| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.12.2009, 16:39
| #1 |
| |  Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun? Hallo! Ich fürchte ich brauche kompetenten Rat. Avira hat auf meinem Rechner unerwünschte Dateien entdeckt und in die Quarantäne verschoben: Trojanisches Pferd: Crypt.ZPACK.Gen in mehrfacher Ausführung in windows/system32 und in SystemVolumeInformation/_restore, insgesamt 8 mal. Trojanisches Pferd: TR/BHO.Gen in 2facher Ausführung in SystemVolumeInformation/_restore. Trojanisches Pferd: TR/Hijacker.Gen 3mal in SystemVolumeInformation/_restore. Und einmal den verdächtigen Code: HEUR/HTML.Malware in Dokumente und Einstellungen. (Ich hätte gerne die genauen Fundorte kopiert, aber ich weiß nicht wie ich diese aus Avira kopiert bekomme.) Ich habe zwar etwas über die Dateien hier auf der Seite gefunden, allerdings weiß ich nicht welches Vorgehen in meinem Fall das richtige ist. Des weiteren schaltet sich meine Windows Firewall bei jedem Neustart aus. Ich hatte bis vor kurzem Norton Antivirus installiert, bin aber jetzt auf Avira umgestiegen. Ich habe CCleaner wie beschrieben durchlaufen lassen. Malwarebytes Anti Malware log-Datei: Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3407 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.12.2009 15:40:19 mbam-log-2009-12-22 (15-40-19).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 218229 Laufzeit: 1 hour(s), 43 minute(s), 22 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 9 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\TypeLib\{0fcdc8c0-8297-4d27-85d2-84effa002f13} (Trojan.Small) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{57e7a0d2-05a2-4743-9268-0af49f56d56c} (Trojan.Small) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b7afd990-e814-4cc7-925a-c3938f71b81b} (Trojan.Small) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{13289e82-7a5d-4ed5-bec9-2c3b34a88ed0} (Trojan.Small) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b9e3f918-328c-410a-b2e3-2abf9e209974} (Trojan.Small) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\dtopMFC.ocx (Trojan.Small) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\dtopMFC.ocx (Trojan.Small) -> Quarantined and deleted successfully. Log-Datei RSIT: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by (name entfernt) at 2009-12-22 15:47:40 Microsoft Windows XP Professional Service Pack 3 System drive C: has 5 GB (9%) free of 53 GB Total RAM: 1014 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:48:01, on 22.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SuRun.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programme\IBM\Messages By IBM\ibmmessages.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe C:\WINDOWS\SuRun.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\OpenOffice.org 3\program\soffice.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Dokumente und Einstellungen\Beil\Desktop\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programme\Trend Micro\HijackThis\Beil.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe" //mailurl:mailto:hiromi@ebonycamera.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\\ibmmessages.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe O4 - HKLM\..\Run: [SuRun Systemmenü-Erweiterung] C:\WINDOWS\SuRun.exe /SYSMENUHOOK O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [QuickGammaLoader] C:\Programme\QuickGamma\QuickGammaLoader.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra 'Tools' menuitem: IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O20 - Winlogon Notify: SuRun - C:\WINDOWS\SuRunExt.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Microsoft DDE+ server (eab8bcaeddb16dd7) - Unknown owner - C:\WINDOWS\system32\.eab8bcaeddb16dd7\eab8bcaeddb16dd7.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Super User Run (SuRun) Service - hxxp://kay-bruns.de - C:\WINDOWS\SuRun.exe O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 12512 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - alle.job C:\WINDOWS\tasks\PMTask.job C:\WINDOWS\tasks\Spybot - Search & Destroy.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-03-07 118842] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}] CNavExtBho Class - C:\Programme\Norton AntiVirus\NavShExt.dll [2006-01-18 218784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Programme\Norton AntiVirus\NavShExt.dll [2006-01-18 218784] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2004-11-08 110592] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2004-11-08 512000] "TPKMAPHELPER"=C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [2004-02-04 897024] "TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2005-04-05 106496] "TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-04-04 94208] "TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2004-11-12 40960] "EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2005-03-23 