auch bei der Recherche einen Scanner gefunden der zur Bootzeit scannen kann (u*nhackme.com). Ist das Programm empfehlenswert?

Die Rsit-Scans habe ich schon durchlaufen lassen bevor ich RootRepeal gestartet habe. Hier die Logs:

log.txt

Code: Alles auswählenAufklappen

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-26 22:05:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (53%) free of 65 GB
Total RAM: 3326 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:56, on 26.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programme\Bonjour\mDNSResponder.exe
D:\Symantec AntiVirus\DefWatch.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\Java\jre6\bin\jqs.exe
D:\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
D:\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
D:\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\SYMANT~1\VPTray.exe
D:\Symantec AntiVirus\Rtvscan.exe
D:\RivaTuner v2.22\RivaTuner.exe
C:\Programme\Microsoft IntelliPoint\ipoint.exe
D:\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
D:\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\SolidWorksLicTemp.0001
C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
E:\RSIT.exe
E:\download\HiJackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [vptray] D:\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner v2.22\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "D:\RivaTuner v2.22\RivaTuner.exe" /T
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LanguageShortcut] D:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SolidWorks Taskplaner Engine.lnk = D:\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.deutsche-bank.de
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221848263437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Programme\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programme\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - D:\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hyperworks - Unknown owner - C:\Altair\licensing10.0\security\bin\win32\lmgrd.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - D:\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for Flow Simulation 2009 - Unknown owner - D:\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Symantec AntiVirus\SavRoam.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - D:\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10718 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - D:\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-02 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vptray"=D:\SYMANT~1\VPTray.exe [2006-10-25 125120]
"RivaTunerStartupDaemon"=D:\RivaTuner v2.22\RivaTuner.exe [2008-12-29 2732032]
"RivaTuner"=D:\RivaTuner v2.22\RivaTuner.exe [2008-12-29 2732032]
"IntelliPoint"=C:\Programme\Microsoft IntelliPoint\ipoint.exe [2005-12-04 461584]
"iTunesHelper"=D:\iTunes\iTunesHelper.exe [2008-06-02 267048]
"LanguageShortcut"=D:\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-07-02 185896]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SolidWorks_CheckForUpdates"=C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe [2008-09-15 7218472]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-05-27 413696]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"nwiz"=C:\Programme\NVIDIA Corporation\nView\nwiz.exe [2009-08-26 1657448]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-27 13922304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-27 86016]
" Malwarebytes Anti-Malware  (reboot)"=D:\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"igndlm.exe"=D:\Download Manager\DLM.exe [2009-05-14 1103216]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
D:\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
D:\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Programme\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Programme\DNA\btdna.exe [2008-07-07 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
D:\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
SolidWorks Taskplaner Engine.lnk - D:\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-10-25 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\EVE\bin\ExeFile.exe"="D:\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA"
"C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Vuze\Azureus.exe"="D:\Vuze\Azureus.exe:*:Enabled:Azureus"
"D:\Diskeeper Corporation\Diskeeper\Diskeeper.exe"="D:\Diskeeper Corporation\Diskeeper\Diskeeper.exe:*:Disabled:Diskeeper.exe"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"D:\iTunes\iTunes.exe"="D:\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Ventrilo\Ventrilo.exe"="D:\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo"
"C:\Programme\Autodesk\ACADM 2009\acad.exe"="C:\Programme\Autodesk\ACADM 2009\acad.exe:LocalSubNet:Disabled:acad.exe"
