| |
| |||||||
Log-Analyse und Auswertung: malware defense gekriegt HJT logWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.01.2010, 09:26
| #1 |
| |  malware defense gekriegt HJT log er gibt mir das hier: info.txt logfile of random's system information tool 1.06 2010-01-02 09:21:58 ======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E} Acer Crystal Eye Webcam 2.0.9.1-->C:\Programme\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly Acer Crystal Eye Webcam Video Class Camera -->C:\Programme\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u Acer Empowering Technology-->"C:\Programme\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0007 -removeonly Acer ePower Management-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x7 -removeonly Acer GridVista-->C:\WINDOWS\GVUni.exe GridV.UNI Adobe AIR-->C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} BDE-->C:\WINDOWS\unin0407.exe -fC:\Programme\CCBuchner\BDE\DeIsL1.isu -cC:\Programme\CCBuchner\BDE\_ISREG32.DLL Beach Volleyball-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2225F5C5-E738-4132-B8AB-428046BE7534}\setup.exe" -uninst Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{A64A5576-D862-44F8-89DC-2B17FCC9B86E} Catan - Die erste Insel-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\Catan\Uninst.isu -cC:\PROGRA~1\Catan\CatanUninstall.dll CCleaner-->"C:\Programme\CCleaner\uninst.exe" Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012} CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016} CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013} CorelDRAW Graphics Suite X4 - Extra Content-->MsiExec.exe /I{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B} CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017} CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019} CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010} CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A} CorelDRAW Graphics Suite X4 - Lang BR-->MsiExec.exe /I{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF} CorelDRAW Graphics Suite X4 - Lang CZ-->MsiExec.exe /I{FFFE7261-2318-4227-B827-E9E05E16DFE5} CorelDRAW Graphics Suite X4 - Lang DE-->MsiExec.exe /I{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED} CorelDRAW Graphics Suite X4 - Lang EN-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100} CorelDRAW Graphics Suite X4 - Lang ES-->MsiExec.exe /I{D2827848-7D2A-4547-9AD1-C965FB3E6344} CorelDRAW Graphics Suite X4 - Lang FR-->MsiExec.exe /I{9D306690-3173-42CD-94C6-9EF9318AF24B} CorelDRAW Graphics Suite X4 - Lang IT-->MsiExec.exe /I{D0160DD3-6F62-4F1E-B999-6C68D3AE7390} CorelDRAW Graphics Suite X4 - Lang NL-->MsiExec.exe /I{A6C27FFF-75EF-4B5B-A64E-F9E128994908} CorelDRAW Graphics Suite X4 - Lang PL-->MsiExec.exe /I{6834B8AE-D23B-4B26-A919-6515844CF2BA} CorelDRAW Graphics Suite X4 - Lang SU-->MsiExec.exe /I{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F} CorelDRAW Graphics Suite X4 - Lang SV-->MsiExec.exe /I{9CDA415B-974B-4384-8CA6-9327D5B4270B} CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014} CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181} CorelDRAW Graphics Suite X4-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF000} CorelDRAW(R) Graphics Suite X4 - Extra Content-->C:\Dokumente und Einstellungen\All Users\Dokumente\Corel\CorelDRAW Graphics Suite X4\Extras\Setup\SetupARP.exe /arp CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\Uninst.exe CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10} CorelDRAW(R) Graphics Suite X4-->C:\Programme\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp DAMPSOFT auf Laufwerk D-->D:\TDAMP\DS\dsuninst.exe DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB} FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909} Google Chrome-->"C:\Programme\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall Green Line 2 Sprachtrainer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{16281EBA-AA00-44D2-BC8B-06F3C3380DA1}\setup.exe" -l0x7 -removeonly GTA San Andreas-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x7 -removeonly HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcZUnM5k.INF HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" HP Color LaserJet CP1510 Series 2.0-->C:\Programme\HP\Digital Imaging\{223C0721-A6B0-4853-88C0-331029841734}\setup\hpzscr01.exe -datfile hppscr09.dat -onestop -forcereboot ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\WINDOWS\system32\imsmudlg.exe -uninstall InterVideo WinDVD 8-->C:\Programme\InstallShield Installation Information\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}\setup.exe -runfromtemp -l0x0407 iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\Setup.exe" -l0x7 -removeonly klickTel Telefon- und Branchenbuch Frühjahr 2009-->"C:\Programme\InstallShield Installation Information\{D18FCB8E-A5A1-45D0-9E5E-DDB5826ECA70}\Setup.exe" -runfromtemp -l0x0007 -removeonly Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Mathematik interaktiv S II-->MsiExec.exe /X{439FBD30-A650-432D-8EAD-F681D56D7216} McAfee Agent-->MsiExec.exe /X{A638557B-1F13-40A0-9627-C892FBCA6960} McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973} Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mind Visualizer Deutsche Version-->"C:\Programme\MindVisualizer Standard Edition\unins000.exe" Mozilla Firefox (3.5.