217088] "SoundMAXPnP"=C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "UpdateManager"=C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe [2003-08-19 110592] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-03-07 122939] "ibmmessages"=C:\Programme\IBM\Messages By IBM\\ibmmessages.exe [2004-08-06 442368] "ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2008-01-31 58728] "IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2005-04-27 90112] "QCWLICON"=C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE [2005-03-18 86016] "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [] "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784] "Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-09-04 100056] "HP Component Manager"=C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-05-07 172032] "HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-05-07 49152] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "QCTray"=C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe [2005-03-18 745472] "SuRun Systemmenü-Erweiterung"=C:\WINDOWS\SuRun.exe [2009-10-24 442412] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ibmmessages"=C:\Programme\IBM\Messages By IBM\ibmmessages.exe [2004-08-06 442368] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] "QuickGammaLoader"=C:\Programme\QuickGamma\QuickGammaLoader.exe [2009-08-14 98816] "QuickGammaResume"= [] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe VPN Client.lnk - C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico C:\Dokumente und Einstellungen\Beil\Startmenü\Programme\Autostart OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina] C:\WINDOWS\system32\QConGina.dll [2005-03-18 262144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SuRun] C:\WINDOWS\SuRunExt.dll [2009-10-24 139320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] C:\WINDOWS\system32\tphklock.dll [2004-08-12 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2C7B6088-5A77-4d48-BE43-30337DCA9A86}"=C:\WINDOWS\SuRunExt.dll [2009-10-24 139320] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli pwdmon [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eab8bcaeddb16dd7] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\eab8bcaeddb16dd7] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "EnableShellExecuteHooks"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f63c52-a7a9-11de-b1b1-0014a4d7570f}] shell\AutoRun\command - setupSNK.exe ======List of files/folders created in the last 3 months====== 2009-12-22 15:47:40 ----D---- C:\rsit 2009-12-22 11:49:35 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Malwarebytes 2009-12-22 11:49:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-12-22 11:49:12 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-12-22 11:08:57 ----D---- C:\Programme\CCleaner 2009-12-21 10:38:27 ----D---- C:\Programme\QuickMonitorProfile 2009-12-21 10:37:51 ----D---- C:\Programme\QuickGamma 2009-12-17 21:04:08 ----D---- C:\Programme\HomeGallery 2009-12-16 20:08:01 ----D---- C:\Programme\Trend Micro 2009-12-09 20:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-09 20:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-09 20:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-09 20:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-09 20:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-12-04 18:28:34 ----D---- C:\Programme\Microsoft Games 2009-12-04 11:01:10 ----D---- C:\Programme\Avira 2009-12-04 11:01:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-11-30 22:09:22 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Lasersoft Imaging 2009-11-30 22:08:35 ----A---- C:\WINDOWS\system32\WNASPI32.DLL 2009-11-25 20:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ 2009-11-25 20:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2009-11-19 19:33:54 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft 2009-11-19 19:33:54 ----D---- C:\Programme\DVDVideoSoft 2009-11-17 18:41:30 ----D---- C:\Programme\Fast Image Resizer 2009-11-17 15:27:33 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\PIE 2009-11-14 21:53:40 ----D---- C:\Programme\Common Files 2009-11-14 21:53:37 ----D---- C:\Programme\Powerbullet 2009-11-11 23:17:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet 2009-11-11 23:17:19 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Autodesk 2009-11-11 23:03:04 ----D---- C:\Programme\Gemeinsame Dateien\Macrovision Shared 2009-11-11 22:52:52 ----D---- C:\Programme\Microsoft WSE 2009-11-11 22:50:30 ----D---- C:\Programme\DWG TrueView 2010 2009-11-11 22:50:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk 2009-11-11 22:50:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll 2009-11-11 22:50:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll 2009-11-11 22:50:10 ----A---- C:\WINDOWS\system32\D3DX9_37.dll 2009-11-11 22:49:59 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-11-11 22:49:32 ----D---- C:\Programme\Gemeinsame Dateien\Designer 2009-11-11 22:49:28 ----D---- C:\Programme\Microsoft Office 2009-11-11 