Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun?

flying-henne · 22.12.2009, 16:39

Hallo!
Ich fürchte ich brauche kompetenten Rat.
Avira hat auf meinem Rechner unerwünschte Dateien entdeckt und in die Quarantäne verschoben:

Trojanisches Pferd: Crypt.ZPACK.Gen in mehrfacher Ausführung in windows/system32 und in SystemVolumeInformation/_restore, insgesamt 8 mal.
Trojanisches Pferd: TR/BHO.Gen in 2facher Ausführung in SystemVolumeInformation/_restore.
Trojanisches Pferd: TR/Hijacker.Gen 3mal in SystemVolumeInformation/_restore.
Und einmal den verdächtigen Code: HEUR/HTML.Malware in Dokumente und Einstellungen. (Ich hätte gerne die genauen Fundorte kopiert, aber ich weiß nicht wie ich diese aus Avira kopiert bekomme.)

Ich habe zwar etwas über die Dateien hier auf der Seite gefunden, allerdings weiß ich nicht welches Vorgehen in meinem Fall das richtige ist.

Des weiteren schaltet sich meine Windows Firewall bei jedem Neustart aus.

Ich hatte bis vor kurzem Norton Antivirus installiert, bin aber jetzt auf Avira umgestiegen.

Ich habe CCleaner wie beschrieben durchlaufen lassen.

Malwarebytes Anti Malware log-Datei:

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3407
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.12.2009 15:40:19
mbam-log-2009-12-22 (15-40-19).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 218229
Laufzeit: 1 hour(s), 43 minute(s), 22 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{0fcdc8c0-8297-4d27-85d2-84effa002f13} (Trojan.Small) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{57e7a0d2-05a2-4743-9268-0af49f56d56c} (Trojan.Small) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b7afd990-e814-4cc7-925a-c3938f71b81b} (Trojan.Small) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{13289e82-7a5d-4ed5-bec9-2c3b34a88ed0} (Trojan.Small) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b9e3f918-328c-410a-b2e3-2abf9e209974} (Trojan.Small) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\dtopMFC.ocx (Trojan.Small) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\dtopMFC.ocx (Trojan.Small) -> Quarantined and deleted successfully.

Log-Datei RSIT:
RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by (name entfernt) at 2009-12-22 15:47:40
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (9%) free of 53 GB
Total RAM: 1014 MB (54% free)
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:01, on 22.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SuRun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\IBM\Messages By IBM\ibmmessages.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\SuRun.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Dokumente und Einstellungen\Beil\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Trend Micro\HijackThis\Beil.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programme\Outlook Express\msimn.exe" //mailurl:mailto:hiromi@ebonycamera.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [SuRun Systemmenü-Erweiterung] C:\WINDOWS\SuRun.exe /SYSMENUHOOK
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickGammaLoader] C:\Programme\QuickGamma\QuickGammaLoader.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - Winlogon Notify: SuRun - C:\WINDOWS\SuRunExt.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Microsoft DDE+ server (eab8bcaeddb16dd7) - Unknown owner - C:\WINDOWS\system32\.eab8bcaeddb16dd7\eab8bcaeddb16dd7.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Super User Run (SuRun) Service - hxxp://kay-bruns.de - C:\WINDOWS\SuRun.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
 
