![]() |
|
Log-Analyse und Auswertung: Windows Vista fährt nur noch abgesichert hochWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Windows Vista fährt nur noch abgesichert hoch Hallo, ich habe ein Laptop mit Windows Vista Home Edition und seit neustem fährt es nicht mehr normal hoch. Wenn ich mein Passwort zum login eingegeben habe, dauert es ein bisschen und er fährt neu hoch. Einmal kam auch ein Bluescreen. Leider habe ich da nicht drangedacht, die Fehlermeldung zu speichern. Nachdem ich CCleaner, RSIT und Malwarebytes gestartet habe (im abgesicherten Modus konnte ich hochfahren) kann ich jetzt auch wieder normal starten. Trotzdem bin ich mir natürlich nicht sicher, ob der PC nun clean ist. Hier sind mal die Logs: Malware Bytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3510 Windows 6.0.6000 (Safe Mode) Internet Explorer 7.0.6000.16945 12.01.2010 23:20:10 mbam-log-2010-01-12 (23-19-56).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 200084 Laufzeit: 46 minute(s), 15 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 18 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 4 Infizierte Dateien: 21 Infizierte Speicherprozesse: C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PersonalSec (Rogue.PersonalSecurity) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 (Adware.QUADRegClean) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Doktor 2009_is1 (Rogue.RegistryDoctor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Dropper) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrydoktornet (Rogue.RegistryDoctor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken. Infizierte Verzeichnisse: C:\Windows\System32\lowsec (Stolen.data) -> No action taken. C:\Program Files\PersonalSec (Rogue.PersonalSecurity) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec (Rogue.PersonalSecurity) -> No action taken. C:\Program Files\Common Files\PersonalSecUninstall (Rogue.PersonalSecurity) -> No action taken. Infizierte Dateien: C:\Users\dima\AppData\Roaming\sdra64.exe (Trojan.Dropper) -> No action taken. C:\Windows\System32\win32extension.dll (Trojan.FakeAlert) -> No action taken. C:\Program Files\Registry Doktor 4.1\Cl.exe (Fraudtool.RegistryCleaner) -> No action taken. C:\Program Files\Registry Doktor 4.1\RegistryDoktor.exe (Rogue.RegistryDoctor) -> No action taken. C:\Temp\install_flash_player_web.exe (Trojan.Dropper) -> No action taken. C:\Users\dima\Downloads\Live-Player_setup(2).exe (Adware.NaviPromo) -> No action taken. C:\Users\dima\Downloads\Live-Player_setup.exe (Adware.NaviPromo) -> No action taken. C:\Windows\System32\lowsec\local.ds (Stolen.data) -> No action taken. C:\Windows\System32\lowsec\user.ds (Stolen.data) -> No action taken. C:\Program Files\PersonalSec\psecurity.exe (Rogue.PersonalSecurity) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Computer Scan.lnk (Rogue.PersonalSecurity) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Help.lnk (Rogue.PersonalSecurity) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Registration.lnk (Rogue.PersonalSecurity) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Settings.lnk (Rogue.PersonalSecurity) -> No action taken. C:\ProgramData\Microsoft\Windows\Start Menu\PersonalSec\Update.lnk (Rogue.PersonalSecurity) -> No action taken. C:\Program Files\Common Files\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> No action taken. C:\Users\Public\Desktop\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> No action taken. C:\Users\dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> No action taken. C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> No action taken. C:\Users\dima\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PersonalSec.lnk (Rogue.PersonalSecurity) -> No action taken. C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken. log.txt: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by dima at 2010-01-12 21:09:01 Microsoft® Windows Vista™ Home Premium System drive C: has 92 GB (61%) free of 152 GB Total RAM: 2046 MB (81% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - dima.job C:\Windows\tasks\PersonalSec.job C:\Windows\tasks\User_Feed_Synchronization-{8D36E6EC-8EE7-457A-97E2-67EEB7B9F169}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}] XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-10-10 701952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-10-23 96984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}] &Security Update - C:\Windows\System32\win32extension.dll [2009-12-29 642048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23 565960] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-02 