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE} NTI Backup Now 5-->C:\Programme\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407 NTI Media Maker 8-->C:\Programme\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407 NTI Shadow-->"C:\Programme\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly NTI Shadow-->C:\Programme\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x0407 Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe pdf24-->"C:\Programme\pdf24\unins000.exe" QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Sprachtrainer Fonts-->MsiExec.exe /X{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC} Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811} Total Commander (Remove or Repair)-->c:\programme\totalcmd\tcuninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445} Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: Malware Defense (outdated) AV: McAfee VirusScan Enterprise ======System event log====== Computer Name: NB04 Event Code: 7036 Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt". Record Number: 16791 Source Name: Service Control Manager Time Written: 20091201075731.000000+060 Event Type: Informationen User: Computer Name: NB04 Event Code: 7036 Message: Dienst "iPod-Dienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 16790 Source Name: Service Control Manager Time Written: 20091201075731.000000+060 Event Type: Informationen User: Computer Name: NB04 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet. Record Number: 16789 Source Name: Service Control Manager Time Written: 20091201075731.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: NB04 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "iPod-Dienst" gesendet. Record Number: 16788 Source Name: Service Control Manager Time Written: 20091201075728.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: NB04 Event Code: 7036 Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt". Record Number: 16787 Source Name: Service Control Manager Time Written: 20091201075727.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: NB04 Event Code: 7500 Message: Intel RAID-Controller: Unbekannter Controller Anzahl der Serial ATA-Anschlüsse: 4 RAID Option ROM - Version: Unbekannt Treiberversion: 8.0.0.1039 RAID-Plug-In - Version: 8.0.0.1039 Sprachressourcenversion des RAID-Plug-In: Datei nicht gefunden Assistent zum Erstellen eines Volumes - Version: 8.0.0.1039 Sprachressourcenversion für Assistenten zum Erstellen eines Volumes: Datei nicht gefunden Assistent zum Erstellen eines Volumes von einer vorhandenen Festplatte - Version: 8.0.0.1039 Sprachressourcenversion des Assistenten zum Erstellen eines Volumes von einer vorhandener Festplatte: Datei nicht gefunden Assistent zum Bearbeiten des Volumes - Version: 8.0.0.1039 Sprachressourcenversion des Assistenten zum Bearbeiten des Volumes: Datei nicht gefunden Assistent zum Löschen eines Volumes - Version: 8.0.0.1039 Sprachressourcenversion des Assistenten zum Löschen eines Volumes: Datei nicht gefunden ISDI Bibliothek Version: 8.0.0.1039 Version 8.0.0.1039 des Benutzerbenachrichtigungstools des Event Monitor Sprachressourcenversion des Benutzerbenachrichtigungstools des Event Monitor: Datei nicht gefunden Event Monitor - Version: 8.0.0.1039 Festplatte 0 Verwendung: Unbekannte Festplattenverwendung Status: Normal Geräteanschluss: 0 Geräteanschlussposition: Intern Aktueller Serial ATA-Übertragungsmodus: Generation 2 Modell: Hitachi HTS543225L9A300 Seriennummer: 090130FB2D00LJCDYHJA Firmware: FBEOC40C Native Command Queuing-Unterstützung: Ja Systemfestplatte: Ja Gesamtgröße: 232.8 GB Physische Sektorgröße: 512 Byte Logische Sektorgröße: 512 Byte Unbelegter Anschluss 0 Geräteanschluss: 4 Geräteanschlussposition: Intern Unbelegter Anschluss 1 Geräteanschluss: 5 Geräteanschlussposition: Intern CD/DVD-Laufwerk 0 Geräteanschluss: 1 Geräteanschlussposition: Intern Aktueller Serial ATA-Übertragungsmodus: Generation 1 Modell: HL-DT-ST DVDRAM GSA-T50N Seriennummer: K0C8C8D5109 Firmware: RP05 Record Number: 2361 Source Name: IAANTmon Time Written: 20091018124546.000000+120 Event Type: Informationen User: Computer Name: NB04 Event Code: 5000 Message: McShield-Dienst gestartet. Modulversion: 5301.4018 DAT-Version: 5773.0000 Anzahl an Signaturen in EXTRA.DAT: Kein Namen der Bedrohungen, die EXTRA.DAT entdecken kann: Kein Record Number: 2360 Source Name: McLogEvent Time Written: 20091018124544.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: NB04 Event Code: 32068 Message: Die ausgehende Verteilerregel ist nicht gültig, weil kein gültiges Gerät gefunden werden kann. Ausgehende Faxe, die diese Regel verwenden, werden nicht weitergeleitet. Stellen Sie sicher, dass das angezielte Gerät bzw. die angezielten Geräte angeschlossen, korrekt installiert und angeschaltet sind. Stellen Sie außerdem sicher, dass die Gruppe korrekt konfiguriert ist, falls die Weiterleitung an eine Gruppe von Geräten erfolgen soll. Landes-/Regionskennzahl: "*" Ortskennzahl: "*" Record Number: 2359 Source Name: Microsoft Fax Time Written: 20091018124531.000000+120 Event Type: Warnung User: Computer Name: NB04 Event Code: 32026 Message: Fehler beim Initialisieren der zugewiesenen Faxgeräte (virtuell oder TAPI) durch den Faxdienst. Es können keine Faxe gesendet werden, bis ein Faxgerät installiert ist. Record Number: 2358 Source Name: Microsoft Fax Time Written: 20091018124531.000000+120 Event Type: Warnung User: Computer Name: NB04 Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 2357 Source Name: SecurityCenter Time Written: 20091018124530.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Microsoft SQL Server\90\Tools\binn\ "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Microsoft SQL Server\90\Tools\binn\;C:\Programme\NewTech Infosystems\NTI Backup Now 5\; "DEFLOGDIR"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee\DesktopProtection "VSEDEFLOGDIR"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee\DesktopProtection "CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Und den log: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2010-01-02 09:21:35 Microsoft Windows XP Professional Service Pack 3 System drive C: has 66 GB (58%) free of 114 GB Total RAM: 1977 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:21:56, on 02.