--
End of file - 12512 bytes
 
======Scheduled tasks folder======
 
C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - alle.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2005-03-07 118842]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Programme\Norton AntiVirus\NavShExt.dll [2006-01-18 218784]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Programme\Norton AntiVirus\NavShExt.dll [2006-01-18 218784]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2004-11-08 110592]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2004-11-08 512000]
"TPKMAPHELPER"=C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [2004-02-04 897024]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2005-04-05 106496]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-04-04 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2004-11-12 40960]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2005-03-23 217088]
"SoundMAXPnP"=C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"UpdateManager"=C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-03-07 122939]
"ibmmessages"=C:\Programme\IBM\Messages By IBM\\ibmmessages.exe [2004-08-06 442368]
"ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2008-01-31 58728]
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2005-04-27 90112]
"QCWLICON"=C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE [2005-03-18 86016]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-09-04 100056]
"HP Component Manager"=C:\Programme\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-05-07 172032]
"HP Software Update"=C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-05-07 49152]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QCTray"=C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe [2005-03-18 745472]
"SuRun Systemmenü-Erweiterung"=C:\WINDOWS\SuRun.exe [2009-10-24 442412]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
" Malwarebytes Anti-Malware  (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ibmmessages"=C:\Programme\IBM\Messages By IBM\ibmmessages.exe [2004-08-06 442368]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"QuickGammaLoader"=C:\Programme\QuickGamma\QuickGammaLoader.exe [2009-08-14 98816]
"QuickGammaResume"= []
 
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
VPN Client.lnk - C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico
 
C:\Dokumente und Einstellungen\Beil\Startmenü\Programme\Autostart
OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2005-03-18 262144]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SuRun]
C:\WINDOWS\SuRunExt.dll [2009-10-24 139320]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-12 24576]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2C7B6088-5A77-4d48-BE43-30337DCA9A86}"=C:\WINDOWS\SuRunExt.dll [2009-10-24 139320]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
pwdmon
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eab8bcaeddb16dd7]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\eab8bcaeddb16dd7]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"EnableShellExecuteHooks"=
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f63c52-a7a9-11de-b1b1-0014a4d7570f}]
shell\AutoRun\command - setupSNK.exe
 