1006264] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-19 81920] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-11-07 159744] "PowerManager"=C:\Program Files\Power Manager\PM.exe [2007-03-13 29696] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136] "ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-10-24 107112] "osCheck"=c:\Program Files\Norton Internet Security\osCheck.exe [2006-10-27 22696] "recinfo594"=c:\RecInfo\RecInfo.exe [2007-10-23 2764800] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-30 1232896] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-14 39408] "RegistryDoktorNET"=C:\Program Files\Registry Doktor 4.1\RegistryDoktor.exe [2009-06-15 7662680] "RegistryDoktorNEScheduler"=C:\Program Files\Registry Doktor 4.1\RegistryDoktor.exe [2009-06-15 7662680] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "userinit"=C:\Users\dima\AppData\Roaming\sdra64.exe [2006-11-02 539136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-01-12 21:09:02 ----D---- C:\Program Files\trend micro 2010-01-12 21:09:01 ----D---- C:\rsit 2010-01-12 21:07:29 ----D---- C:\Users\dima\AppData\Roaming\Malwarebytes 2010-01-12 21:07:21 ----D---- C:\ProgramData\Malwarebytes 2010-01-12 21:07:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-01-12 20:55:52 ----D---- C:\Program Files\CCleaner 2010-01-10 12:24:50 ----SHD---- C:\Users\dima\AppData\Roaming\lowsec 2010-01-09 23:17:12 ----SHD---- C:\Windows\system32\lowsec 2009-12-31 12:19:09 ----D---- C:\Program Files\QS 2009-12-31 12:19:07 ----D---- C:\Users\dima\AppData\Roaming\TeamViewer 2009-12-29 22:46:34 ----D---- C:\Program Files\Common Files\PersonalSecUninstall 2009-12-29 22:46:31 ----A---- C:\Windows\system32\win32extension.dll 2009-12-29 22:46:23 ----D---- C:\Program Files\PersonalSec 2009-12-20 20:25:13 ----D---- C:\Program Files\Conduit 2009-12-19 20:10:46 ----RHD---- C:\Users\dima\AppData\Roaming\SecuROM 2009-12-18 22:23:52 ----D---- C:\ProgramData\Media Center Programs 2009-12-18 22:03:41 ----A---- C:\Windows\system32\d3dx10_33.dll 2009-12-18 22:03:41 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2009-12-18 22:03:38 ----A---- C:\Windows\system32\d3dx9_33.dll 2009-12-18 22:03:35 ----A---- C:\Windows\system32\d3dx9_30.dll 2009-12-18 21:59:09 ----SHD---- C:\Windows\ftpcache ======List of files/folders modified in the last 1 months====== 2010-01-12 21:09:02 ----RD---- C:\Program Files 2010-01-12 21:07:24 ----D---- C:\Windows\system32\drivers 2010-01-12 21:07:21 ----HD---- C:\ProgramData 2010-01-12 20:51:09 ----D---- C:\Windows\System32 2010-01-12 20:51:09 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-12 20:51:08 ----D---- C:\Windows\inf 2010-01-12 20:49:57 ----A---- C:\Windows\ntbtlog.txt 2010-01-12 20:39:53 ----D---- C:\Program Files\Mozilla Firefox 2010-01-12 20:29:22 ----D---- C:\Windows\Tasks 2010-01-12 20:26:34 ----D---- C:\Windows\Minidump 2010-01-12 20:26:25 ----D---- C:\Windows\Temp 2010-01-12 20:26:25 ----D---- C:\Windows 2010-01-11 20:45:16 ----D---- C:\Windows\Prefetch 2010-01-10 14:09:35 ----D---- C:\Windows\system32\config 2010-01-09 23:20:39 ----D---- C:\Temp 2010-01-05 18:58:16 ----D---- C:\Windows\system32\Adobe 2009-12-31 22:59:17 ----D---- C:\Users\dima\AppData\Roaming\ICQ 2009-12-30 21:34:33 ----SHD---- C:\System Volume Information 2009-12-30 13:08:36 ----D---- C:\Windows\system32\catroot2 2009-12-29 22:46:34 ----D---- C:\Windows\system32\Tasks 2009-12-29 22:46:34 ----D---- C:\Program Files\Common Files 2009-12-29 18:38:49 ----D---- C:\Program Files\ICQ6.5 2009-12-20 20:54:15 ----D---- C:\DVDVideoSoft 2009-12-20 20:25:13 ----D---- C:\Program Files\DVDVideoSoft 2009-12-20 20:25:01 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2009-12-18 22:05:39 ----SHD---- C:\Windows\Installer 2009-12-18 22:03:48 ----D---- C:\Program Files\THQ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-10-30 140800] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280] R3 NVENETFD;NVIDIA nForce-Netzwerkcontrollertreiber; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520] R3 smscirrx;SMSC CIR Receive; C:\Windows\system32\DRIVERS\smscirrx.sys [2007-02-02 40448] S1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-03-12 261680] S1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672] S1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696] S1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-24 185744] S1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336] S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 8704] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] S3 Cam5603D;Bison WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-09-07 