| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner langsam, stürzt ab / Rootkit.MBRWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2010, 20:38
| #1 |
 |  Rechner langsam, stürzt ab / Rootkit.MBR Hallo zusammen, seit einigen Tagen ist mein Rechner extrem langsam und stürzt ständig ab, zumeist der IE. Habe dann den CCleaner laufen lassen und auch diverse Fehler behoben, trotzdem keine Besserun. Habe anschließend Malware laufen lassen und es wurden 2 Fehler gefunden. Hier der Report: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3693 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 09.02.2010 01:59:29 mbam-log-2010-02-09 (01-59-29).txt Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|) Durchsuchte Objekte: 368512 Laufzeit: 2 hour(s), 0 minute(s), 16 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temp\rrim.dll (Rootkit.MBR) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\EKI5HW9B\eHdf9bdbd7V0100f080006R0baf877d102T94a9e506201l0007K446d625830dP000601080[1] (Rootkit.MBR) -> Quarantined and deleted successfully. Habe bei löschen lassen, trotzdem keine Besserung des Problems. Muss ich noch was tun? Bitte um Hilfe... |
|
09.02.2010, 22:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rechner langsam, stürzt ab / Rootkit.MBR Hallo und
__________________ die Malwarebytes-Signauren waren nicht ganz aktuell, aber poste bitte erstmal Logfiles von RSIT und mach danach einen Durchlauf mit GMER und poste auch das Logfile.
__________________ |
|
11.02.2010, 15:10
| #3 |
| | Rechner langsam, stürzt ab / Rootkit.MBR Hier die Logfiles von RSIT:
__________________Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Jan Wasem at 2010-02-11 12:12:37 Microsoft Windows XP Professional Service Pack 3 System drive C: has 23 GB (25%) free of 91 GB Total RAM: 1022 MB (37% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:49, on 11.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\AVG\AVG9\avgwdsvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programme\AVG\AVG9\avgnsx.exe C:\Programme\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programme\AVG\AVG9\avgemc.exe C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe c:\programme\lenovo\system update\suservice.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\AVG\AVG9\avgchsvx.exe C:\Programme\AVG\AVG9\avgrsx.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Programme\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\Explorer.EXE C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\TpShocks.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe C:\Programme\Lenovo\HOTKEY\TPONSCR.exe C:\Programme\Lenovo\Zoom\TpScrex.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Programme\Lenovo\AwayTask\AwaySch.EXE C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe C:\Programme\Microsoft IntelliPoint\ipoint.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\vVX3000.exe C:\WINDOWS\HCWemmon.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Dokumente und Einstellungen\Jan Wasem\Desktop\RSIT.exe C:\Programme\trend micro\Jan Wasem.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.web.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://go.web.de/suchbox/webdesuche?su=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544936.dll O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [PDService.exe] "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [HCWemmon] HCWemmon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [Message Center Plus] C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe /start O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 8.0; Win32; WEB.DE); .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1223899976 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071128-1 O16 - DPF: {B1DE1BE4-AC89-407F-921F-C45C15C8FADB} (xingWebControl.Launcher) - https://www.xing.com/sync/xingWebControl.CAB O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader5.cab?nocache=20080125-1 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: AwayNotify - C:\Programme\Lenovo\AwayTask\AwayNotify.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 17073 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job C:\WINDOWS\tasks\PMTask.job C:\WINDOWS\tasks\SystemToolsDailyTest.job C:\WINDOWS\tasks\User_Feed_Synchronization-{42CC4785-3E36-4840-BC3B-FD73FA9BE2D0}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Programme\AVG\AVG9\avgssie.dll [2009-12-14 1484056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}] WEB.DE Browser Configuration by mquadr.at - C:\WINDOWS\system32\ieconfig_1und1.dll [2009-08-02 610176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}] CPwmIEBrowserHelper Object - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-07-14 719616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - Lenovo ThinkVantage Toolbox - C:\Programme\PC-Doctor\ATLPcdToolbar544936.dll [2009-11-22 137712] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [] "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [] "SynTPLpr"=C:\Programme\Synaptics\SynTP\SynTPLpr.exe [2008-07-03 118784] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008] "EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976] "TPKMAPHELPER"=C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [2006-06-02 856064] "TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536] "TPHOTKEY"=C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [2008-09-30 