 
======List of files/folders created in the last 3 months======
 
2009-12-22 15:47:40 ----D---- C:\rsit
2009-12-22 11:49:35 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Malwarebytes
2009-12-22 11:49:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-12-22 11:49:12 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-22 11:08:57 ----D---- C:\Programme\CCleaner
2009-12-21 10:38:27 ----D---- C:\Programme\QuickMonitorProfile
2009-12-21 10:37:51 ----D---- C:\Programme\QuickGamma
2009-12-17 21:04:08 ----D---- C:\Programme\HomeGallery
2009-12-16 20:08:01 ----D---- C:\Programme\Trend Micro
2009-12-09 20:06:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 20:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 20:05:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 20:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 20:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-04 18:28:34 ----D---- C:\Programme\Microsoft Games
2009-12-04 11:01:10 ----D---- C:\Programme\Avira
2009-12-04 11:01:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-11-30 22:09:22 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Lasersoft Imaging
2009-11-30 22:08:35 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2009-11-25 20:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 20:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-19 19:33:54 ----D---- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
2009-11-19 19:33:54 ----D---- C:\Programme\DVDVideoSoft
2009-11-17 18:41:30 ----D---- C:\Programme\Fast Image Resizer
2009-11-17 15:27:33 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\PIE
2009-11-14 21:53:40 ----D---- C:\Programme\Common Files
2009-11-14 21:53:37 ----D---- C:\Programme\Powerbullet
2009-11-11 23:17:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2009-11-11 23:17:19 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Autodesk
2009-11-11 23:03:04 ----D---- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2009-11-11 22:52:52 ----D---- C:\Programme\Microsoft WSE
2009-11-11 22:50:30 ----D---- C:\Programme\DWG TrueView 2010
2009-11-11 22:50:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
2009-11-11 22:50:12 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-11-11 22:50:12 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-11-11 22:50:10 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-11-11 22:49:59 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-11-11 22:49:32 ----D---- C:\Programme\Gemeinsame Dateien\Designer
2009-11-11 22:49:28 ----D---- C:\Programme\Microsoft Office
2009-11-11 22:48:12 ----D---- C:\Programme\Gemeinsame Dateien\Autodesk Shared
2009-11-11 22:48:12 ----D---- C:\Programme\Autodesk
2009-11-11 22:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2009-11-11 22:24:06 ----D---- C:\Autodesk
2009-11-11 20:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-09 18:13:37 ----D---- C:\Programme\Gemeinsame Dateien\Akamai
2009-11-09 17:23:02 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Canneverbe_Limited
2009-11-07 20:58:31 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Nvu
2009-11-07 20:58:12 ----D---- C:\Programme\Nvu
2009-11-06 21:27:27 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\XnView
2009-11-05 19:55:31 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\dvdcss
2009-11-05 19:38:58 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\vlc
2009-11-05 19:13:23 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\OpenOffice.org
2009-11-05 15:34:39 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Matus Tomlein
2009-11-05 11:39:20 ----D---- C:\Neuer Ordner
2009-10-29 20:44:04 ----D---- C:\Programme\VideoLAN
2009-10-25 11:13:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\ICQ
2009-10-24 14:54:46 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Macromedia
2009-10-24 14:54:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Adobe
2009-10-24 14:54:19 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Mozilla
2009-10-24 14:47:49 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\gtk-2.0
2009-10-24 14:28:14 ----A---- C:\WINDOWS\SuRunExt.dll
2009-10-24 14:28:14 ----A---- C:\WINDOWS\SuRun.exe
2009-10-14 05:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 05:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 05:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 05:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 05:54:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 05:53:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 05:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 05:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 05:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-10 18:52:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
2009-10-10 18:52:18 ----D---- C:\Programme\CDBurnerXP
2009-10-10 18:51:04 ----D---- C:\Programme\Synkron
2009-10-10 10:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-09 19:26:33 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-10-09 19:26:17 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2009-10-09 19:19:40 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-09 19:19:32 ----D---- C:\Programme\MSBuild
2009-10-09 19:19:28 ----D---- C:\WINDOWS\system32\en-US
2009-10-09 19:19:17 ----D---- C:\Programme\Reference Assemblies
2009-10-09 19:15:21 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-09 19:15:20 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-09 19:15:18 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-09 19:15:17 ----D---- C:\b4d73ca4efa1a8c42e071455e1