783272] S3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-03 14208] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-26 984064] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-26 208384] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-18 1729632] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080628.004\NAVENG.SYS [] S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080628.004\NAVEX15.SYS [] S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-19 7599776] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616] S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2006-10-24 11792] S3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-03-30 123952] S3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2006-10-24 144784] S3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2006-10-24 38928] S3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2006-10-24 37008] S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-24 26384] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-26 660480] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-11-03 82688] S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616] S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-03 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] S2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] S2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 183280] S2 IviRegMgr;IviRegMgr; c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] S2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-20 46736] S2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800] S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-03-15 386560] S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-10-13 49296] S3 ISPwdSvc;Symantec IS Kennwortprüfung; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-10-27 80552] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-30 1251720] -----------------EOF----------------- Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-01-12 21:09:07 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.0 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe" AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA} Big Fish Games Center (remove only)-->C:\Big Fish Games\Uninstall.exe Big Fish Games Sudoku (remove only)-->C:\Big Fish Games\Sudoku\Uninstall.exe Bison WebCam-->Rundll32.exe BisonRem.dll,WinMainRmv ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35} Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18} Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98} Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379} Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F} Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3} Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E} Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519} Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671} Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F} Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_German.exe" Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Cradle of Rome (remove only)-->C:\Big Fish Games\Cradle of Rome\Uninstall.exe DesignCAD 3D Max 18-->MsiExec.exe /I{56A3E6C9-919E-4578-ACBE-F1A5C7B99A90} DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVID~1\UNWISE.EXE /U C:\PROGRA~1\DVDVID~1\INSTALL.LOG FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7} Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe" Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe" FSCLounge-->MsiExec.exe /I{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001\UIU32m.exe -U -IPDAZLCMzK.inf Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0407 Live-Player-->C:\Program Files\Live-Player\uninst.exe LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Luxor Amun Rising (remove only)-->C:\Big Fish Games\Luxor Amun Rising\Uninstall.exe Mahjong Towers Eternity EU (remove only)-->C:\Big Fish Games\Mahjong Towers Eternity EU\Uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C} Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Mystery Case Files - Prime Suspects (remove only)-->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571031} Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0} Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164} Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A} Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34} Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B} Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI Poker Superstars II (remove only)-->C:\Big Fish Games\Poker Superstars II\Uninstall.exe POKER-->C:\Program Files\POKER\uninstall.exe Power Manager 2.1.7-->"C:\Program