"D:\CyberLink\PowerDVD\PowerDVD.exe"="D:\CyberLink\PowerDVD\PowerDVD.exe:*:Disabled:CyberLink PowerDVD"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Real\RealPlayer\realplay.exe"="D:\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"D:\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe"="D:\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe:*:Enabled:ScriptHostService.exe"
"D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe"="D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe"
"D:\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe"="D:\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe"
"D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe"="D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe:LocalSubNet:Enabled:ActivePIMgrU.exe"
"D:\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe"="D:\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe:LocalSubNet:Enabled:ANSYS.exe"
"D:\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe"="D:\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe:LocalSubNet:Enabled:AnsysWBU.exe"
"D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe"="D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe:LocalSubNet:Enabled:AWP tclsh.exe"
"D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe"="D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe:LocalSubNet:Enabled:AWP wish.exe"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:LocalSubNet:Enabled:Bonjour"
"C:\Programme\Diskeeper Corporation\Diskeeper\Connect.exe"="C:\Programme\Diskeeper Corporation\Diskeeper\Connect.exe:*:Disabled:Connect.exe"
"C:\Programme\Diskeeper Corporation\Diskeeper\DkActivationReminder.exe"="C:\Programme\Diskeeper Corporation\Diskeeper\DkActivationReminder.exe:*:Disabled:DkActivationReminder.exe"
"C:\Programme\Diskeeper Corporation\Diskeeper\DkAutoUpdateAlert.exe"="C:\Programme\Diskeeper Corporation\Diskeeper\DkAutoUpdateAlert.exe:*:Disabled:DkAutoUpdateAlert.exe"
"C:\Programme\Diskeeper Corporation\Diskeeper\DKCRegistration.exe"="C:\Programme\Diskeeper Corporation\Diskeeper\DKCRegistration.exe:*:Disabled:DKCRegistration.exe"
"C:\Programme\Diskeeper Corporation\Diskeeper\DkServiceMsg.exe"="C:\Programme\Diskeeper Corporation\Diskeeper\DkServiceMsg.exe:*:Disabled:DkServiceMsg.exe"
"D:\ANSYS Inc\v110\RSM\bin\JobManagerService.exe"="D:\ANSYS Inc\v110\RSM\bin\JobManagerService.exe:LocalSubNet:Enabled:JobManagerService.exe"
"D:\THC\Company of Heroes\RelicCOH.exe"="D:\THC\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes"
"D:\THC\Company of Heroes\RelicDownloader\RelicDownloader.exe"="D:\THC\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\41eb10ccea1c4f46b552c527f3e39236\RelicDownloader.exe"="C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\41eb10ccea1c4f46b552c527f3e39236\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager"
"C:\Programme\Gemeinsame Dateien\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaw.exe"="C:\Programme\Gemeinsame Dateien\Autodesk Shared\DirectConnect2010\java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Dead Space\Dead Space.exe"="D:\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™"
"E:\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE"="E:\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"E:\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe"="E:\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum"
"D:\Skype\Phone\Skype.exe"="D:\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\ANSYS Inc\v110\RSM\bin\JobManagerService.exe"="D:\ANSYS Inc\v110\RSM\bin\JobManagerService.exe:*:Enabled:JobManagerService.exe"
"D:\ANSYS Inc\v110\RSM\bin\JMAdmin.exe"="D:\ANSYS Inc\v110\RSM\bin\JMAdmin.exe:*:Enabled:JMAdmin.exe"
"D:\ANSYS Inc\v110\RSM\bin\JMPassword.exe"="D:\ANSYS Inc\v110\RSM\bin\JMPassword.exe:*:Enabled:JMPassword.exe"
"D:\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe"="D:\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe:*:Enabled:ScriptHostService.exe"
"D:\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe"="D:\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe:*:Enabled:AnsysWBU.exe"
"D:\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe"="D:\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe:*:Enabled:ANSYS.exe"
"D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe"="D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe:*:Enabled:ActivePIMgrU.exe"
"D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe"="D:\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe:*:Enabled:ReaderHostU.exe"
"D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe"="D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe:*:Enabled:AWP tclsh.exe"
"D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe"="D:\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe:*:Enabled:AWP wish.exe"
"D:\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe"="D:\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe:*:Enabled:ReaderHostCAT5U.exe"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install - 
.scr - config - 