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe C:\Programme\McAfee\Common Framework\FrameworkService.exe C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\McAfee\Common Framework\udaterui.exe C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\avmwlanstick\FRITZWLANMini.exe C:\Programme\pdf24\PDFBackend.exe C:\Programme\McAfee\Common Framework\McTray.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\settdebugx.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2009\KSTART32.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\igfxext.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\wscsvc32.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YGKH1FCG\RSIT[1].exe C:\Programme\trend micro\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xpp&d=0309&m=extensa_7630ez R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [PDFPrint] "C:\Programme\pdf24\PDFBackend.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [settdebugx.exe] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\settdebugx.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Telefon- und Branchenbuch Frühjahr 2009 - Schnellstarter.lnk = ? O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238156631437 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238158276185&h=b022b5f3b4a0f92ccca9373c05be6c54/&filename=jinstall-6u13-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70CA0859-0A68-4BD0-B9CD-F6D097006623}: NameServer = 192.168.178.99 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Google Update Service (gupdate1c9d1866b11920a) (gupdate1c9d1866b11920a) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- End of file - 13888 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-11 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29 61200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-10 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-27 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-27 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"=Alaunch [] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-09 16862208] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-07-09 69632] "AzMixerSel"=C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe [2008-07-09 53248] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2008-07-09 1028096] "IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-15 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-15 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-08-27 858632] "ProductReg"=C:\Programme\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144] "PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-05 150040] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-05 170520] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-05 141848] "eRecoveryService"=C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe [2008-07-10 421888] "ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-07-08 466944] "Boot"=C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe [2007-12-25 579584] "McAfeeUpdaterUI"=C:\Programme\McAfee\Common Framework\udaterui.exe [2008-03-14 136512] "ShStatEXE"=C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-09-29 124240] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-27 148888] "AVMWlanClient"=C:\Programme\avmwlanstick\FRITZWLANMini.exe [2007-02-02 283136] "PDFPrint"=C:\Programme\pdf24\PDFBackend.exe [2008-01-31 134144] "DXM6Patch_981116"=C:\WINDOWS\p_981116.exe [1998-11-30 497376] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-09-05 417792] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-09-21 305440] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-10 39408] "settdebugx.exe"=C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\settdebugx.exe [2010-01-01 716800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray] C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Acer Empowering Technology.lnk - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart Telefon- und Branchenbuch Frühjahr 2009 - Schnellstarter.lnk - C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2009\KSTART32.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-08-05 212992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"="C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe" "C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"="C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe" "C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"="C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe" "C:\Programme\McAfee\Common Framework\FrameworkService.exe"="C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-01-02 09:21:35 ----D---- C:\rsit 2010-01-02 09:21:35 ----D---- C:\Programme\trend micro 2010-01-02 09:15:20 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-02 09:15:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-02 09:10:02 ----D---- C:\Programme\CCleaner 2010-01-02 03:17:23 ----D---- C:\WINDOWS\BDOSCAN8 2010-01-01 23:44:32 ----D---- C:\Programme\Enigma Software Group 2010-01-01 23:35:28 ----D---- C:\Programme\Avira 2010-01-01 17:22:07 ----A---- C:\WINDOWS\system32\krl32mainweq.dll 2010-01-01 17:20:25 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini 2010-01-01 17:20:02 ----D---- C:\QUARANTINE 2009-12-31 13:36:39 ----A---- C:\ctapi_out_gr.txt 2009-12-25 13:24:49 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX 2009-12-23 23:06:01 ----D---- C:\WINDOWS\system32\Adobe 2009-12-10 18:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-10 18:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-10 18:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-10 18:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-10 18:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-12-06 00:21:18 ----D---- C:\Programme\Mozilla Firefox ======List of files/folders modified in the last 1 months====== 2010-01-02 09:21:35 ----RD---- C:\Programme 2010-01-02 09:15:22 ----AD---- C:\WINDOWS\system32\drivers 2010-01-02 09:11:35 ----D---- C:\WINDOWS\Debug 2010-01-02 