Files\Power Manager\unins000.exe" PowerDV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall QUAD Registry Cleaner v.1.5.78-->C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Registry Doktor 4.1-->"C:\Program Files\Registry Doktor 4.1\unins000.exe" Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} SpongeBob Schwammkopf - Schlacht um Bikini Bottom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E95FEA31-034D-42D0-8ED6-44D7F838BA6E}\setup.exe" -l0x7 -uninst SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Utherverse 3D Client-->"C:\ProgramData\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}\UtherverseSetup.exe" REMOVE=TRUE MODIFY=FALSE Utherverse 3D Client-->C:\ProgramData\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}\UtherverseSetup.exe Virtual Villagers (remove only)-->C:\Big Fish Games\Virtual Villagers\Uninstall.exe ======Hosts File====== 127.0.0.1 localhost ::1 localhost ======Security center information====== AV: Norton Internet Security (outdated) FW: Norton Internet Security AS: Windows-Defender (disabled) AS: Norton Internet Security (outdated) ======System event log====== Computer Name: dima-PC Event Code: 20001 Message: Der Prozess zum Installieren von Treiber FileRepository\volume.inf_f47b2c78\volume.inf für Geräteinstanz-ID STORAGE\VOLUME\1&19F7E59C&0&_??_USBSTOR#DISK&VEN_ROCKCHIP&PROD_USB_MP3&REV_1.00#USBV1.00&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} wurde mit folgendem Status beendet: 0. Record Number: 255105 Source Name: Microsoft-Windows-User-PnP Time Written: 20100112194954.352703-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: dima-PC Event Code: 20003 Message: Der Prozess zum Hinzufügen von Dienst disk für Geräteinstanz-ID USBSTOR\DISK&VEN_ROCKCHIP&PROD_USB__SD&REV_1.00\USBV1.00&1 wurde mit folgendem Status beendet: 0. Record Number: 255106 Source Name: Microsoft-Windows-User-PnP Time Written: 20100112194956.474303-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: dima-PC Event Code: 20001 Message: Der Prozess zum Installieren von Treiber FileRepository\disk.inf_e0b0b355\disk.inf für Geräteinstanz-ID USBSTOR\DISK&VEN_ROCKCHIP&PROD_USB__SD&REV_1.00\USBV1.00&1 wurde mit folgendem Status beendet: 0. Record Number: 255107 Source Name: Microsoft-Windows-User-PnP Time Written: 20100112194956.567903-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: dima-PC Event Code: 20003 Message: Der Prozess zum Hinzufügen von Dienst volsnap für Geräteinstanz-ID STORAGE\VOLUME\1&19F7E59C&0&_??_USBSTOR#DISK&VEN_ROCKCHIP&PROD_USB__SD&REV_1.00#USBV1.00&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} wurde mit folgendem Status beendet: 0. Record Number: 255108 Source Name: Microsoft-Windows-User-PnP Time Written: 20100112194958.705103-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: dima-PC Event Code: 20001 Message: Der Prozess zum Installieren von Treiber FileRepository\volume.inf_f47b2c78\volume.inf für Geräteinstanz-ID STORAGE\VOLUME\1&19F7E59C&0&_??_USBSTOR#DISK&VEN_ROCKCHIP&PROD_USB__SD&REV_1.00#USBV1.00&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B} wurde mit folgendem Status beendet: 0. Record Number: 255109 Source Name: Microsoft-Windows-User-PnP Time Written: 20100112194958.829903-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM =====Application event log===== Computer Name: dima-PC Event Code: 6000 Message: Der Winlogon-Benachrichtigungsabonnent <GPClient> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten. Record Number: 69915 Source Name: Microsoft-Windows-Winlogon Time Written: 20100112193812.000000-000 Event Type: Warnung User: Computer Name: dima-PC Event Code: 6000 Message: Der Winlogon-Benachrichtigungsabonnent <Sens> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten. Record Number: 69916 Source Name: Microsoft-Windows-Winlogon Time Written: 20100112193812.000000-000 Event Type: Informationen User: Computer Name: dima-PC Event Code: 4609 Message: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 8007043c von Zeile 45 von d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsupport. Record Number: 69917 Source Name: Microsoft-Windows-EventSystem Time Written: 20100112193824.000000-000 Event Type: Fehler User: Computer Name: dima-PC Event Code: 1001 Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help". Record Number: 69918 Source Name: Microsoft-Windows-LoadPerf Time Written: 20100112195108.000000-000 Event Type: Informationen User: Computer Name: dima-PC Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind. Record Number: 69919 Source Name: Microsoft-Windows-LoadPerf Time Written: 20100112195109.