22:48:12 ----D---- C:\Programme\Gemeinsame Dateien\Autodesk Shared 2009-11-11 22:48:12 ----D---- C:\Programme\Autodesk 2009-11-11 22:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$ 2009-11-11 22:24:06 ----D---- C:\Autodesk 2009-11-11 20:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2009-11-09 18:13:37 ----D---- C:\Programme\Gemeinsame Dateien\Akamai 2009-11-09 17:23:02 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Canneverbe_Limited 2009-11-07 20:58:31 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Nvu 2009-11-07 20:58:12 ----D---- C:\Programme\Nvu 2009-11-06 21:27:27 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\XnView 2009-11-05 19:55:31 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\dvdcss 2009-11-05 19:38:58 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\vlc 2009-11-05 19:13:23 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\OpenOffice.org 2009-11-05 15:34:39 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Matus Tomlein 2009-11-05 11:39:20 ----D---- C:\Neuer Ordner 2009-10-29 20:44:04 ----D---- C:\Programme\VideoLAN 2009-10-25 11:13:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\ICQ 2009-10-24 14:54:46 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Macromedia 2009-10-24 14:54:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Adobe 2009-10-24 14:54:19 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Mozilla 2009-10-24 14:47:49 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\gtk-2.0 2009-10-24 14:28:14 ----A---- C:\WINDOWS\SuRunExt.dll 2009-10-24 14:28:14 ----A---- C:\WINDOWS\SuRun.exe 2009-10-14 05:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-14 05:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-14 05:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-14 05:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-14 05:54:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-14 05:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-14 05:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-14 05:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-14 05:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2009-10-10 18:52:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited 2009-10-10 18:52:18 ----D---- C:\Programme\CDBurnerXP 2009-10-10 18:51:04 ----D---- C:\Programme\Synkron 2009-10-10 10:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-10-09 19:26:33 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-10-09 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2009-10-09 19:19:40 ----D---- C:\WINDOWS\system32\XPSViewer 2009-10-09 19:19:32 ----D---- C:\Programme\MSBuild 2009-10-09 19:19:28 ----D---- C:\WINDOWS\system32\en-US 2009-10-09 19:19:17 ----D---- C:\Programme\Reference Assemblies 2009-10-09 19:15:21 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-10-09 19:15:20 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-10-09 19:15:18 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-10-09 19:15:17 ----D---- C:\b4d73ca4efa1a8c42e071455e1 2009-10-07 11:18:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2009-10-07 11:18:53 ----D---- C:\Programme\Spybot - Search & Destroy 2009-10-06 20:06:00 ----D---- C:\WINDOWS\Internet Logs 2009-10-06 20:05:13 ----A---- C:\WINDOWS\system32\dneinobj.dll 2009-10-06 20:04:42 ----D---- C:\Programme\Gemeinsame Dateien\Deterministic Networks 2009-10-06 20:04:38 ----D---- C:\Programme\Cisco Systems 2009-10-03 12:58:46 ----ASH---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\desktop.ini 2009-10-03 12:58:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Identities 2009-10-03 12:58:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\IBM 2009-10-03 12:58:44 ----SD---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Microsoft 2009-10-03 12:58:44 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Symantec 2009-10-03 12:58:44 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Sonic 2009-09-28 13:05:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-09-28 13:05:27 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-09-28 12:41:51 ----D---- C:\Programme\OpenOffice.org 3 2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\MSXML4a.dll 2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\hpvcr70.dll 2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\hpvcp70.dll 2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\hpvaut32.dll 2009-09-27 08:43:09 ----D---- C:\Programme\HP 2009-09-27 08:43:08 ----D---- C:\Programme\Hewlett-Packard 2009-09-27 08:41:59 ----A---- C:\WINDOWS\hpdj6500.ini 2009-09-26 10:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-09-26 10:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-09-26 10:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-09-25 13:31:52 ----D---- C:\WINDOWS\Prefetch 2009-09-25 13:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-09-25 13:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-09-25 13:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-09-25 13:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-09-25 13:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-09-25 13:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-09-25 13:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-09-25 13:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-09-25 13:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-09-25 13:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-25 13:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-09-25 13:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-09-25 13:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$ 2009-09-25 13:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-09-25 13:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-09-25 13:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-09-25 13:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-09-25 13:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-09-25 13:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-09-25 13:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-09-25 13:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-25 13:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-09-25 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-09-25 13:22:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-09-25 13:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-09-25 13:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-09-25 13:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-09-25 13:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-09-25 13:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-09-25 13:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-09-25 13:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-09-25 13:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-09-25 13:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-09-25 13:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-09-25 13:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-09-25 13:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-09-25 13:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-09-25 13:14:21 ----D---- C:\WINDOWS\system32\de 2009-09-25 13:14:21 ----D---- C:\WINDOWS\system32\bits 2009-09-25 13:14:21 ----D---- C:\WINDOWS\l2schemas 2009-09-25 13:08:47 ----D---- C:\WINDOWS\network diagnostic 2009-09-25 13:04:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-09-25 12:51:22 ----D---- C:\WINDOWS\ie8updates 2009-09-25 12:50:22 ----D---- C:\WINDOWS\WBEM 2009-09-25 12:49:07 ----HDC---- C:\WINDOWS\ie8 2009-09-25 12:49:07 ----D---- C:\WINDOWS\system32\de-DE 2009-09-25 12:28:15 ----A---- C:\WINDOWS\system32\PF3600PRO_LOG.TXT 2009-09-25 12:28:14 ----A---- C:\WINDOWS\system32\PowSlide_LOG.TXT 2009-09-25 12:27:35 ----D---- C:\Programme\SilverFast Application 2009-09-23 17:03:26 ----D---- C:\Programme\XnView 2009-09-23 16:59:50 ----D---- C:\Programme\GIMP-2.0 2009-09-23 16:40:48 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-23 16:39:49 ----A---- C:\WINDOWS\system32\PWiaExt.dll 2009-09-23 16:39:48 ----D---- C:\WINDOWS\system32\GAMMA 2009-09-23 16:39:48 ----A---- C:\WINDOWS\system32\PF1800LC.Dll 2009-09-23 16:39:45 ----A---- C:\WINDOWS\TWAIN32.DLL 2009-09-23 16:39:45 ----A---- C:\WINDOWS\system32\daspi32u.dll 2009-09-23 16:39:42 ----A---- C:\WINDOWS\SPROF32.DLL 2009-09-23 16:39:42 ----A---- C:\WINDOWS\Scanner.ini 2009-09-23 16:39:42 ----A---- C:\WINDOWS\PFPICK.DLL 2009-09-23 16:39:42 ----A---- C:\WINDOWS\KPSYS32.DLL 2009-09-23 16:39:42 ----A---- C:\WINDOWS\KPCP32.DLL 2009-09-23 16:39:42 ----A---- C:\WINDOWS\KDSOUT.DLL 2009-09-23 16:39:42 ----A---- C:\WINDOWS\KDSINPUT.DLL 2009-09-23 16:39:42 ----A---- C:\WINDOWS\KCM2SP.DLL 2009-09-23 16:39:42 ----A---- C:\WINDOWS\ICCCODES.DLL ======List of files/folders modified in the last 3 months====== 2009-12-22 15:43:37 ----D---- C:\WINDOWS\Temp 2009-12-22 15:43:32 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-22 15:42:04 ----AD---- C:\WINDOWS 2009-12-22 15:41:40 ----D---- C:\WINDOWS\system32\drivers 2009-12-22 15:41:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-22 15:40:19 ----D---- C:\WINDOWS\system32 2009-12-22 11:49:12 ----RD---- C:\Programme 2009-12-22 11:16:12 ----D---- C:\WINDOWS\Debug 2009-12-21 20:45:52 ----D---- C:\Programme\Mozilla Firefox 2009-12-21 10:44:44 ----D---- C:\WINDOWS\inf 2009-12-21 10:36:39 ----SHD---- C:\WINDOWS\Installer 2009-12-21 10:36:17 ----D---- C:\WINDOWS\WinSxS 2009-12-16 19:30:44 ----D---- C:\Programme\Gemeinsame Dateien 2009-12-14 21:47:01 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2009-12-09 20:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-09 20:06:17 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-12-09 20:05:44 ----D---- C:\Programme\Internet Explorer 2009-12-09 20:05:25 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-30 22:08:35 ----D---- C:\WINDOWS\system 2009-11-14 21:53:40 ----RSD---- C:\WINDOWS\Fonts 2009-11-11 23:04:44 ----D---- C:\WINDOWS\Microsoft.NET 2009-11-11 