2009-10-07 11:18:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-10-07 11:18:53 ----D---- C:\Programme\Spybot - Search & Destroy
2009-10-06 20:06:00 ----D---- C:\WINDOWS\Internet Logs
2009-10-06 20:05:13 ----A---- C:\WINDOWS\system32\dneinobj.dll
2009-10-06 20:04:42 ----D---- C:\Programme\Gemeinsame Dateien\Deterministic Networks
2009-10-06 20:04:38 ----D---- C:\Programme\Cisco Systems
2009-10-03 12:58:46 ----ASH---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\desktop.ini
2009-10-03 12:58:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Identities
2009-10-03 12:58:45 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\IBM
2009-10-03 12:58:44 ----SD---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Microsoft
2009-10-03 12:58:44 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Symantec
2009-10-03 12:58:44 ----D---- C:\Dokumente und Einstellungen\Beil\Anwendungsdaten\Sonic
2009-09-28 13:05:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-09-28 13:05:27 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-09-28 12:41:51 ----D---- C:\Programme\OpenOffice.org 3
2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\MSXML4a.dll
2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\hpvcr70.dll
2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\hpvcp70.dll
2009-09-27 08:44:54 ----RA---- C:\WINDOWS\system32\hpvaut32.dll
2009-09-27 08:43:09 ----D---- C:\Programme\HP
2009-09-27 08:43:08 ----D---- C:\Programme\Hewlett-Packard
2009-09-27 08:41:59 ----A---- C:\WINDOWS\hpdj6500.ini
2009-09-26 10:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-26 10:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-26 10:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-25 13:31:52 ----D---- C:\WINDOWS\Prefetch
2009-09-25 13:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-25 13:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-25 13:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-25 13:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-25 13:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-25 13:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-25 13:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-25 13:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-25 13:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-25 13:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-25 13:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-25 13:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-25 13:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-25 13:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-25 13:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-25 13:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-25 13:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-25 13:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-25 13:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-25 13:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-25 13:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-25 13:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-25 13:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-25 13:22:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-25 13:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-25 13:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-25 13:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-25 13:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-25 13:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-25 13:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-25 13:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-25 13:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-25 13:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-25 13:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-25 13:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-25 13:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-25 13:19:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-25 13:14:21 ----D---- C:\WINDOWS\system32\de
2009-09-25 13:14:21 ----D---- C:\WINDOWS\system32\bits
2009-09-25 13:14:21 ----D---- C:\WINDOWS\l2schemas
2009-09-25 13:08:47 ----D---- C:\WINDOWS\network diagnostic
2009-09-25 13:04:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-25 12:51:22 ----D---- C:\WINDOWS\ie8updates
2009-09-25 12:50:22 ----D---- C:\WINDOWS\WBEM
2009-09-25 12:49:07 ----HDC---- C:\WINDOWS\ie8
2009-09-25 12:49:07 ----D---- C:\WINDOWS\system32\de-DE
2009-09-25 12:28:15 ----A---- C:\WINDOWS\system32\PF3600PRO_LOG.TXT
2009-09-25 12:28:14 ----A---- C:\WINDOWS\system32\PowSlide_LOG.TXT
2009-09-25 12:27:35 ----D---- C:\Programme\SilverFast Application
2009-09-23 17:03:26 ----D---- C:\Programme\XnView
2009-09-23 16:59:50 ----D---- C:\Programme\GIMP-2.0
2009-09-23 16:40:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-23 16:39:49 ----A---- C:\WINDOWS\system32\PWiaExt.dll
2009-09-23 16:39:48 ----D---- C:\WINDOWS\system32\GAMMA
2009-09-23 16:39:48 ----A---- C:\WINDOWS\system32\PF1800LC.Dll
2009-09-23 16:39:45 ----A---- C:\WINDOWS\TWAIN32.DLL
2009-09-23 16:39:45 ----A---- C:\WINDOWS\system32\daspi32u.dll
2009-09-23 16:39:42 ----A---- C:\WINDOWS\SPROF32.DLL
2009-09-23 16:39:42 ----A---- C:\WINDOWS\Scanner.ini
2009-09-23 16:39:42 ----A---- C:\WINDOWS\PFPICK.DLL
2009-09-23 16:39:42 ----A---- C:\WINDOWS\KPSYS32.DLL
2009-09-23 16:39:42 ----A---- C:\WINDOWS\KPCP32.DLL
2009-09-23 16:39:42 ----A---- C:\WINDOWS\KDSOUT.DLL
2009-09-23 16:39:42 ----A---- C:\WINDOWS\KDSINPUT.DLL
2009-09-23 16:39:42 ----A---- C:\WINDOWS\KCM2SP.DLL
2009-09-23 16:39:42 ----A---- C:\WINDOWS\ICCCODES.DLL
 