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: dima-PC Event Code: 5033 Message: Der Windows-Firewalltreiber wurde erfolgreich gestartet. Record Number: 60115 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100112193636.099703-000 Event Type: Überwachung erfolgreich User: Computer Name: dima-PC Event Code: 5024 Message: Der Windows-Firewalldienst wurde erfolgreich gestartet. Record Number: 60116 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100112193637.254103-000 Event Type: Überwachung erfolgreich User: Computer Name: dima-PC Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: DIMA-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: dima Kontodomäne: dima-PC Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x210 Prozessname: C:\Windows\System32\winlogon.exe Netzwerkinformationen: Netzwerkadresse: 127.0.0.1 Port: 0 Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 60117 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100112193811.197303-000 Event Type: Überwachung erfolgreich User: Computer Name: dima-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: DIMA-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 2 Neue Anmeldung: Sicherheits-ID: S-1-5-21-160655239-1662305381-1207739730-1000 Kontoname: dima Kontodomäne: dima-PC Anmelde-ID: 0x267b7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x210 Prozessname: C:\Windows\System32\winlogon.exe Netzwerkinformationen: Arbeitsstationsname: DIMA-PC Quellnetzwerkadresse: 127.0.0.1 Quellport: 0 Detaillierte Authentifizierungsinformationen: Anmeldeprozess: User32 Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 60118 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100112193811.197303-000 Event Type: Überwachung erfolgreich User: Computer Name: dima-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-21-160655239-1662305381-1207739730-1000 Kontoname: dima Kontodomäne: dima-PC Anmelde-ID: 0x267b7 Berechtigungen: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege Record Number: 60119 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100112193811.197303-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 72 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4802 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip "SAFEBOOT_OPTION"=NETWORK -----------------EOF----------------- Und hier die info.txt nachdem Malwarebytes Scan und CCleaner: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by dima at 2010-01-13 15:24:37 Microsoft® Windows Vista™ Home Premium System drive C: has 92 GB (61%) free of 152 GB Total RAM: 2046 MB (66% free) HijackThis download failed ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - dima.job C:\Windows\tasks\PersonalSec.job C:\Windows\tasks\User_Feed_Synchronization-{8D36E6EC-8EE7-457A-97E2-67EEB7B9F169}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-10-23 96984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-02 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-10-23 565960] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-06 263280] {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-02 1006264] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-19 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-19 8466432] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-19 81920] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-18 4349952] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2006-11-07 159744] "PowerManager"=C:\Program Files\Power Manager\PM.exe [2007-03-13 29696] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136] "ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-10-24 107112] "osCheck"=c:\Program Files\Norton Internet Security\osCheck.exe [2006-10-27 22696] "recinfo594"=c:\RecInfo\RecInfo.exe [2007-10-23 2764800] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-30 1232896] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-14 39408] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-01-12 21:09:02 ----D---- C:\Program Files\trend micro 2010-01-12 21:09:01 ----D---- C:\rsit 2010-01-12 21:07:29 ----D---- C:\Users\dima\AppData\Roaming\Malwarebytes 2010-01-12 21:07:21 ----D---- C:\ProgramData\Malwarebytes 2010-01-12 21:07:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-01-12 20:55:52 ----D---- C:\Program Files\CCleaner 2010-01-10 12:24:50 ----SHD---- C:\Users\dima\AppData\Roaming\lowsec 2009-12-31 12:19:09 ----D---- C:\Program Files\QS 2009-12-31 12:19:07 ----D---- C:\Users\dima\AppData\Roaming\TeamViewer 2009-12-20 20:25:13 ----D---- C:\Program Files\Conduit 2009-12-19 20:10:46 ----RHD---- C:\Users\dima\AppData\Roaming\SecuROM 2009-12-18 22:23:52 ----D---- C:\ProgramData\Media Center Programs 2009-12-18 