======List of files/folders created in the last 1 months======
         

Grüße

Die Logs passen nicht alle in einen Post!!! Hier der zweite Teil von log.txt

Code: Alles auswählenAufklappen

ATTFilter

======List of files/folders created in the last 1 months======

2009-09-26 22:05:52 ----D---- C:\rsit
2009-09-26 22:01:14 ----A---- C:\WINDOWS\{00000009-00000000-00000006-00001102-00000008-10211102}.BAK
2009-09-26 16:44:56 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2009-09-26 16:44:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-09-26 15:13:32 ----SHD---- C:\Config.Msi
2009-09-26 14:46:19 ----A---- C:\WINDOWS\wininit.ini
2009-09-26 14:33:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-09-26 13:48:00 ----D---- C:\spoolerlogs
2009-09-25 15:20:16 ----D---- C:\Programme\Gemeinsame Dateien\Logitech
2009-09-25 15:20:16 ----A---- C:\WINDOWS\system32\WmJoyFrc.dll
2009-09-25 15:20:07 ----D---- C:\Programme\Logitech
2009-09-15 21:58:50 ----D---- C:\NV30843904.TMP-nv12875
2009-09-15 21:42:24 ----D---- C:\WINDOWS\6833245EDD86479A882A8360D62C8194.TMP
2009-09-15 21:36:45 ----A---- C:\WINDOWS\system32\OpenCL.dll
2009-09-15 21:36:45 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-09-15 21:36:44 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-09-11 08:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 08:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-05 16:50:31 ----D---- C:\WINDOWS\system32\AGEIA
2009-09-05 15:54:32 ----D---- C:\Programme\AGEIA Technologies
2009-09-05 15:54:21 ----D---- C:\Programme\NVIDIA Corporation
2009-09-05 15:54:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2009-08-27 23:35:32 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2009-08-27 23:35:32 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-08-27 23:35:28 ----A---- C:\WINDOWS\system32\nvrszht.dll
2009-08-27 23:35:28 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2009-08-27 23:35:28 ----A---- C:\WINDOWS\system32\nvrstr.dll
2009-08-27 23:35:28 ----A---- C:\WINDOWS\system32\nvrsth.dll
2009-08-27 23:35:28 ----A---- C:\WINDOWS\system32\nvrssv.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrssl.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrssk.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsru.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrspt.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrspl.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsno.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsko.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsja.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsit.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrshu.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrshe.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrses.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrseng.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsel.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsde.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsda.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrscs.dll
2009-08-27 23:35:26 ----A---- C:\WINDOWS\system32\nvrsar.dll
2009-08-27 23:35:18 ----A---- C:\WINDOWS\system32\nvwssr.dll
2009-08-27 23:35:18 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-08-27 23:35:18 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2009-08-27 23:35:16 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-08-27 23:35:16 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2009-08-27 23:35:16 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-08-27 23:35:16 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2009-08-27 23:35:16 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-08-27 23:35:16 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2009-08-27 23:35:16 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-08-27 23:35:14 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2009-08-27 23:35:14 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-08-27 23:35:12 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-08-27 23:35:12 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-08-27 23:35:12 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-08-27 23:35:12 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-08-27 23:35:12 ----A---- C:\WINDOWS\system32\nvcolor.exe