68976] "TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536] "SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800] "LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2008-09-01 165208] "AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-08-16 69632] "TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424] "DiskeeperSystray"=C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696] "ACTray"=C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [2008-10-27 425984] "ACWLIcon"=C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-10-27 143360] "PDService.exe"=C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe [2006-03-13 41472] "cssauth"=C:\Programme\Lenovo\Client Security Solution\cssauth.exe [2006-07-14 2341632] ""= [] "IntelliPoint"=C:\Programme\Microsoft IntelliPoint\ipoint.exe [2006-11-22 842584] "SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696] "NWEReboot"= [] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-06 707360] "HCWemmon"=C:\WINDOWS\HCWemmon.exe [2007-03-29 61440] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792] "LPMailChecker"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [2008-09-01 124248] "TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe [2009-01-07 60704] "Message Center Plus"=C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-09-05 417792] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-31 2033432] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-09-09 94208] "WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-06-17 439736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe [2009-10-28 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe [2007-01-13 275800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe [2006-03-16 421888] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify] C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll [2008-10-27 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-11-10 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-11-04 12464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify] C:\Programme\Lenovo\AwayTask\AwayNotify.dll [2006-08-16 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll [2008-11-21 95496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2] C:\Programme\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] C:\Programme\Lenovo\HOTKEY\tphklock.dll [2008-08-08 28672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ACGina psqlpwd ACGina C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\Grisoft\AVG7\avginet.exe"="C:\Programme\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe" "C:\Programme\Grisoft\AVG7\avgamsvr.exe"="C:\Programme\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\Programme\Grisoft\AVG7\avgcc.exe"="C:\Programme\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe" "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\web_de_Update.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web.de\web_de_Update.exe:*:Enabled:WEB.DE Update" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer" "C:\Programme\Microsoft LifeCam\LifeCam.exe"="C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe" "C:\Programme\Microsoft LifeCam\LifeExp.exe"="C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe" "C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\AVG\AVG9\avgemc.exe"="C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe" "C:\Programme\AVG\AVG9\avgupd.exe"="C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe" "C:\Programme\AVG\AVG9\avgnsx.exe"="C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2010-02-11 12:12:37 ----D---- C:\rsit 2010-02-11 12:12:37 ----D---- C:\Programme\trend micro 2010-02-09 22:12:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-02-09 22:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-02-09 22:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-02-09 22:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-02-09 22:09:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-02-09 22:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-02-09 22:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-02-09 22:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-02-09 22:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$ 2010-02-05 15:45:55 ----D---- C:\Dokumente und Einstellungen\Jan Wasem\Anwendungsdaten\Malwarebytes 2010-02-05 15:45:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-02-05 15:45:47 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-02-04 21:03:23 ----D---- C:\Programme\CCleaner 2010-02-04 14:41:51 ----D---- C:\_SMA 2010-01-29 21:07:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr 2010-01-29 21:04:33 ----D---- C:\Programme\PC-Doctor 2010-01-13 19:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-01-13 19:32:17 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ ======List of files/folders modified in the last 1 months====== 2010-02-11 12:12:37 ----RD---- C:\Programme 2010-02-11 12:10:02 ----D---- C:\WINDOWS\Temp 2010-02-11 12:08:00 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-11 12:07:52 ----A---- C:\WINDOWS\system32\PROCDB.INI 2010-02-11 12:07:10 ----A---- C:\Log.txt 2010-02-11 11:59:32 ----D---- C:\WINDOWS\Prefetch 2010-02-10 19:31:21 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-09 22:17:04 ----AD---- C:\WINDOWS 2010-02-09 22:16:45 ----HD---- C:\WINDOWS\inf 2010-02-09 22:15:56 ----AD---- C:\WINDOWS\system32 2010-02-09 22:12:58 ----HD---- C:\WINDOWS\$hf_mig$ 2010-02-09 22:12:56 ----A---- C:\WINDOWS\imsins.BAK 2010-02-09 22:12:55 ----ASHD---- C:\WINDOWS\system32\dllcache 2010-02-09 22:12:54 ----D---- C:\WINDOWS\system32\drivers 2010-02-08 17:26:00 ----D---- C:\Dokumente und Einstellungen\Jan Wasem\Anwendungsdaten\FileZilla 2010-02-08 16:57:14 ----D---- C:\SWSHARE 2010-02-05 11:56:36 ----A---- C:\WINDOWS\NeroDigital.ini 2010-02-04 21:30:19 ----D---- C:\WINDOWS\Minidump 2010-02-04 13:14:55 ----SD---- C:\Dokumente und Einstellungen\Jan Wasem\Anwendungsdaten\Microsoft 2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe 2010-02-01 12:00:57 ----SHD---- C:\WINDOWS\Installer 2010-02-01 12:00:56 ----D---- C:\WINDOWS\WinSxS 2010-01-29 22:52:56 ----D---- C:\WINDOWS\security 2010-01-29 21:08:14 ----SD---- C:\WINDOWS\Tasks 2010-01-29 21:06:18 ----D---- C:\WINDOWS\system32\inetsrv 2010-01-29 21:06:16 ----D---- C:\WINDOWS\Help 2010-01-29 21:06:12 ----D---- C:\WINDOWS\Cursors 2010-01-29 21:06:04 ----D---- C:\Programme\Windows NT 2010-01-29 18:12:18 ----D---- C:\Program Files 2010-01-29 18:09:29 ----AD---- C:\VALUEADD 2010-01-29 18:06:39 ----D---- C:\Programme\Bonjour 2010-01-29 18:01:50 ----D---- C:\Programme\ICQ6Toolbar 2010-01-24 18:25:35 ----D---- C:\Programme\Internet Explorer 2010-01-22 16:38:35 ----D---- C:\WINDOWS\ie8updates 2010-01-18 17:35:11 ----D---- C:\WINDOWS\AppPatch 2010-01-13 19:51:55 ----D---- C:\Programme\FileZilla FTP Client ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-10-24 11520] R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-04 333192] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-04 28424] R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-10 360584] R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-08-02 14848] R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-08-02 9343] R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844] R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442] R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2009-01-07 4608] R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys [] R2 PrivateDisk;PrivateDisk; \??\C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [] R2 PROCDD;IPS-Helper-Treiber; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-08-16 5120] R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-04 11904] R2 smi2;smi2; \??\C:\Programme\SMI2\smi2.sys [] R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [] R2 tvtfilter;tvtfilter; \??\C:\WINDOWS\system32\drivers\tvtfilter.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688] R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-11-11 3301888] R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-03-09 152064] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-31 328285] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-31 851434] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456] R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-03-19 25000] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-08-28 3632384] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760] R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-26 30144] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664] R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-08-08 50704] R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2006-07-14 17664] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-31 30427] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-31 148996] S3 btwmodem;Bluetooth-Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-31 30285] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-31 67384] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760] S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-18 322432] S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-06 192512] S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2007-02-27 1783936] S3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 QV2KUX;Casio-Digitalkamera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 USB28xxBGA;WinTV HVR-900; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2007-01-30 361728] S3 USB28xxOEM;WinTV OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-01-30 39680] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-06 1964064] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-10-27 90112] R2 AcSvc;Access Connections Main Service; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [2008-10-27 217088] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-11-10 573440] R2 avg9emc;AVG Free E-mail Scanner; C:\Programme\AVG\AVG9\avgemc.exe [2009-11-04 906520] R2 avg9wd;AVG Free WatchDog; C:\Programme\AVG\AVG9\avgwdsvc.exe [2009-11-04 285392] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 btwdins;Bluetooth Service; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [2006-05-31 266295] R2 Diskeeper;Diskeeper; C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Programme\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160] R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-03-19 38176] R2 IPSSVC;IPS-Basisservice; C:\WINDOWS\system32\IPSSVC.EXE [2006-08-16 73728] R2 IviRegMgr;IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 MSCamSvc;MSCamSvc; C:\Programme\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408] R2 Power Manager DBC Service;Power Manager DBC Service; C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [2008-09-25 