22:03:41 ----A---- C:\Windows\system32\d3dx10_33.dll 2009-12-18 22:03:41 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2009-12-18 22:03:38 ----A---- C:\Windows\system32\d3dx9_33.dll 2009-12-18 22:03:35 ----A---- C:\Windows\system32\d3dx9_30.dll 2009-12-18 21:59:09 ----SHD---- C:\Windows\ftpcache ======List of files/folders modified in the last 1 months====== 2010-01-13 15:24:33 ----D---- C:\Windows\Temp 2010-01-13 14:45:09 ----D---- C:\Windows\System32 2010-01-13 14:45:08 ----D---- C:\Windows\inf 2010-01-13 14:45:08 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-01-13 14:41:41 ----D---- C:\Windows\Tasks 2010-01-12 23:28:04 ----D---- C:\Windows\Prefetch 2010-01-12 23:23:21 ----D---- C:\Windows\system32\catroot2 2010-01-12 23:21:51 ----RSD---- C:\Windows\Fonts 2010-01-12 23:21:51 ----D---- C:\Windows\system32\drivers 2010-01-12 23:20:27 ----RD---- C:\Program Files 2010-01-12 21:07:21 ----HD---- C:\ProgramData 2010-01-12 20:49:57 ----A---- C:\Windows\ntbtlog.txt 2010-01-12 20:39:53 ----D---- C:\Program Files\Mozilla Firefox 2010-01-12 20:26:34 ----D---- C:\Windows\Minidump 2010-01-12 20:26:25 ----D---- C:\Windows 2010-01-10 14:09:35 ----D---- C:\Windows\system32\config 2010-01-09 23:20:39 ----D---- C:\Temp 2010-01-05 18:58:16 ----D---- C:\Windows\system32\Adobe 2009-12-31 22:59:17 ----D---- C:\Users\dima\AppData\Roaming\ICQ 2009-12-30 21:34:33 ----SHD---- C:\System Volume Information 2009-12-29 22:46:34 ----D---- C:\Windows\system32\Tasks 2009-12-29 22:46:34 ----D---- C:\Program Files\Common Files 2009-12-29 18:38:49 ----D---- C:\Program Files\ICQ6.5 2009-12-20 20:54:15 ----D---- C:\DVDVideoSoft 2009-12-20 20:25:13 ----D---- C:\Program Files\DVDVideoSoft 2009-12-20 20:25:01 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2009-12-18 22:05:39 ----SHD---- C:\Windows\Installer 2009-12-18 22:03:48 ----D---- C:\Program Files\THQ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-03-12 261680] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672] R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696] R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-24 185744] R1 WINIO;WINIO; \??\C:\Windows\system32\WinIo.sys [2007-01-04 9336] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-03-15 8704] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2006-10-30 140800] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 737280] R3 Cam5603D;Bison WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-09-07 783272] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-03 14208] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-26 984064] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-26 208384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-18 1729632] R3 NVENETFD;NVIDIA nForce-Netzwerkcontrollertreiber; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-19 7599776] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 11520] R3 smscirrx;SMSC CIR Receive; C:\Windows\system32\DRIVERS\smscirrx.sys [2007-02-02 40448] R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2006-10-24 11792] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-03-30 123952] R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2006-10-24 144784] R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2006-10-24 38928] R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2006-10-24 37008] R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-24 26384] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-26 660480] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-11-03 82688] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080628.004\NAVENG.SYS [] S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080628.004\NAVEX15.SYS [] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088] S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616] S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-03 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 IviRegMgr;IviRegMgr; c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-10-24 107624] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247] R2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2006-09-20 46736] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-03-15 386560] R3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-03-30 1251720] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-09 183280] S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2006-10-13 49296] S3 ISPwdSvc;Symantec IS Kennwortprüfung; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2006-10-27 80552] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- mfg Zulman Geändert von Zulman (13.01.2010 um 16:09 Uhr) |