23:04:43 ----RSD---- C:\WINDOWS\assembly 2009-11-11 22:58:17 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-11-11 22:51:42 ----D---- C:\WINDOWS\Help 2009-11-11 22:50:14 ----D---- C:\WINDOWS\system32\DirectX 2009-11-11 22:38:13 ----D---- C:\WINDOWS\system32\mui 2009-11-05 20:07:07 ----D---- C:\VALUEADD 2009-11-05 20:06:40 ----D---- C:\icons 2009-10-29 08:40:25 ----A---- C:\WINDOWS\system32\wininet.dll 2009-10-29 08:40:24 ----N---- C:\WINDOWS\system32\occache.dll 2009-10-29 08:40:24 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-10-29 08:40:24 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-10-29 08:40:21 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-10-29 08:40:21 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-10-29 08:40:21 ----A---- C:\WINDOWS\system32\jsproxy.dll 2009-10-29 08:40:20 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-10-29 08:40:18 ----N---- C:\WINDOWS\system32\iepeers.dll 2009-10-29 08:40:18 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-10-29 08:40:15 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2009-10-28 16:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe 2009-10-28 15:40:47 ----N---- C:\WINDOWS\system32\ie4uinit.exe 2009-10-24 12:20:08 ----D---- C:\Dokumente und Einstellungen 2009-10-24 12:14:42 ----D---- C:\RRUbackups 2009-10-24 09:58:49 ----SHD---- C:\RECYCLER 2009-10-21 06:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll 2009-10-21 06:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll 2009-10-16 10:06:10 ----HD---- C:\WINDOWS\system32\.eab8bcaeddb16dd7 2009-10-16 09:20:36 ----D---- C:\Programme\Norton AntiVirus 2009-10-13 11:32:34 ----A---- C:\WINDOWS\system32\oakley.dll 2009-10-12 14:38:18 ----A---- C:\WINDOWS\system32\rastls.dll 2009-10-12 14:38:18 ----A---- C:\WINDOWS\system32\raschap.dll 2009-10-10 11:04:29 ----D---- C:\IBMSHARE 2009-10-10 11:00:52 ----D---- C:\IBMTOOLS 2009-10-10 10:27:26 ----D---- C:\WINDOWS\system32\CatRoot 2009-10-10 07:28:19 ----SD---- C:\WINDOWS\Tasks 2009-10-09 19:17:58 ----D---- C:\WINDOWS\system32\spool 2009-10-09 19:10:35 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2009-10-09 19:10:12 ----D---- C:\WINDOWS\pchealth 2009-09-28 13:05:26 ----D---- C:\Programme\Adobe 2009-09-25 13:31:19 ----D---- C:\WINDOWS\AppPatch 2009-09-25 13:31:19 ----D---- C:\Programme\Messenger 2009-09-25 13:31:18 ----D---- C:\WINDOWS\system32\wbem 2009-09-25 13:31:18 ----D---- C:\WINDOWS\system32\Setup 2009-09-25 13:27:46 ----D---- C:\Programme\Outlook Express 2009-09-25 13:19:14 ----D---- C:\WINDOWS\security 2009-09-25 13:14:39 ----D---- C:\WINDOWS\ehome 2009-09-25 13:14:38 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-25 13:14:37 ----D---- C:\WINDOWS\ime 2009-09-25 13:14:22 ----D---- C:\WINDOWS\system32\usmt 2009-09-25 13:14:21 ----D---- C:\WINDOWS\PeerNet 2009-09-25 13:14:21 ----D---- C:\Programme\Movie Maker 2009-09-25 13:11:33 ----D---- C:\WINDOWS\ServicePackFiles 2009-09-25 13:11:22 ----D---- C:\WINDOWS\system32\Restore 2009-09-25 13:11:22 ----D---- C:\WINDOWS\system32\npp 2009-09-25 13:11:21 ----D---- C:\WINDOWS\msagent 2009-09-25 13:11:19 ----D---- C:\WINDOWS\srchasst 2009-09-25 13:11:18 ----D---- C:\Programme\NetMeeting 2009-09-25 13:11:16 ----D---- C:\WINDOWS\system32\Com 2009-09-25 13:11:13 ----D---- C:\Programme\Windows NT 2009-09-25 13:11:13 ----D---- C:\Programme\Windows Media Player 2009-09-25 13:11:08 ----D---- C:\Programme\Gemeinsame Dateien\System 2009-09-25 13:10:51 ----AD---- C:\WINDOWS\system32\oobe 2009-09-25 13:07:17 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-25 12:50:13 ----D---- C:\WINDOWS\Media 2009-09-25 12:26:54 ----D---- C:\WINDOWS\twain_32 2009-09-23 16:43:42 ----HD---- C:\Programme\InstallShield Installation Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-03-18 11520] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-03-18 2432] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 SAVRTPEL;SAVRTPEL; \??\C:\Programme\Norton AntiVirus\SAVRTPEL.SYS [] R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 4608] R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2005-01-21 14848] R1 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552] R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-01-21 9340] R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370] R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2005-04-14 4442] R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2005-05-17 7168] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-25 17801] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448] R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [] R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys [] R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS [] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-03-07 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-03-07 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-03-07 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-03-07 