94208] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944] R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [2008-08-20 905216] R2 SUService;System Update; c:\programme\lenovo\system update\suservice.exe [2008-10-20 28672] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408] R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416] R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768] R2 TSSCoreService;TSS Core Service; C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe [2006-07-14 723712] R2 TVT Backup Service;TVT Backup Service; C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe [2006-07-14 1974272] R2 TVT Scheduler;TVT Scheduler; C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304] R2 tvtnetwk;tvtnetwk; C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe [2006-07-14 45056] R2 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
11.02.2010, 15:11
| #4 |
| | Rechner langsam, stürzt ab / Rootkit.MBR und Teil 2 Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-02-11 12:12:53
======Uninstall list======
-->C:\Programme\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->C:\Programme\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Programme\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x7 UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Anzeige am Bildschirm-->rundll32.exe "C:\Programme\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Programme\Lenovo\HOTKEY\tphk_tp.inf
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x4f44
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Audiograbber 1.83 SE -->C:\WINDOWS\uninstall\Audiograbber\setup.exe
AVG Free 9.0-->C:\Programme\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Catalyst Control Center - Branding-->MsiExec.exe /I{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
Client Security Solution-->MsiExec.exe /I{48227AEB-DC8E-4A90-A274-0B4A39D699B1}
Dienstprogramm 'ThinkPad-Tastaturanpassung'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x7 anything
Diskeeper Lite-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ergänzung zu Productivity Center für ThinkPad-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x7 -AddRemove
FileZilla Client 3.3.1-->C:\Programme\FileZilla FTP Client\uninstall.exe
Free Studio version 4.2-->"C:\Programme\DVDVideoSoft\Free Studio\unins000.exe"
Funktion "TrackPoint-Eingabehilfen"-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
FUSSBALL MANAGER 08-->C:\Programme\EA SPORTS\FUSSBALL MANAGER 08\eauninstall.exe
Help Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x7 -AddRemove
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel PROSet Wireless-->Intel PROSet Wireless
InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 3-->"C:\Programme\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPhone-Konfigurationsprogramm-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Lenovo ThinkVantage Toolbox-->C:\Programme\PC-Doctor\uninst.exe
LiveReg (Symantec Corporation)-->C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Message Center Plus-->MsiExec.exe /X{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}
Message Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x7 -AddRemove
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{78DB08B0-F440-4BA6-9372-F2C6CC9721B7}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
PDFCreator-->C:\Programme\PDFCreator\unins000.exe
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
Picture Publisher 9-->C:\Programme\Gemeinsame Dateien\iGrafx\igxunst.exe
Präsentationsdirektor-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\SETUP.EXE" -l0x7 -AddRemove
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Rescue and Recovery Critical Patch for Windows Update (KB917422)-->MsiExec.exe /X{83E5061B-A69A-46AD-A780-1DA6569FF283}
Rescue and Recovery-->MsiExec.exe /I{7726CF62-7B45-4E6D-9266-615346816BCA}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SopCast 3.0.3-->C:\Programme\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x7 -removeonly
System Migration Assistant-->MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
ThinkPad Energie-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Programme\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Programme\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad-Dienstprogramm 'EasyEject'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad-Konfiguration-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad-UltraNav-Assistent-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x7 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x7 anything
ThinkVantage Away Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Fingerprint Software 5.8-->MsiExec.exe /I{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x7 -AddRemove
ThinkVantage System für aktiven Festplattenschutz-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x7 anything
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update für Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: JAN
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 19909
Source Name: EventLog
Time Written: 20100103151129.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 6006
Message: Der Ereignisprotokolldienst wurde beendet.
Record Number: 19908
Source Name: EventLog
Time Written: 20100103150950.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 7036
Message: Dienst "Windows Installer" befindet sich jetzt im Status "Beendet".