======List of files/folders modified in the last 1 months======

2009-09-26 22:04:27 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-26 22:03:06 ----D---- C:\WINDOWS
2009-09-26 22:02:28 ----D---- C:\WINDOWS\Temp
2009-09-26 22:01:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-26 22:00:59 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2009-09-26 21:59:13 ----D---- C:\WINDOWS\system32\drivers
2009-09-26 21:59:13 ----D---- C:\WINDOWS\system32
2009-09-26 21:46:46 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRight
2009-09-26 21:32:49 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
2009-09-26 21:14:06 ----D---- C:\WINDOWS\Minidump
2009-09-26 21:14:06 ----D---- C:\WINDOWS\Debug
2009-09-26 19:40:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-26 18:01:38 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2009-09-26 17:48:10 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IM
2009-09-26 17:41:41 ----RD---- C:\WINDOWS\Web
2009-09-26 15:15:37 ----SHD---- C:\WINDOWS\Installer
2009-09-26 15:15:37 ----D---- C:\WINDOWS\WinSxS
2009-09-26 15:14:38 ----RD---- C:\Programme
2009-09-26 15:14:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-09-26 15:13:59 ----RSD---- C:\WINDOWS\Fonts
2009-09-26 15:00:59 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EVEMon
2009-09-26 14:56:48 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-26 14:21:24 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Azureus
2009-09-26 14:02:15 ----D---- C:\WINDOWS\Registration
2009-09-26 14:01:28 ----D---- C:\WINDOWS\Prefetch
2009-09-26 13:44:18 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-26 13:30:31 ----D---- C:\WINDOWS\system32\DirectX
2009-09-26 13:30:30 ----HD---- C:\WINDOWS\inf
2009-09-26 13:30:14 ----RSD---- C:\WINDOWS\assembly
2009-09-26 13:18:44 ----HD---- C:\Programme\InstallShield Installation Information
2009-09-25 15:32:59 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-25 15:32:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-25 15:20:16 ----D---- C:\Programme\Gemeinsame Dateien
2009-09-15 21:59:19 ----D---- C:\WINDOWS\Help
2009-09-15 21:42:23 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-09-15 19:58:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2009-09-11 08:55:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 22:03:29 ----SD---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
2009-09-05 16:50:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-31 20:56:44 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Autodesk
2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SAVRT;SAVRT; \??\D:\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\D:\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\D:\CyberLink\PowerDVD\000.fcl []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20090925.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20090925.002\navex15.sys []
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-27 7770560]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-12-01 21760]
R3 RivaTuner32;RivaTuner32; \??\D:\RivaTuner v2.22\RivaTuner32.sys []
R3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2006-06-06 11136]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2006-06-06 46208]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 mnqxisqxnoixvpop;mnqxisqxnoixvpop; C:\WINDOWS\system32\drivers\mnqxisqxnoixvpop.sys []
S1 oqmcrevxylbesvmb;oqmcrevxylbesvmb; C:\WINDOWS\system32\drivers\oqmcrevxylbesvmb.sys []
S1 timiqufniwtixnse;timiqufniwtixnse; C:\WINDOWS\system32\drivers\timiqufniwtixnse.sys []
S1 tvxyecrnmsrnsiuw;tvxyecrnmsrnsiuw; C:\WINDOWS\system32\drivers\tvxyecrnmsrnsiuw.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840]
S3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\55.tmp []
S3 RivaTuner;RivaTuner; \??\D:\RivaTuner20RC123\RivaTuner.sys []
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SANDRA;SANDRA; \??\D:\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2006-06-06 21632]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2006-06-06 20864]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2006-06-06 6400]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Autodesk Data Management Job Dispatch;Autodesk Data Management Job Dispatch; C:\Programme\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [2008-02-25 32768]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; D:\Symantec AntiVirus\DefWatch.exe [2006-10-25 31424]
R2 Diskeeper;Diskeeper; C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 JobManagerService110;Ansys JobManager Service V11; D:\ANSYS Inc\v110\RSM\bin\JobManagerService.exe [2007-01-16 20480]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-27 172100]
R2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009; D:\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2008-09-03 210216]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Programme\Cyberlink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 ScriptHostService110;Ansys ScriptHost Service V11; D:\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe [2007-01-16 20480]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Symantec AntiVirus;Symantec AntiVirus; D:\Symantec AntiVirus\Rtvscan.exe [2006-10-25 1813184]
R2 W3SVC;WWW-Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-06-02 504104]
R3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-01-10 79360]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-21 68096]
S3 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager; C:\Programme\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe [2006-03-24 1294336]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe [2008-06-28 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; D:\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-03 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 Hyperworks;Hyperworks; C:\Altair\licensing10.0\security\bin\win32\lmgrd.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-25 2528960]
S3 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; D:\Symantec AntiVirus\SavRoam.exe [2006-10-25 116416]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 SQLBrowser;SQL Server-Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
         

Und info.txt noch dazu:

Code: Alles auswählenAufklappen

ATTFilter

info.txt logfile of random's system information tool 1.06 2009-09-26 22:05:58

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->D:\Ahead\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Programme\AC3Filter\uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
ANSYS Products 11.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{127F1FD4-43BB-4428-8B2A-70539F4B6F1F}\setup.exe" -l0x7  -removeonly
ANSYS Remote Solve Manager (RSM) 11.0-->MsiExec.exe /I{1B611B02-BCB6-4D2C-AD7C-F7370B272853}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AutoCAD Mechanical 2010-->C:\Programme\Autodesk\ACADM 2010\Setup\Setup.exe /P {5783F2D7-8005-0407-0002-0060B0CE6BBA} /M ACAD /language de-DE
AutoCAD Mechanical 2010-->C:\Programme\Autodesk\ACADM 2010\Setup\Setup.exe /P {5783F2D7-8005-0407-0002-0060B0CE6BBA} /M ACM /language de-DE
Autodesk Design Review 2010-->C:\Programme\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR
Autodesk DirectConnect 2010-->MsiExec.exe /I{38F2E726-1FF5-4AAB-96AD-CAB5079E8846}
Autodesk Inventor Content Center Libraries 2010 (Desktop Content)-->MsiExec.exe /X{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}
Autodesk Inventor Professional 2009 SP1-->Msiexec.exe /uninstall {702F2425-1300-1000-0032-F0408A8E25CA} /package {7F4DD591-1300-0409-0000-7107D70F3DB4} /qb
Autodesk Inventor Professional 2009-->C:\Programme\Autodesk\Inventor 2009\Setup\Setup.exe /P {7F4DD591-1300-0409-0000-7107D70F3DB4} /M INVENTOR
Autodesk Inventor Professional 2009-->MsiExec.exe /I{7F4DD591-1300-0409-0000-7107D70F3DB4}
Autodesk Inventor Professional 2010 Deutsch (German)-->C:\Programme\Autodesk\Inventor 2010\Setup\Setup.exe /P {7F4DD591-1400-0409-0000-7107D70F3DB4} /M INVENTOR /LANG de-DE
Autodesk Inventor Professional 2010-->MsiExec.exe /I{52969324-463B-4643-BF36-854BE2BECB89}
Autodesk Inventor Professional 2010-->MsiExec.exe /I{7F4DD591-1400-0409-0000-7107D70F3DB4}
Autodesk Productstream 2009 (Client)-->C:\Programme\Autodesk\Productstream 2009\Setup\setup.exe /p {2D653CEE-15D4-4647-B027-4597DBE562CA} /M VAULT
Autodesk Productstream 2009 (Client)-->MsiExec.exe /X{2D653CEE-15D4-4647-B027-4597DBE562CA}
Autodesk Productstream 2009 (Server)-->C:\Programme\Autodesk\Data Management Server 2009\Setup\setup.exe /p {A590350B-E183-479E-B631-B2C898D4A535} /M SERVER
Autodesk Productstream 2009 (Server)-->MsiExec.exe /X{A590350B-E183-479E-B631-B2C898D4A535}
Autodesk Showcase 2010-->MsiExec.exe /I{8D86DD3A-8634-4647-9FBD-EAD14939EFAF}
Autodesk Vault 2010 (Client) Language Pack - Deutsch-->MsiExec.exe /I{723D0010-CA4C-4248-B206-10B80B1EDBCC}
Autodesk Vault 2010 (Client)-->C:\Programme\Autodesk\Vault 2010\Setup\setup.exe /P {1BF66D77-6604-4f3f-B3AE-D640AFB58A88} /M VAULT /language de-DE
Autodesk Vault 2010 (Client)-->MsiExec.exe /X{1BF66D77-6604-4f3f-B3AE-D640AFB58A88}
AutoIt v3.2.12.1-->D:\AutoIt3\Uninstall.exe
Batman: Arkham Asylum-->"C:\Programme\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"D:\CCleaner\uninst.exe"
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"D:\THC\Company of Heroes\Uninstall_German.exe"
COSMOSM 2009 (2008/250)-->MsiExec.exe /I{E475977A-5659-4C6F-AC7A-ACB86480E7BB}
Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x7  /remove
DFX 8 for Winamp-->"D:\Winamp\uninstall_dfx.exe"
Diskeeper 2008 Pro Premier-->MsiExec.exe /X{4ECCF281-ED79-4EA7-AE89-5E39D3291C2A}
Download Manager 2.3.6-->D:\Download Manager\uninst.exe
DWG TrueView 2010-->C:\Programme\DWG TrueView 2010\Setup\Setup.exe /P {5783F2D7-8028-0409-0000-0060B0CE6BBA} /M AOEM /language en-US
Easy CD-DA Extractor 11-->"C:\WINDOWS\Easy CD-DA Extractor 11.0.3\uninstall.exe" "/U:D:\Easy CD-DA Extractor 11\irunin.xml"