======List of files/folders modified in the last 3 months======
 
2009-12-22 15:43:37 ----D---- C:\WINDOWS\Temp
2009-12-22 15:43:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-22 15:42:04 ----AD---- C:\WINDOWS
2009-12-22 15:41:40 ----D---- C:\WINDOWS\system32\drivers
2009-12-22 15:41:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-22 15:40:19 ----D---- C:\WINDOWS\system32
2009-12-22 11:49:12 ----RD---- C:\Programme
2009-12-22 11:16:12 ----D---- C:\WINDOWS\Debug
2009-12-21 20:45:52 ----D---- C:\Programme\Mozilla Firefox
2009-12-21 10:44:44 ----D---- C:\WINDOWS\inf
2009-12-21 10:36:39 ----SHD---- C:\WINDOWS\Installer
2009-12-21 10:36:17 ----D---- C:\WINDOWS\WinSxS
2009-12-16 19:30:44 ----D---- C:\Programme\Gemeinsame Dateien
2009-12-14 21:47:01 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2009-12-09 20:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 20:06:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-09 20:05:44 ----D---- C:\Programme\Internet Explorer
2009-12-09 20:05:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-30 22:08:35 ----D---- C:\WINDOWS\system
2009-11-14 21:53:40 ----RSD---- C:\WINDOWS\Fonts
2009-11-11 23:04:44 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-11 23:04:43 ----RSD---- C:\WINDOWS\assembly
2009-11-11 22:58:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-11 22:51:42 ----D---- C:\WINDOWS\Help
2009-11-11 22:50:14 ----D---- C:\WINDOWS\system32\DirectX
2009-11-11 22:38:13 ----D---- C:\WINDOWS\system32\mui
2009-11-05 20:07:07 ----D---- C:\VALUEADD
2009-11-05 20:06:40 ----D---- C:\icons
2009-10-29 08:40:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-10-29 08:40:24 ----N---- C:\WINDOWS\system32\occache.dll
2009-10-29 08:40:24 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 08:40:24 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 08:40:21 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 08:40:21 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 08:40:21 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 08:40:20 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 08:40:18 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-10-29 08:40:18 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 08:40:15 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-28 16:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 15:40:47 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-24 12:20:08 ----D---- C:\Dokumente und Einstellungen
2009-10-24 12:14:42 ----D---- C:\RRUbackups
2009-10-24 09:58:49 ----SHD---- C:\RECYCLER
2009-10-21 06:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 06:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-16 10:06:10 ----HD---- C:\WINDOWS\system32\.eab8bcaeddb16dd7
2009-10-16 09:20:36 ----D---- C:\Programme\Norton AntiVirus
2009-10-13 11:32:34 ----A---- C:\WINDOWS\system32\oakley.dll
2009-10-12 14:38:18 ----A---- C:\WINDOWS\system32\rastls.dll
2009-10-12 14:38:18 ----A---- C:\WINDOWS\system32\raschap.dll
2009-10-10 11:04:29 ----D---- C:\IBMSHARE
2009-10-10 11:00:52 ----D---- C:\IBMTOOLS
2009-10-10 10:27:26 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-10 07:28:19 ----SD---- C:\WINDOWS\Tasks
2009-10-09 19:17:58 ----D---- C:\WINDOWS\system32\spool
2009-10-09 19:10:35 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-10-09 19:10:12 ----D---- C:\WINDOWS\pchealth
2009-09-28 13:05:26 ----D---- C:\Programme\Adobe
2009-09-25 13:31:19 ----D---- C:\WINDOWS\AppPatch
2009-09-25 13:31:19 ----D---- C:\Programme\Messenger
2009-09-25 13:31:18 ----D---- C:\WINDOWS\system32\wbem
2009-09-25 13:31:18 ----D---- C:\WINDOWS\system32\Setup
2009-09-25 13:27:46 ----D---- C:\Programme\Outlook Express
2009-09-25 13:19:14 ----D---- C:\WINDOWS\security
2009-09-25 13:14:39 ----D---- C:\WINDOWS\ehome
2009-09-25 13:14:38 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-25 13:14:37 ----D---- C:\WINDOWS\ime
2009-09-25 13:14:22 ----D---- C:\WINDOWS\system32\usmt
2009-09-25 13:14:21 ----D---- C:\WINDOWS\PeerNet
2009-09-25 13:14:21 ----D---- C:\Programme\Movie Maker
2009-09-25 13:11:33 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-25 13:11:22 ----D---- C:\WINDOWS\system32\Restore
2009-09-25 13:11:22 ----D---- C:\WINDOWS\system32\npp
2009-09-25 13:11:21 ----D---- C:\WINDOWS\msagent
2009-09-25 13:11:19 ----D---- C:\WINDOWS\srchasst
2009-09-25 13:11:18 ----D---- C:\Programme\NetMeeting
2009-09-25 13:11:16 ----D---- C:\WINDOWS\system32\Com
2009-09-25 13:11:13 ----D---- C:\Programme\Windows NT
2009-09-25 13:11:13 ----D---- C:\Programme\Windows Media Player
2009-09-25 13:11:08 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-09-25 13:10:51 ----AD---- C:\WINDOWS\system32\oobe