09:11:35 ----D---- C:\WINDOWS 2010-01-02 09:11:34 ----D---- C:\WINDOWS\Minidump 2010-01-02 09:11:31 ----D---- C:\WINDOWS\Temp 2010-01-02 09:07:09 ----AD---- C:\WINDOWS\system32 2010-01-02 06:19:13 ----D---- C:\WINDOWS\Prefetch 2010-01-02 06:18:34 ----SD---- C:\WINDOWS\Tasks 2010-01-02 06:18:27 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-02 06:15:42 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-01-02 03:44:47 ----SHD---- C:\WINDOWS\CSC 2010-01-02 03:38:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-02 03:38:23 ----D---- C:\WINDOWS\system32\Restore 2010-01-02 03:17:25 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-02 03:17:23 ----HD---- C:\WINDOWS\inf 2010-01-01 23:34:45 ----SHD---- C:\WINDOWS\Installer 2010-01-01 23:34:45 ----HD---- C:\Config.Msi 2010-01-01 23:34:43 ----D---- C:\WINDOWS\WinSxS 2010-01-01 22:03:59 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ 2010-01-01 19:31:27 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-12-31 21:48:55 ----A---- C:\WINDOWS\win.ini 2009-12-31 21:40:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2009-12-31 17:53:15 ----A---- C:\WINDOWS\DAMPLOG.INI 2009-12-30 12:28:26 ----D---- C:\Programme\ICQ6.5 2009-12-23 23:06:31 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe 2009-12-19 20:59:31 ----D---- C:\Programme\Google 2009-12-15 16:05:42 ----D---- C:\Programme\Launch Manager 2009-12-14 20:42:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-12-14 15:19:51 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-12-10 18:16:31 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-10 18:16:30 ----AD---- C:\I386 2009-12-10 18:15:22 ----D---- C:\Programme\Internet Explorer 2009-12-10 18:15:15 ----D---- C:\WINDOWS\ie8updates 2009-12-10 18:15:09 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-06 10:59:21 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype 2009-12-06 00:21:32 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448] R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-09-29 62704] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-07-09 12672] R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-11-05 1343616] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2008-07-09 539072] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-07-09 37424] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-07-09 876384] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-05 6023072] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-09 4739072] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-21 10368] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-01-30 13952] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-09 220640] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720] S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-01-26 4352] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-15 17024] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-15 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-15 18944] S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-09 149123] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-07-09 55352] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-07-09 67960] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-07-09 985472] S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-07-09 210560] S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-09 80784] S3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-09-29 74648] S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-09-29 90360] S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-09-29 42424] S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2008-09-29 64432] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-15 59136] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-07-09 731264] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] R2 btwdins;Bluetooth Service; c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840] R2 IviRegMgr;IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-27 152984] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 McAfeeEngineService;McAfee Engine Service; C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R2 McAfeeFramework;McAfee Framework-Dienst; C:\Programme\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744] R2 McTaskManager;McAfee Task Manager; C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-09-29 62800] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2008-09-29 67904] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336] R2 PSI_SVC_2;Protexis Licensing V2; C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-15 268800] S2 gupdate1c9d1866b11920a;Google Update Service (gupdate1c9d1866b11920a); C:\Programme\Google\Update\GoogleUpdate.exe [2009-05-10 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 183280] S2 McShield;McAfee McShield; C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe [2008-09-29 143088] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
02.01.2010, 10:31
| #2 |
| | malware defense gekriegt HJT log das hier ist der HJT log:
__________________er gibt mir das hier: info.txt logfile of random's system information tool 1.06 2010-01-02 09:21:58 ======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E} Acer Crystal Eye Webcam 2.0.9.1-->C:\Programme\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x0007 -removeonly Acer Crystal Eye Webcam Video Class Camera -->C:\Programme\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u Acer Empowering Technology-->"C:\Programme\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0007 -removeonly Acer ePower Management-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x7 -removeonly Acer GridVista-->C:\WINDOWS\GVUni.exe GridV.UNI Adobe AIR-->C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} BDE-->C:\WINDOWS\unin0407.exe -fC:\Programme\CCBuchner\BDE\DeIsL1.isu -cC:\Programme\CCBuchner\BDE\_ISREG32.DLL Beach Volleyball-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2225F5C5-E738-4132-B8AB-428046BE7534}\setup.exe" -uninst Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{A64A5576-D862-44F8-89DC-2B17FCC9B86E} Catan - Die erste Insel-->C:\WINDOWS\IsUn0407.exe -fC:\PROGRA~1\Catan\Uninst.isu -cC:\PROGRA~1\Catan\CatanUninstall.dll CCleaner-->"C:\Programme\CCleaner\uninst.exe" Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012} CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016} CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013} CorelDRAW Graphics Suite X4 - Extra Content-->MsiExec.exe /I{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B} CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017} CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019} CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010} CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A} CorelDRAW Graphics Suite X4 - Lang BR-->MsiExec.exe /I{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF} CorelDRAW Graphics Suite X4 - Lang CZ-->MsiExec.exe /I{FFFE7261-2318-4227-B827-E9E05E16DFE5} CorelDRAW Graphics Suite X4 - Lang DE-->MsiExec.exe /I{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED} CorelDRAW Graphics Suite X4 - Lang EN-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF100} CorelDRAW Graphics Suite X4 - Lang ES-->MsiExec.exe /I{D2827848-7D2A-4547-9AD1-C965FB3E6344} CorelDRAW Graphics Suite X4 - Lang FR-->MsiExec.exe /I{9D306690-3173-42CD-94C6-9EF9318AF24B} CorelDRAW Graphics Suite X4 - Lang IT-->MsiExec.exe /I{D0160DD3-6F62-4F1E-B999-6C68D3AE7390} CorelDRAW Graphics Suite X4 - Lang NL-->MsiExec.exe /I{A6C27FFF-75EF-4B5B-A64E-F9E128994908} CorelDRAW Graphics Suite X4 - Lang PL-->MsiExec.exe /I{6834B8AE-D23B-4B26-A919-6515844CF2BA} CorelDRAW Graphics Suite X4 - Lang SU-->MsiExec.exe /I{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F} CorelDRAW Graphics Suite X4 - Lang SV-->MsiExec.exe /I{9CDA415B-974B-4384-8CA6-9327D5B4270B} CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014} CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181} CorelDRAW Graphics Suite X4-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF000} CorelDRAW(R) Graphics Suite X4 - Extra Content-->C:\Dokumente und Einstellungen\All Users\Dokumente\Corel\CorelDRAW Graphics Suite X4\Extras\Setup\SetupARP.exe /arp CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->c:\Programme\Gemeinsame Dateien\Corel\Shared\Shell Extension\Uninst.exe CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10} CorelDRAW(R) Graphics Suite X4-->C:\Programme\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp DAMPSOFT auf Laufwerk D-->D:\TDAMP\DS\dsuninst.exe DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB} FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909} Google Chrome-->"C:\Programme\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall Green Line 2 Sprachtrainer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{16281EBA-AA00-44D2-BC8B-06F3C3380DA1}\setup.exe" -l0x7 -removeonly GTA San Andreas-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x7 -removeonly HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IAcZUnM5k.INF HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" HP Color LaserJet CP1510 Series 2.0-->C:\Programme\HP\Digital Imaging\{223C0721-A6B0-4853-88C0-331029841734}\setup\hpzscr01.exe -datfile hppscr09.dat -onestop -forcereboot ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\WINDOWS\system32\imsmudlg.exe -uninstall InterVideo WinDVD 8-->C:\Programme\InstallShield Installation Information\{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}\setup.exe -runfromtemp -l0x0407 iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\Setup.exe" -l0x7 -removeonly klickTel Telefon- und Branchenbuch Frühjahr 2009-->"C:\Programme\InstallShield Installation Information\{D18FCB8E-A5A1-45D0-9E5E-DDB5826ECA70}\Setup.exe" -runfromtemp -l0x0007 -removeonly Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Mathematik interaktiv S II-->MsiExec.exe /X{439FBD30-A650-432D-8EAD-F681D56D7216} McAfee Agent-->MsiExec.exe /X{A638557B-1F13-40A0-9627-C892FBCA6960} McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973} Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mind Visualizer Deutsche Version-->"C:\Programme\MindVisualizer Standard Edition\unins000.exe" Mozilla Firefox (3.5.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE} NTI Backup Now 5-->C:\Programme\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407 NTI Media Maker 8-->C:\Programme\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407 NTI Shadow-->"C:\Programme\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe" -removeonly NTI Shadow-->C:\Programme\InstallShield Installation Information\{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}\setup.exe -runfromtemp -l0x0407 Panda ActiveScan 2.0-->C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe pdf24-->"C:\Programme\pdf24\unins000.exe" QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Sprachtrainer Fonts-->MsiExec.exe /X{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC} Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811} Total Commander (Remove or Repair)-->c:\programme\totalcmd\tcuninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445} Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: Malware Defense (outdated) AV: McAfee VirusScan Enterprise ======System event log====== Computer Name: NB04 Event Code: 7036 Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt". Record Number: 16791 Source Name: Service Control Manager Time Written: 20091201075731.000000+060 Event Type: Informationen User: Computer Name: NB04 Event Code: 7036 Message: Dienst "iPod-Dienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 16790 Source Name: Service Control Manager Time Written: 20091201075731.000000+060 Event Type: Informationen User: Computer Name: NB04 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet. Record Number: 16789 Source Name: Service Control Manager Time Written: 20091201075731.