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EVEMon-->D:\EVEMon\uninstall.exe
HijackThis 2.0.2-->"E:\download\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Programme\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}\setup.exe" -l0x7  -removeonly
Malwarebytes' Anti-Malware-->"D:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{B578C85A-A84C-4230-A177-C5B2AF565B8C}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0}
Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{0AF342A7-A435-4980-940A-9DA4AD48E399}
Microsoft SQL Server 2005-->"C:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{1D1D8ADC-BF08-4E61-9393-5FA305B16864}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{5C759B74-34F4-43C6-A5D9-039CB754C5E9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{ac474156-361a-4a7b-8b6e-977781b92565}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
modo 302-->"C:\Programme\InstallShield Installation Information\{FBC2704E-46EE-42D5-AC85-D77AFD9F39A6}\setup.exe" -runfromtemp -l0x0009 -removeonly
modo 401 build 31381-->"C:\Programme\InstallShield Installation Information\{FEB7E40B-3CDB-4D68-80A1-584A7A20EFAC}\setup.exe" -runfromtemp -l0x0409 -removeonly
modo 401 build 31381-->MsiExec.exe /I{FEB7E40B-3CDB-4D68-80A1-584A7A20EFAC}
modo 401 Content-->"C:\Programme\InstallShield Installation Information\{9C31978A-E8DF-4CFE-879B-BB449B59C431}\setup.exe" -runfromtemp -l0x0409 -removeonly
modo 401 Content-->MsiExec.exe /I{9C31978A-E8DF-4CFE-879B-BB449B59C431}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}
Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1031}
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
PE Builder 3.1.10a-->"D:\pebuilder3110a\unins000.exe"
PhotoView 360-->MsiExec.exe /I{06379784-4648-46BF-9426-0B10817F0AF5}
PowerDVD Ultra-->"C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000407 /z-uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RESIDENT EVIL 5-->MsiExec.exe /X{AC08BBA0-96B9-431A-A7D0-D8598E493775}
RivaTuner v2.22-->"D:\RivaTuner v2.22\uninstall.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SolidWorks 2009 SP0-->"C:\WINDOWS\SolidWorks\IM_20090-40000-1100-200\sldim\sldim.exe" /remove "C:\WINDOWS\SolidWorks\IM_20090-40000-1100-200\sldim\sldIM_installed.xml"
SolidWorks 2009 SP0-->MsiExec.exe /X{85C71366-4610-4180-8C23-7B3BB98F3C30}
SolidWorks eDrawings 2009-->MsiExec.exe /I{15D7ECFC-B252-4990-A6BC-1C550A046FE5}
SolidWorks Explorer 2009 sp0-->MsiExec.exe /I{325CC540-F105-4074-BFC0-B8E26BFFE1D5}
SolidWorks Flow Simulation 2009 SP0-->MsiExec.exe /I{80139801-65E0-4BCD-AB83-E6C98EB99A98}
SolidWorks Motion 2009 SP0-->MsiExec.exe /I{65BD9AB2-696E-4598-91E6-C3EE77E64460}
SolidWorks Simulation 2009 SP0-->MsiExec.exe /I{63D0588C-2740-459D-AFB4-6B03461B7891}
SolidWorks viewer-->MsiExec.exe /X{310B8C9E-63EA-4A87-8139-5C1B84211F3D}
Sophos Anti-Rootkit 1.5.0-->D:\Sophos\Sophos Anti-Rootkit\helper.exe remove
Spybot - Search & Destroy-->"D:\Spybot - Search & Destroy\unins000.exe"
Streamripper (Remove only)-->D:\Streamripper\Uninstall.exe
Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
Tools für Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}
TS1087486-->C:\WINDOWS\system32\msiexec.exe /promptrestart /qb /uninstall {6A8FAFAA-3A1B-4F60-AE80-F941C86CF98D} /package {A590350B-E183-479E-B631-B2C898D4A535} SETUP=1
TS1093427-->C:\WINDOWS\system32\msiexec.exe /promptrestart /qb /uninstall {9CEE52C8-37D5-41B0-B6EE-1EEFE62D092A} /package {A590350B-E183-479E-B631-B2C898D4A535} SETUP=1
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 1.0.1-->D:\VideoLAN\VLC\uninstall.exe
Vuze-->D:\Vuze\uninstall.exe
Winamp-->"D:\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR-->D:\WinRAR\uninstall.exe