2009-09-25 13:07:17 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-25 12:50:13 ----D---- C:\WINDOWS\Media
2009-09-25 12:26:54 ----D---- C:\WINDOWS\twain_32
2009-09-23 16:43:42 ----HD---- C:\Programme\InstallShield Installation Information
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-03-18 11520]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-03-18 2432]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Programme\Norton AntiVirus\SAVRTPEL.SYS []
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 4608]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2005-01-21 14848]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-01-21 9340]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2005-04-14 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2005-05-17 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-25 17801]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-03-07 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-03-07 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-03-07 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-03-07 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-03-07 87834]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-03-07 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-03-07 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-03-07 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-03-07 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 AR5211;Dual-band Wi-Fi Wireless Mini PCI Adapter; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-28 449856]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2005-05-24 17408]
R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-05-24 30299]
R3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-05-24 148040]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-11-10 1041664]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-11-10 200448]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2004-11-05 12944]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-08 177504]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2004-12-02 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 14336]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-11-10 685184]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-05-24 55288]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20091202.006\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20091202.006\NavEx15.Sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-01 12416]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-03-18 12288]
S3 SAVRT;SAVRT; \??\C:\Programme\Norton AntiVirus\SAVRT.SYS []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20091120.002\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 btwdins;Bluetooth Service; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [2005-05-24 163840]
R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [2008-01-31 197992]
R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [2008-01-31 181608]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608]
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2005-04-27 385024]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2004-11-05 57344]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe [2005-10-19 46704]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-03-18 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Programme\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
R2 Super User Run (SuRun) Service;Super User Run (SuRun) Service; C:\WINDOWS\SuRun.exe [2009-10-24 442412]
R2 TPHDEXLGSVC;IBM HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2004-05-24 77824]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-11 32768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
R3 ACS;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2005-01-24 36864]
S2 eab8bcaeddb16dd7;Microsoft DDE+ server; C:\WINDOWS\system32\.eab8bcaeddb16dd7\eab8bcaeddb16dd7.exe []
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe [2005-10-19 67184]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe [2008-01-31 79208]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-11 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 navapsvc;Norton AntiVirus Auto-Protect-Dienst; C:\Programme\Norton AntiVirus\navapsvc.exe [2006-01-18 177312]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 SAVScan;SAVScan; C:\Programme\Norton AntiVirus\SAVScan.exe [2005-03-07 198368]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
S3 WmcCds;Windows Media Connect (WMC); c:\programme\windows media connect\mswmccds.exe [2004-08-10 483328]
S3 WmcCdsLs;Windows Media Connect-Hilfsprogramm; C:\Programme\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
 