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: NB04 Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "iPod-Dienst" gesendet. Record Number: 16788 Source Name: Service Control Manager Time Written: 20091201075728.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: NB04 Event Code: 7036 Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt". Record Number: 16787 Source Name: Service Control Manager Time Written: 20091201075727.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: NB04 Event Code: 7500 Message: Intel RAID-Controller: Unbekannter Controller Anzahl der Serial ATA-Anschlüsse: 4 RAID Option ROM - Version: Unbekannt Treiberversion: 8.0.0.1039 RAID-Plug-In - Version: 8.0.0.1039 Sprachressourcenversion des RAID-Plug-In: Datei nicht gefunden Assistent zum Erstellen eines Volumes - Version: 8.0.0.1039 Sprachressourcenversion für Assistenten zum Erstellen eines Volumes: Datei nicht gefunden Assistent zum Erstellen eines Volumes von einer vorhandenen Festplatte - Version: 8.0.0.1039 Sprachressourcenversion des Assistenten zum Erstellen eines Volumes von einer vorhandener Festplatte: Datei nicht gefunden Assistent zum Bearbeiten des Volumes - Version: 8.0.0.1039 Sprachressourcenversion des Assistenten zum Bearbeiten des Volumes: Datei nicht gefunden Assistent zum Löschen eines Volumes - Version: 8.0.0.1039 Sprachressourcenversion des Assistenten zum Löschen eines Volumes: Datei nicht gefunden ISDI Bibliothek Version: 8.0.0.1039 Version 8.0.0.1039 des Benutzerbenachrichtigungstools des Event Monitor Sprachressourcenversion des Benutzerbenachrichtigungstools des Event Monitor: Datei nicht gefunden Event Monitor - Version: 8.0.0.1039 Festplatte 0 Verwendung: Unbekannte Festplattenverwendung Status: Normal Geräteanschluss: 0 Geräteanschlussposition: Intern Aktueller Serial ATA-Übertragungsmodus: Generation 2 Modell: Hitachi HTS543225L9A300 Seriennummer: 090130FB2D00LJCDYHJA Firmware: FBEOC40C Native Command Queuing-Unterstützung: Ja Systemfestplatte: Ja Gesamtgröße: 232.8 GB Physische Sektorgröße: 512 Byte Logische Sektorgröße: 512 Byte Unbelegter Anschluss 0 Geräteanschluss: 4 Geräteanschlussposition: Intern Unbelegter Anschluss 1 Geräteanschluss: 5 Geräteanschlussposition: Intern CD/DVD-Laufwerk 0 Geräteanschluss: 1 Geräteanschlussposition: Intern Aktueller Serial ATA-Übertragungsmodus: Generation 1 Modell: HL-DT-ST DVDRAM GSA-T50N Seriennummer: K0C8C8D5109 Firmware: RP05 Record Number: 2361 Source Name: IAANTmon Time Written: 20091018124546.000000+120 Event Type: Informationen User: Computer Name: NB04 Event Code: 5000 Message: McShield-Dienst gestartet. Modulversion: 5301.4018 DAT-Version: 5773.0000 Anzahl an Signaturen in EXTRA.DAT: Kein Namen der Bedrohungen, die EXTRA.DAT entdecken kann: Kein Record Number: 2360 Source Name: McLogEvent Time Written: 20091018124544.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: NB04 Event Code: 32068 Message: Die ausgehende Verteilerregel ist nicht gültig, weil kein gültiges Gerät gefunden werden kann. Ausgehende Faxe, die diese Regel verwenden, werden nicht weitergeleitet. Stellen Sie sicher, dass das angezielte Gerät bzw. die angezielten Geräte angeschlossen, korrekt installiert und angeschaltet sind. Stellen Sie außerdem sicher, dass die Gruppe korrekt konfiguriert ist, falls die Weiterleitung an eine Gruppe von Geräten erfolgen soll. Landes-/Regionskennzahl: "*" Ortskennzahl: "*" Record Number: 2359 Source Name: Microsoft Fax Time Written: 20091018124531.000000+120 Event Type: Warnung User: Computer Name: NB04 Event Code: 32026 Message: Fehler beim Initialisieren der zugewiesenen Faxgeräte (virtuell oder TAPI) durch den Faxdienst. Es können keine Faxe gesendet werden, bis ein Faxgerät installiert ist. Record Number: 2358 Source Name: Microsoft Fax Time Written: 20091018124531.000000+120 Event Type: Warnung User: Computer Name: NB04 Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 2357 Source Name: SecurityCenter Time Written: 20091018124530.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Microsoft SQL Server\90\Tools\binn\ "NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Microsoft SQL Server\90\Tools\binn\;C:\Programme\NewTech Infosystems\NTI Backup Now 5\; "DEFLOGDIR"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee\DesktopProtection "VSEDEFLOGDIR"=C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee\DesktopProtection "CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Und den log: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrator at 2010-01-02 09:21:35 Microsoft Windows XP Professional Service Pack 3 System drive C: has 66 GB (58%) free of 114 GB Total RAM: 1977 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:21:56, on 02.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe C:\Programme\McAfee\Common Framework\FrameworkService.exe C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\McAfee\Common Framework\udaterui.exe C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\avmwlanstick\FRITZWLANMini.exe C:\Programme\pdf24\PDFBackend.exe C:\Programme\McAfee\Common Framework\McTray.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\settdebugx.exe C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2009\KSTART32.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\igfxext.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\wscsvc32.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YGKH1FCG\RSIT[1].exe C:\Programme\trend micro\Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=0&o=xpp&d=0309&m=extensa_7630ez R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [ProductReg] C:\Programme\Acer\WR_PopUp\ProductReg.exe O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe O4 - HKLM\..