2271] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-03-07 87834] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-03-07 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-03-07 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-03-07 99098] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-03-07 100603] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200] R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-28 449856] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2005-05-24 17408] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-05-24 30299] R3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-05-24 148040] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-11-10 1041664] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-11-10 200448] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468] R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2004-11-05 12944] R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224] R3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS [] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-08 177504] R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2004-12-02 6016] R3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 14336] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-11-10 685184] S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-05-24 55288] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20091202.006\NAVENG.Sys [] S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20091202.006\NavEx15.Sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-01 12416] S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys [] S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-03-18 12288] S3 SAVRT;SAVRT; \??\C:\Programme\Norton AntiVirus\SAVRT.SYS [] S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480] S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928] S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016] S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20091120.002\symidsco.sys [] S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032] R2 btwdins;Bluetooth Service; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [2005-05-24 163840] R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [2008-01-31 197992] R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [2008-01-31 181608] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608] R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2005-04-27 385024] R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2004-11-05 57344] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096] R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe [2005-10-19 46704] R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-03-18 77824] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] R2 SPBBCSvc;Symantec SPBBCSvc; C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160] R2 Super User Run (SuRun) Service;Super User Run (SuRun) Service; C:\WINDOWS\SuRun.exe [2009-10-24 442412] R2 TPHDEXLGSVC;IBM HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2004-05-24 77824] R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-11 32768] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] R3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-01-24 36864] S2 eab8bcaeddb16dd7;Microsoft DDE+ server; C:\WINDOWS\system32\.eab8bcaeddb16dd7\eab8bcaeddb16dd7.exe [] S2 SBService;ScriptBlocking Service; C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe [2005-10-19 67184] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 ccPwdSvc;Symantec Password Validation; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe [2008-01-31 79208] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-11 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360] S3 navapsvc;Norton AntiVirus Auto-Protect-Dienst; C:\Programme\Norton AntiVirus\navapsvc.exe [2006-01-18 177312] S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe [] S3 SAVScan;SAVScan; C:\Programme\Norton AntiVirus\SAVScan.exe [2005-03-07 198368] S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2007-03-28 206552] S3 WmcCds;Windows Media Connect (WMC); c:\programme\windows media connect\mswmccds.exe [2004-08-10 483328] S3 WmcCdsLs;Windows Media Connect-Hilfsprogramm; C:\Programme\Windows Media Connect\mswmcls.exe [2004-08-10 28160] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Fortsetzung folgt... |
| Themen zu Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun? |
| adobe, anti malware, antivir guard, antivirus, askbar, avgntflt.sys, bho, browser, cdburnerxp, computer, crypt.zpack.gen, desktop, disabled.securitycenter, explorer, file, firewall, fontcache, gerätetreiber, hijackthis, hkus\s-1-5-18, installation, lenovo, log-datei, microsoft, neustart, notification, opera.exe, outlook express, pdf, programme, prüfen, registrierungsschlüssel, registry, rundll, senden, server, software, super, symantec, tr/hijacker.gen, trojan.small, trojaner, was tun, windows xp |
Baum-Darstellung