-----------------EOF-----------------

--- --- ---
Fortsetzung folgt...

flying-henne · 22.12.2009, 16:41

info-Datei RSIT:

info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.06 2009-12-22 15:48:06
 
======Uninstall list======
 
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x7 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x7 ControlPanel
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Akamai NetSession Interface-->C:\Programme\Gemeinsame Dateien\Akamai\uninstall.exe
Autodesk Design Review 2010-->C:\Programme\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR
Autodesk Inventor 2010 English Language Pack-->MsiExec.exe /I{52969324-463B-4643-BF36-854BE2BECB89}
Autodesk Inventor 2010-->MsiExec.exe /I{7F4DD591-1400-0409-0000-7107D70F3DB4}
Autodesk Inventor Content Center Libraries 2010 (Desktop Content)-->MsiExec.exe /X{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}
Autodesk Inventor Professional 2010-->C:\Programme\Autodesk\Inventor 2010\Setup\Setup.exe /P {7F4DD591-1400-0409-0000-7107D70F3DB4} /M INVENTOR /LANG en-US
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Programme\CDBurnerXP\unins000.exe"
Cisco Systems VPN Client 5.0.04.0300-->MsiExec.exe /X{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}
CyberView X - SF v1.18c-->"C:\Programme\InstallShield Installation Information\{D8FF6E29-36B4-474F-A88F-973087650C00}\setup.exe" -runfromtemp -l0x0007 -removeonly
Dienstprogramm 'IBM ThinkPad EasyEject'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x7 -AddRemove
Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x7 anything
DWG TrueView 2010-->C:\Programme\DWG TrueView 2010\Setup\Setup.exe /P {5783F2D7-8028-0409-0000-0060B0CE6BBA} /M AOEM /language en-US
EMEA Wallpaper-->MsiExec.exe /I{8745DEAB-1126-42F5-9585-C66D5497B47B}
FastImageResizer (remove only)-->"C:\Programme\Fast Image Resizer\uninstall.exe"
Free Audio CD Burner version 1.2-->"C:\Programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Funktion "IBM TrackPoint-Eingabehilfen"-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe" 
GIMP 2.6.6-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HomeGallery 1.5.0-->"C:\Programme\HomeGallery\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Deskjet 6500-->msiexec /x{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}
HP Software Update-->MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
IBM 32-bit Runtime Environment for Java 2, v1.4.2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1031 
IBM Access Connections-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x7 anything
IBM DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem-->C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IIBM0559K.INF -ISFG
IBM RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore-->MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM SATA Power Management Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\SETUP.EXE" -l0x9 anything
IBM System für aktiven Festplattenschutz-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x7 anything
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Energie-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x7 -AddRemove
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad 'Präsentationsdirektor'-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -cC:\Programme\ThinkPad\Utilities\Tpinsnpd.dll
IBM ThinkPad UltraNav Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad-Konfiguration-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x7 -AddRemove
IBM ThinkPad-UltraNav-Assistent-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x7 anything
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\SETUP.EXE" -l0x7 UNINSTALLFROMSYS
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD-->"C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
LiveReg (Symantec Corporation)-->C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Programme\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Motocross Madness 2-->"C:\Programme\Microsoft Games\Motocross Madness 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{09298F26-A95C-31E2-9D95-2C60F586F075}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Norton AntiVirus 2005 (Symantec Corporation)-->C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Nvu 1.0-->C:\Programme\Nvu\unins000.exe
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
PC-Doctor for Windows-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8F55B163-7B42-42A3-9307-C7FCB9655225} /l1031 
Powerbullet Presenter-->C:\Programme\Powerbullet\unins000.exe
QuickGamma 3.0.0.1-->"C:\Programme\QuickGamma\unins000.exe"
QuickMonitorProfile 2.1.0.1-->"C:\Programme\QuickMonitorProfile\unins000.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SilverFast AFL 6.6.1r4a-->C:\Programme\SilverFast Application\SilverFast AFL\uninst.exe
SilverFast AFL-SE 6.6.1r2a-->C:\Programme\SilverFast Application\SilverFast AFL-SE\uninst.exe
Software Installer-->_tpiu000.exe /U
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x7 -removeonly
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Super User Run (SuRun)-->C:\WINDOWS\SuRun.exe /UNINSTALL
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synkron 1.6.0-->"C:\Programme\Synkron\unins000.exe"
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated Bluetooth IV Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 1.0.2-->C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Driver Package - PIE Image 10/22/2002 1.1.1-->C:\WINDOWS\system32\DRVSTORE\Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e\DpInst.exe /u Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinStars 2.0-->"C:\Programme\WinStars2\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XnView 1.96.2-->"C:\Programme\XnView\unins000.exe"
 
======Hosts File======
 
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
 
======Security center information======
 
AV: Norton AntiVirus 2005 (disabled)
AV: AntiVir Desktop
FW: Norton Internet Worm Protection (disabled)
 
======System event log======
 
Computer Name: IBM-D57F3F582F1
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".
 