\Run: [PDFPrint] "C:\Programme\pdf24\PDFBackend.exe" O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [settdebugx.exe] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\settdebugx.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Telefon- und Branchenbuch Frühjahr 2009 - Schnellstarter.lnk = ? O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238156631437 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1238158276185&h=b022b5f3b4a0f92ccca9373c05be6c54/&filename=jinstall-6u13-windows-i586-jc.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70CA0859-0A68-4BD0-B9CD-F6D097006623}: NameServer = 192.168.178.99 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: Google Update Service (gupdate1c9d1866b11920a) (gupdate1c9d1866b11920a) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - McAfee, Inc. - C:\Programme\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- End of file - 13888 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-11 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29 61200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-10 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-27 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-27 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"=Alaunch [] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-09 16862208] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-07-09 69632] "AzMixerSel"=C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe [2008-07-09 53248] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2008-07-09 1028096] "IAAnotif"=C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-15 208952] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-15 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168] "LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-08-27 858632] "ProductReg"=C:\Programme\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144] "PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-05 150040] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-05 170520] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-05 141848] "eRecoveryService"=C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe [2008-07-10 421888] "ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-07-08 466944] "Boot"=C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe [2007-12-25 579584] "McAfeeUpdaterUI"=C:\Programme\McAfee\Common Framework\udaterui.exe [2008-03-14 136512] "ShStatEXE"=C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-09-29 124240] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-27 148888] "AVMWlanClient"=C:\Programme\avmwlanstick\FRITZWLANMini.exe [2007-02-02 283136] "PDFPrint"=C:\Programme\pdf24\PDFBackend.exe [2008-01-31 134144] "DXM6Patch_981116"=C:\WINDOWS\p_981116.exe [1998-11-30 497376] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-09-05 417792] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-09-21 305440] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-10 39408] "settdebugx.exe"=C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\settdebugx.exe [2010-01-01 716800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray] C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Acer Empowering Technology.lnk - C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart Telefon- und Branchenbuch Frühjahr 2009 - Schnellstarter.lnk - C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2009\KSTART32.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-08-05 212992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"="C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:*:Enabled:BackupSvc.exe" "C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"="C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:*:Enabled:AgentSvc.exe" "C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"="C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:*:Enabled:SchedulerSvc.exe" "C:\Programme\McAfee\Common Framework\FrameworkService.exe"="C:\Programme\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjo ur" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-01-02 09:21:35 ----D---- C:\rsit 2010-01-02 09:21:35 ----D---- C:\Programme\trend micro 2010-01-02 09:15:20 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-01-02 09:15:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-02 09:10:02 ----D---- C:\Programme\CCleaner 2010-01-02 03:17:23 ----D---- C:\WINDOWS\BDOSCAN8 2010-01-01 23:44:32 ----D---- C:\Programme\Enigma Software Group 2010-01-01 23:35:28 ----D---- C:\Programme\Avira 2010-01-01 17:22:07 ----A---- C:\WINDOWS\system32\krl32mainweq.dll 2010-01-01 17:20:25 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini 2010-01-01 17:20:02 ----D---- C:\QUARANTINE 2009-12-31 13:36:39 ----A---- C:\ctapi_out_gr.txt 2009-12-25 13:24:49 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX 2009-12-23 23:06:01 ----D---- C:\WINDOWS\system32\Adobe 2009-12-10 18:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-10 18:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-10 18:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-10 18:14:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-10 18:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-12-06 00:21:18 ----D---- C:\Programme\Mozilla Firefox ======List of files/folders modified in the last 1 months====== 2010-01-02 09:21:35 ----RD---- C:\Programme 2010-01-02 09:15:22 ----AD---- C:\WINDOWS\system32\drivers 2010-01-02 09:11:35 ----D---- C:\WINDOWS\Debug 2010-01-02 09:11:35 ----D---- C:\WINDOWS 2010-01-02 09:11:34 ----D---- C:\WINDOWS\Minidump 2010-01-02 09:11:31 ----D---- C:\WINDOWS\Temp 2010-01-02 09:07:09 ----AD---- C:\WINDOWS\system32 2010-01-02 06:19:13 ----D---- C:\WINDOWS\Prefetch 2010-01-02 06:18:34 ----SD---- C:\WINDOWS\Tasks 2010-01-02 06:18:27 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-02 