Record Number: 19907
Source Name: Service Control Manager
Time Written: 20100103150928.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 7036
Message: Dienst "Ati HotKey Poller" befindet sich jetzt im Status "Beendet".
Record Number: 19906
Source Name: Service Control Manager
Time Written: 20100103150922.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 4201
Message: Netzwerkadapter "\DEVICE\TCPIP_{6B0CCF12-18B1-4CE7-AAB2-81D16CCC6876}" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 19905
Source Name: Tcpip
Time Written: 20100103150825.000000+060
Event Type: Informationen
User:
=====Application event log=====
Computer Name: JAN
Event Code: 1
Message:
Record Number: 22109
Source Name: Bonjour Service
Time Written: 20100205104116.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 2
Message: Das Diskeeper-Control Center wurde gestartet.
Diskeeper-Dienst wurde gestartet
Record Number: 22108
Source Name: Diskeeper
Time Written: 20100205104116.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 0
Message:
Record Number: 22107
Source Name: btwdins
Time Written: 20100205104114.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 1002
Message: Die Shell wurde unerwartet beendet und Explorer.exe wurde neu gestartet.
Record Number: 22106
Source Name: Winlogon
Time Written: 20100205101628.000000+060
Event Type: Informationen
User:
Computer Name: JAN
Event Code: 1000
Message: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00037453.
Record Number: 22105
Source Name: Application Error
Time Written: 20100205101623.000000+060
Event Type: Fehler
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\ThinkPad\Utilities;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Diskeeper Corporation\Diskeeper\;C:\Programme\ThinkPad\ConnectUtilities;C:\Programme\Gemeinsame Dateien\Lenovo;C:\Programme\Lenovo\Client Security Solution;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\Intel\WiFi\bin\;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TVT"=C:\Programme\Lenovo
"TVTCOMMON"=C:\Programme\Gemeinsame Dateien\Lenovo
"SWSHARE"=C:\SWSHARE
"RR"=C:\Programme\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Programme\Gemeinsame Dateien\Lenovo\Python24
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr
"SMA"=C:\Programme\ThinkVantage\SMA\
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Beim Durchlauf von GMER kam nach einiger Zeit ein Bluescreen mit folgenden Fehler DRIVER_IRQL_NOT_LESS_OR_EQUAL. Dieser Fehler ist auch beim zweiten Versuch aufgetreten. |
|
11.02.2010, 17:21
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, stürzt ab / Rootkit.MBR In den RSIT Logs seh ich so ncihts - mach bitte eins mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.02.2010, 20:03
| #6 |
| | Rechner langsam, stürzt ab / Rootkit.MBR Habe alles nach Anleitung durchgeführt. Am Anfang kam auch die Meldung das Rootaktivitäten festgestellt wurden, daraufhin gab es einen Neustart und im weiteren Verlauf dann wieder einen Bluescreen, mit der gleichen Fehlermeldung wie oben bereits genannt. Der Test wurde also nicht zu Ende durchgeführt. Was soll ich weiter machen? |
|
11.02.2010, 20:29
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, stürzt ab / Rootkit.MBR Probier mal TDSS-Killer aus: - Download von hier - ZIP entpacken (in eigenen Ordner) - ALLE Programme schließen, v.a. Virenscanner deaktivieren! - Wenn Du aufgefordert wirst den PC neuzustarten, so drücke y um das zu tun - nach dem Neustart Log vom TDSS-Killer posten (sollte direkt auf c: liegen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2010, 16:13
| #8 |
| | Rechner langsam, stürzt ab / Rootkit.MBR Hier der Log vom TDSS-Killer: Code:
ATTFilter 16:01:09:234 6012 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
16:01:09:234 6012 ================================================================================
16:01:09:234 6012 SystemInfo:
16:01:09:234 6012 OS Version: 5.1.2600 ServicePack: 3.0
16:01:09:234 6012 Product type: Workstation
16:01:09:234 6012 ComputerName: JAN
16:01:09:234 6012 UserName: Jan Wasem
16:01:09:234 6012 Windows directory: C:\WINDOWS
16:01:09:234 6012 Processor architecture: Intel x86
16:01:09:234 6012 Number of processors: 2
16:01:09:234 6012 Page size: 0x1000
16:01:09:234 6012 Boot type: Normal boot
16:01:09:234 6012 ================================================================================
16:01:09:250 6012 UnloadDriverW: NtUnloadDriver error 2
16:01:09:250 6012 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:01:09:250 6012 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:01:09:359 6012 UtilityInit: KLMD drop and load success
16:01:09:359 6012 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
16:01:09:359 6012 UtilityInit: KLMD open success
16:01:09:359 6012 UtilityInit: Initialize success
16:01:09:359 6012
16:01:09:359 6012 Scanning Services ...