Record Number: 8455
Source Name: Service Control Manager
Time Written: 20091202063822.000000+060
Event Type: Informationen
User: 
 
Computer Name: IBM-D57F3F582F1
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.
 
Record Number: 8454
Source Name: Service Control Manager
Time Written: 20091202063821.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
 
Computer Name: IBM-D57F3F582F1
Event Code: 7036
Message: Dienst "ACU Configuration Service" befindet sich jetzt im Status "Ausgeführt".
 
Record Number: 8453
Source Name: Service Control Manager
Time Written: 20091202063821.000000+060
Event Type: Informationen
User: 
 
Computer Name: IBM-D57F3F582F1
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "ACU Configuration Service" gesendet.
 
Record Number: 8452
Source Name: Service Control Manager
Time Written: 20091202063821.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
 
Computer Name: IBM-D57F3F582F1
Event Code: 7036
Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt".
 
Record Number: 8451
Source Name: Service Control Manager
Time Written: 20091202063821.000000+060
Event Type: Informationen
User: 
 
=====Application event log=====
 
Computer Name: IBM-D57F3F582F1
Event Code: 1038
Message: Windows Installer erfordert einen Neustart des Systems. Produktname: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17. Produktversion: 9.0.30729. Produktsprache: 1033. Typ des Systemneustarts: 2. Ursache des Neustarts: 1.
 
Record Number: 5293
Source Name: MsiInstaller
Time Written: 20091204105946.000000+060
Event Type: Informationen
User: IBM-D57F3F582F1\alle
 
Computer Name: IBM-D57F3F582F1
Event Code: 1035
Message: Das Produkt wurde durch Windows Installer neu konfiguriert. Produktname: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17. Produktversion: 9.0.30729. Produktsprache: 1033. Erfolg- bzw. Fehlerstatus der neuen Konfiguration: 0.
 
Record Number: 5292
Source Name: MsiInstaller
Time Written: 20091204105946.000000+060
Event Type: Informationen
User: IBM-D57F3F582F1\alle
 
Computer Name: IBM-D57F3F582F1
Event Code: 11728
Message: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 -- Configuration completed successfully.
 
Record Number: 5291
Source Name: MsiInstaller
Time Written: 20091204105946.000000+060
Event Type: Informationen
User: IBM-D57F3F582F1\alle
 
Computer Name: IBM-D57F3F582F1
Event Code: 1025
Message: Produkt: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17. Die Datei c:\WINDOWS\winsxs\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll wird von folgendem Prozess verwendet: soffice.bin, ID 2548.
 
Record Number: 5290
Source Name: MsiInstaller
Time Written: 20091204105944.000000+060
Event Type: Informationen
User: IBM-D57F3F582F1\alle
 
Computer Name: IBM-D57F3F582F1
Event Code: 1025
Message: Produkt: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17. Die Datei c:\WINDOWS\winsxs\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll wird von folgendem Prozess verwendet: soffice, ID 3584.
 
Record Number: 5289
Source Name: MsiInstaller
Time Written: 20091204105944.000000+060
Event Type: Informationen
User: IBM-D57F3F582F1\alle
 
======Environment variables======
 
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\ThinkPad\Utilities;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemDrive%\IBMTOOLS\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RRU"=C:\Programme\IBM\IBM Rapid Restore Ultra\
"PYTHONPATH"=%SystemDrive%\IBMTOOLS\utils\support;%SystemDrive%\IBMTOOLS\utils\logger
"IBMSHARE"=%SystemDrive%\IBMSHARE
"TCL_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tcl8.4
"TK_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tk8.4
"PYTHONCASEOK"=1
"OMP_NUM_THREADS"=1
 
-----------------EOF-----------------

--- --- ---

Ich hoffe ich habe das soweit richtig gemacht

Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun?

Plagegeister aller Art und deren Bekämpfung: Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun?

Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun?

Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun?

Ähnliche Themen: Trojaner Crypt.ZPACK, BHO, HIJACKER in Quarantäne - Was tun?