=====HijackThis Backups=====

O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [2009-09-26]
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2009-09-26]
O23 - Service: Adobe LM Service AdobeAlerter (AdobeAlerter) - Unknown owner - C:\WINDOWS\TEMP\hnvnnlrcpp.exe [2009-09-26]
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.cn/download/SOPCORE.CAB [2009-09-26]
O23 - Service: Adobe LM Service AdobeAlerter (AdobeAlerter) - Unknown owner - C:\WINDOWS\TEMP\hnvnnlrcpp.exe [2009-09-26]

======Hosts File======

127.0.0.1     localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled)

======System event log======

Computer Name: WG208
Event Code: 5
Message: Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.

Record Number: 3002
Source Name: nvgts
Time Written: 20090926194325.000000+120
Event Type: Fehler
User: 

Computer Name: WG208
Event Code: 5
Message: Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.

Record Number: 3001
Source Name: nvgts
Time Written: 20090926194325.000000+120
Event Type: Fehler
User: 

Computer Name: WG208
Event Code: 5
Message: Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.

Record Number: 3000
Source Name: nvgts
Time Written: 20090926194325.000000+120
Event Type: Fehler
User: 

Computer Name: WG208
Event Code: 5
Message: Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.

Record Number: 2999
Source Name: nvgts
Time Written: 20090926194325.000000+120
Event Type: Fehler
User: 

Computer Name: WG208
Event Code: 5
Message: Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden.

Record Number: 2998
Source Name: nvgts
Time Written: 20090926194325.000000+120
Event Type: Fehler
User: 

======Environment variables======

"ANSYS_SYSDIR"=intel
"ANSYS_SYSDIR32"=intel
"ANSYS110_DIR"=D:\ANSYS Inc\v110\ANSYS
"ANSYSLIC_DIR"=C:\Programme\Ansys Inc\Shared Files\Licensing
"ANSYSLIC_SYSDIR"=Intel
"ANSYSRSM_ROOT110"=D:\ANSYS Inc\v110\RSM\
"AWP_LOCALE110"=de
"AWP_ROOT110"=D:\ANSYS Inc\v110
"CADOE_DOCDIR110"=D:\ANSYS Inc\v110\CommonFiles\help\en-us\solviewer
"CADOE_LIBDIR110"=D:\ANSYS Inc\v110\CommonFiles\Language\de
"CLASSPATH"=.;C:\Programme\QuickTime\QTSystem\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"KMP_DUPLICATE_LIB_OK"=TRUE
"LSTC_LICENSE"=ANSYS
"NUMBER_OF_PROCESSORS"=2
"OMP_NUM_THREADS"=2
"OS"=Windows_NT
"P_SCHEMA"=D:\ANSYS Inc\v110\AISOL\CAD Integration\Parasolid\PSchema
"Path"=%COSMOSM%;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\Microsoft SQL Server\90\Tools\binn\;C:\PROGRA~1\DISKEE~1\DISKEE~1\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"QTJAVA"=C:\Programme\QuickTime\QTSystem\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"COSMOSM"=D:\SolidWorks Corp\COSMOS M

-----------------EOF-----------------
         

Zitat:

C:\WINDOWS\system32\55.tmp

diese bitte auch.

Zitat:

also RootRepeal ist immer noch am Scannen und ich bin mir nicht sicher ob da überhaupt noch was vorwärts geht.

Leider eine Krankheit des Programms, es hat auf verschiedenen Systemen immer i-welche Fehler

Breche mal den Scan ab, machen wir als erstes mal eine effiziente Suche mit Superantispyware.

Folge der Anleitung des Programmes SUPERAntiSpyware einfach, wie es in dem Link steht.

Danach möchte ich trotz allem nochmal ein Rootkit Scan mit dir durchgehen, da doppelt besser ist als eine Meinung

Rootkitsuche mit SysProt

• Lade dir SysProt auf den Desktop und starte das Tool
• Gehe dort auf den Reiter "Log"
• Setze nun einen Haken bei:
  • Kernel Modules
  • Kernel Hooks
  • Hidden Files
  • Und unten bei "Hidden Objects Only"
• Drücke nun auf "Create Log"
• Es erscheint nach einem kurzen Scan die ein Dialogfenster. Wähle dort "Scan All Drives"
• Wenn der Scan abgeschlossen ist, beende SysProt.
• Poste den gesamten Inhalt der "SysProtLog.txt", die auf dem Desktop zu finden ist.

Gut, vielen Dank erstmal, werde ich machen. Ich bin mir auch nicht sicher ob es nun RootRepealer ist der ein Problem hat, oder ob der Rootkit erfolgreich das Scannen verhindert.
Hast Du schon mal von dem Programm gehört was ich genannt habe (un*hackme.com)?

Viele Grüße