16:01:09:359 6012 CreateRegParser: Registry parser init started
16:01:09:359 6012 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
16:01:09:359 6012 CreateRegParser: DisableWow64Redirection error
16:01:09:359 6012 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:01:09:359 6012 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
16:01:09:359 6012 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:01:09:359 6012 wfopen_ex: Trying to KLMD file open
16:01:09:359 6012 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
16:01:09:359 6012 wfopen_ex: File opened ok (Flags 2)
16:01:09:359 6012 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 384B68
16:01:09:359 6012 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:01:09:359 6012 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
16:01:09:359 6012 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:01:09:359 6012 wfopen_ex: Trying to KLMD file open
16:01:09:359 6012 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
16:01:09:359 6012 wfopen_ex: File opened ok (Flags 2)
16:01:09:359 6012 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 384C10
16:01:09:359 6012 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
16:01:09:359 6012 CreateRegParser: EnableWow64Redirection error
16:01:09:359 6012 CreateRegParser: RegParser init completed
16:01:09:453 6012 GetAdvancedServicesInfo: Raw services enum returned 425 services
16:01:09:468 6012 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:01:09:468 6012 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:01:09:468 6012
16:01:09:468 6012 Scanning Kernel memory ...
16:01:09:468 6012 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
16:01:09:468 6012 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8716B868
16:01:09:468 6012 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
16:01:09:468 6012
16:01:09:468 6012 DetectCureTDL3: DEVICE_OBJECT: 867FD030
16:01:09:468 6012 KLMD_GetLowerDeviceObject: Trying to get lower device object for 867FD030
16:01:09:468 6012 KLMD_ReadMem: Trying to ReadMemory 0x867FD030[0x38]
16:01:09:468 6012 DetectCureTDL3: DRIVER_OBJECT: 8716B868
16:01:09:468 6012 KLMD_ReadMem: Trying to ReadMemory 0x8716B868[0xA8]
16:01:09:468 6012 KLMD_ReadMem: Trying to ReadMemory 0xE18C3598[0x18]
16:01:09:468 6012 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:01:09:468 6012 DetectCureTDL3: IrpHandler (0) addr: F75D7BB0
16:01:09:468 6012 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (2) addr: F75D7BB0
16:01:09:468 6012 DetectCureTDL3: IrpHandler (3) addr: F75D1D1F
16:01:09:468 6012 DetectCureTDL3: IrpHandler (4) addr: F75D1D1F
16:01:09:468 6012 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (9) addr: F75D22E2
16:01:09:468 6012 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (14) addr: F75D23BB
16:01:09:468 6012 DetectCureTDL3: IrpHandler (15) addr: F75D5F28
16:01:09:468 6012 DetectCureTDL3: IrpHandler (16) addr: F75D22E2
16:01:09:468 6012 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (22) addr: F75D3C82
16:01:09:468 6012 DetectCureTDL3: IrpHandler (23) addr: F75D899E
16:01:09:468 6012 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:01:09:468 6012 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:01:09:468 6012 TDL3_FileDetect: Processing driver: Disk
16:01:09:468 6012 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
16:01:09:468 6012 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
16:01:09:562 6012 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:01:09:562 6012
16:01:09:562 6012 DetectCureTDL3: DEVICE_OBJECT: 867F7B50
16:01:09:562 6012 KLMD_GetLowerDeviceObject: Trying to get lower device object for 867F7B50
16:01:09:562 6012 KLMD_ReadMem: Trying to ReadMemory 0x867F7B50[0x38]
16:01:09:562 6012 DetectCureTDL3: DRIVER_OBJECT: 8716B868
16:01:09:562 6012 KLMD_ReadMem: Trying to ReadMemory 0x8716B868[0xA8]
16:01:09:562 6012 KLMD_ReadMem: Trying to ReadMemory 0xE18C3598[0x18]