06:15:42 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-01-02 03:44:47 ----SHD---- C:\WINDOWS\CSC 2010-01-02 03:38:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-02 03:38:23 ----D---- C:\WINDOWS\system32\Restore 2010-01-02 03:17:25 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-02 03:17:23 ----HD---- C:\WINDOWS\inf 2010-01-01 23:34:45 ----SHD---- C:\WINDOWS\Installer 2010-01-01 23:34:45 ----HD---- C:\Config.Msi 2010-01-01 23:34:43 ----D---- C:\WINDOWS\WinSxS 2010-01-01 22:03:59 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ 2010-01-01 19:31:27 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-12-31 21:48:55 ----A---- C:\WINDOWS\win.ini 2009-12-31 21:40:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2009-12-31 17:53:15 ----A---- C:\WINDOWS\DAMPLOG.INI 2009-12-30 12:28:26 ----D---- C:\Programme\ICQ6.5 2009-12-23 23:06:31 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe 2009-12-19 20:59:31 ----D---- C:\Programme\Google 2009-12-15 16:05:42 ----D---- C:\Programme\Launch Manager 2009-12-14 20:42:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-12-14 15:19:51 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-12-10 18:16:31 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-10 18:16:30 ----AD---- C:\I386 2009-12-10 18:15:22 ----D---- C:\Programme\Internet Explorer 2009-12-10 18:15:15 ----D---- C:\WINDOWS\ie8updates 2009-12-10 18:15:09 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-06 10:59:21 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype 2009-12-06 00:21:32 ----D---- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40448] R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-09-29 62704] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 ACEDRV08;ACEDRV08; \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2008-07-09 12672] R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032] R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-11-05 1343616] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-03-19 175104] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2008-07-09 539072] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-07-09 37424] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-07-09 876384] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-08-05 6023072] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-09 4739072] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-21 10368] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-01-30 13952] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-09 220640] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-15 14720] S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2007-01-26 4352] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-15 17024] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-15 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-15 18944] S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-09 149123] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-07-09 55352] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-07-09 67960] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2008-07-09 985472] S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2008-07-09 210560] S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-09 80784] S3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-09-29 74648] S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-09-29 90360] S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-09-29 42424] S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2008-09-29 64432] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-15 59136] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2008-07-09 731264] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] R2 btwdins;Bluetooth Service; c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256] R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840] R2 IviRegMgr;IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-27 152984] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 McAfeeEngineService;McAfee Engine Service; C:\Programme\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] R2 McAfeeFramework;McAfee Framework-Dienst; C:\Programme\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744] R2 McTaskManager;McAfee Task Manager; C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-09-29 62800] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2008-09-29 67904] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336] R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336] R2 PSI_SVC_2;Protexis Licensing V2; C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-09-21 545568] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-15 268800] S2 gupdate1c9d1866b11920a;Google Update Service (gupdate1c9d1866b11920a); C:\Programme\Google\Update\GoogleUpdate.exe [2009-05-10 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-10 183280] S2 McShield;McAfee McShield; C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe [2008-09-29 143088] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
02.01.2010, 13:27
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | malware defense gekriegt HJT log__________________
__________________ |
|
| Themen zu malware defense gekriegt HJT log |
| .com, 1.exe, antivirus, antivirus scan, awareness, bho, browser, components, content.ie5, defense, enigma, excel, fehler, festplatte, firefox, flash player, fontcache, gruppe, gupdate, highjackthis, hkus\s-1-5-18, hotfix.exe, install.exe, installation, internet explorer 8, location, logfile, m.exe, malware, malware defense, msiexec.exe, popup, proxy, registry, security, security update, senden, server, skype.exe, software, starten, symantec, system, toolbars, updates, usbvideo.sys, windows, windows internet, windows internet explorer, windows xp, windows-sicherheitscenterdienst |
Linear-Darstellung