16:01:09:562 6012 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:01:09:562 6012 DetectCureTDL3: IrpHandler (0) addr: F75D7BB0
16:01:09:562 6012 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (2) addr: F75D7BB0
16:01:09:562 6012 DetectCureTDL3: IrpHandler (3) addr: F75D1D1F
16:01:09:562 6012 DetectCureTDL3: IrpHandler (4) addr: F75D1D1F
16:01:09:562 6012 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (9) addr: F75D22E2
16:01:09:562 6012 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (14) addr: F75D23BB
16:01:09:562 6012 DetectCureTDL3: IrpHandler (15) addr: F75D5F28
16:01:09:562 6012 DetectCureTDL3: IrpHandler (16) addr: F75D22E2
16:01:09:562 6012 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (22) addr: F75D3C82
16:01:09:562 6012 DetectCureTDL3: IrpHandler (23) addr: F75D899E
16:01:09:562 6012 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:01:09:562 6012 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:01:09:562 6012 TDL3_FileDetect: Processing driver: Disk
16:01:09:562 6012 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
16:01:09:562 6012 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
16:01:09:578 6012 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:01:09:578 6012
16:01:09:578 6012 DetectCureTDL3: DEVICE_OBJECT: 87153030
16:01:09:578 6012 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87153030
16:01:09:578 6012 DetectCureTDL3: DEVICE_OBJECT: 8714D030
16:01:09:578 6012 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8714D030
16:01:09:578 6012 DetectCureTDL3: DEVICE_OBJECT: 87154028
16:01:09:578 6012 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87154028
16:01:09:578 6012 KLMD_ReadMem: Trying to ReadMemory 0x87154028[0x38]
16:01:09:578 6012 DetectCureTDL3: DRIVER_OBJECT: 871DD0C8
16:01:09:578 6012 KLMD_ReadMem: Trying to ReadMemory 0x871DD0C8[0xA8]
16:01:09:578 6012 KLMD_ReadMem: Trying to ReadMemory 0xE18ED750[0x1C]
16:01:09:578 6012 DetectCureTDL3: DRIVER_OBJECT name: \Driver\iaStor, Driver Name: iaStor
16:01:09:578 6012 DetectCureTDL3: IrpHandler (0) addr: F733E706
16:01:09:578 6012 DetectCureTDL3: IrpHandler (1) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (2) addr: F733E706
16:01:09:578 6012 DetectCureTDL3: IrpHandler (3) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (4) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (5) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (6) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (7) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (8) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (9) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (10) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (11) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (12) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (13) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (14) addr: F733B758
16:01:09:578 6012 DetectCureTDL3: IrpHandler (15) addr: F73386AE
16:01:09:578 6012 DetectCureTDL3: IrpHandler (16) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (17) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (18) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (19) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (20) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (21) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (22) addr: F73338EE
16:01:09:578 6012 DetectCureTDL3: IrpHandler (23) addr: F7332B56
16:01:09:578 6012 DetectCureTDL3: IrpHandler (24) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (25) addr: 804F4562
16:01:09:578 6012 DetectCureTDL3: IrpHandler (26) addr: 804F4562
16:01:09:578 6012 TDL3_FileDetect: Processing driver: iaStor
16:01:09:578 6012 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:01:09:578 6012 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:01:09:625 6012 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\iaStor.sys - Verdict: Clean
16:01:09:625 6012
16:01:09:625 6012 Completed
16:01:09:625 6012
16:01:09:625 6012 Results:
16:01:09:625 6012 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
16:01:09:625 6012 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:01:09:625 6012 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:01:09:625 6012
16:01:09:625 6012 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:01:09:625 6012 UtilityDeinit: KLMD(ARK) unloaded successfully
|
|
12.02.2010, 20:38
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, stürzt ab / Rootkit.MBR Seh ich auch so keine Anzeichen - vllt isses wirklich "nur" das MBR-Rootkit Von GMER gibt es ein spezielles Tool um den MBR (Master Boot Record) zu prüfen, der MBR wird zB auch vom Sinowal manipuliert. Die MBR.exe sollte aus der Konsole ausgeführt werden, also zB so: Die mbr.exe liegt direkt auf C:, dann öffnest Du über Start, Ausführen cmd.exe (schwarze Konsole öffnet sich) und dort tippst Du ein: c:\mbr.exe -f Und bestätigst mit Enter. Die Logdatei vom MBR-Tool findest Du im gleichen Pfad, von der die mbr.exe ausgeführt wurde, im obigen Beispiel c:\mbr.log - das bitte öffnen und den Inhalt hier posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2010, 15:34
| #10 |
| | Rechner langsam, stürzt ab / Rootkit.MBR Habe ich ausgeführt. Die Datei mbr.log ist allerdings nicht im Verzeichnis. Habe dann nach der Datei mbr.log gesucht und sie in c:/cofi/ gefunden. Die Datei ist leer. Ausgeführt wurde das Tool von c:/. Das angezeigte Ergebnis (schwarze Fenster) lautet wiefolgt: C:\Dokumente und Einstellungen\Jan Wasem>c:\mbr.exe -f Stealth MBR rootkit/Mebroot/Sinowal detectro 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 0x0BA50A90 malicious code @ sector 0x0BA50A93 ! PE file found in sector at 0x0BA50AA9 ! Zur Info: Seitdem ich diese ganzen Scans ausgeführt habe, läuft meine Fingerabdrucksoftware nicht mehr und auch mein Windows-Kennwort wird nicht mehr angenommen, durch wegklicken komme ich allerdings auf die Benutzeroberfläche und bei einigen Internetseite bekomme ich die Info, dass meine Daten druch Dritte erkannt werden können, wo dies vorher nicht der Fall war. Keine Ahnung, ob dies für den weiteren Verlauf wichtig ist. Danke für die Hilfe! |
|
14.02.2010, 21:44
| #11 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, stürzt ab / Rootkit.MBRZitat:
Zitat:
Mach danach auch noch einen Kontrollscan, öffne Malwarebytes, aktualisiere das Programm, starte einen Vollscan und lass alle etwaigen Funde entfernen. Anschließend wieder das Logfile posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2010, 17:31
| #12 |
| | Rechner langsam, stürzt ab / Rootkit.MBR Hier schonmal der Screenshot... |
|
15.02.2010, 21:57
| #13 |
| | Rechner langsam, stürzt ab / Rootkit.MBR Keine infizierten Objekte gefunden. Hier die log-Datei: Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3741
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
15.02.2010 21:54:59
mbam-log-2010-02-15 (21-54-59).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 366654
Laufzeit: 1 hour(s), 43 minute(s), 32 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
15.02.2010, 22:25
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, stürzt ab / Rootkit.MBRZitat:
 Das hat mit "unseren" Tools nichts zu tun. Sieht aus, als surfst Du mit dem IE - wenn ja, bitte umsteigen zu sowas wie Opera oder Mozilla Firefox.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2010, 22:34
| #15 |
| | Rechner langsam, stürzt ab / Rootkit.MBR Okay, muss ich sonst jetzt noch was beachten? Die diversen Tools, die ich installiert habe, kann ich deinstallieren? Vielen Dank für die schnelle Hilfe.... Jan! |
|
| Themen zu Rechner langsam, stürzt ab / Rootkit.MBR |
| anti-malware, ccleaner, content.ie5, dateien, diverse, dokumente, einstellungen, explorer, extrem langsam, fehler, hallo zusammen, langsam, löschen, malware, minute, rechner, rechner langsam, registrierungsschlüssel, report, rootkit.mbr, service, stürzt ab, temp, temporary, version, was tun, was tun?, zusammen |
Linear-Darstellung
