Werbefenster öffent sich automatisch in Firefox?

werther88 · 28.02.2010, 01:40

Hallo zusammen,

ich hoffe einer von euch kann mir helfen!

Seit kurzem öffnet sich automatisch immer ein Werbefenster in Firefox, so dass die von mir aufgerufene Seite überdeckt wird von einer Werbung und erst durch das klicken des Buttons "skip this ad" weggeklickt werden kann.

Danke schon einmal für eure Hilfe und anbei meine Logfile,

Werther

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35:59, on 28.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lenovo\TrackPoint\tp4serv.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\lotus\notes\ntmulti.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programme\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Lidl_Fotos\dd.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://izarc.org/donate.html
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: flvdirect - {f4d92dd0-9d7a-c41f-2ac2-05a602621129} - C:\WINDOWS\system32\aC554QRJQ7bjGo.dll
O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544928.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programme\lotus\notes\ntmulti.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9322 bytes

MalwareHero · 28.02.2010, 02:07

Zitat:

Zitat von werther88

Hallo zusammen,

ich hoffe einer von euch kann mir helfen!

Guten Abend und

> Download Malwarebytes und mache einen "Fast Scan". Poste das Log.

> Diese Datei: C:\WINDOWS\system32\aC554QRJQ7bjGo.dll
bei VirusTotal - Kostenloser online Viren- und Malwarescanner
hochladen, prüfen lassen und Log posten.

> Scan mit HijackThis und "fixe" diese Einträge (Kästchen ankreuzen und auf "fix checked" klicken)

Zitat:

O2 - BHO: flvdirect - {f4d92dd0-9d7a-c41f-2ac2-05a602621129} - C:\WINDOWS\system32\aC554QRJQ7bjGo.dll
O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544928.dll
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

lg.

werther88 · 28.02.2010, 09:32

Danke erst einmal, MalwareHero!

zu 1.
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3805
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.02.2010 09:32:07
mbam-log-2010-02-28 (09-32-02).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 114892
Laufzeit: 5 minute(s), 58 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 9
Infizierte Dateien: 43

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rlx-f_26gbfy (Adware.LoudMo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\FLV Direct Player (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window (Adware.BHO.FL) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLV Direct Player (Adware.FLVPlayer) -> No action taken.

Infizierte Dateien:
C:\WINDOWS\system32\rlX-F_26GBFy.exe (Adware.LoudMo) -> No action taken.
C:\Programme\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\dskinliteu.dll (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\player.dat (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\preload.swf (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin.xml (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp (Adware.BHO.FL) -> No action taken.
C:\Programme\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp (Adware.BHO.FL) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> No action taken.
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> No action taken.

zu 2.
Das kam dabei raus:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.22 Riskware.AdWare.Win32.EZula!IK
AhnLab-V3 5.0.0.2 2010.02.22 -
AntiVir 8.2.1.172 2010.02.22 -
Antiy-AVL 2.0.3.7 2010.02.22 -
Authentium 5.2.0.5 2010.02.22 -
Avast 4.8.1351.0 2010.02.22 -
AVG 9.0.0.730 2010.02.22 -
BitDefender 7.2 2010.02.22 -
CAT-QuickHeal 10.00 2010.02.22 -
ClamAV 0.96.0.0-git 2010.02.22 -
Comodo 4026 2010.02.22 -
DrWeb 5.0.1.12222 2010.02.22 -
eSafe 7.0.17.0 2010.02.22 -
eTrust-Vet 35.2.7318 2010.02.22 -
F-Prot 4.5.1.85 2010.02.22 -
F-Secure 9.0.15370.0 2010.02.22 -
Fortinet 4.0.14.0 2010.02.21 -
GData 19 2010.02.22 -
Ikarus T3.1.1.80.0 2010.02.22 not-a-virus:AdWare.Win32.EZula
Jiangmin 13.0.900 2010.02.22 -
K7AntiVirus 7.10.980 2010.02.22 -
Kaspersky 7.0.0.125 2010.02.22 -
McAfee 5900 2010.02.22 -
McAfee+Artemis 5900 2010.02.22 -
McAfee-GW-Edition 6.8.5 2010.02.22 -
Microsoft 1.5406 2010.02.22 -
NOD32 4888 2010.02.22 -
Norman 6.04.08 2010.02.22 -
nProtect 2009.1.8.0 2010.02.22 -
Panda 10.0.2.2 2010.02.21 -
PCTools 7.0.3.5 2010.02.22 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.22 -
Sunbelt 5692 2010.02.22 -
Symantec 20091.2.0.41 2010.02.22 Suspicious.Insight
TheHacker 6.5.1.6.205 2010.02.22 -
TrendMicro 9.120.0.1004 2010.02.22 -
VBA32 3.12.12.2 2010.02.22 -
ViRobot 2010.2.22.2196 2010.02.22 -
VirusBuster 5.0.27.0 2010.02.22 -
weitere Informationen
File size: 1249280 bytes
MD5 : 68437f19f2d76ce0a3f11063c596b836
SHA1 : 5e43d16c6863095c14d11590c47ef7201685b694
SHA256: 1582a3280a4a514c1a9bee3faca2f1ceb1377525b2dafe6e322b08e74473bad1
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xE6CB1
timedatestamp.....: 0x4B631ADD (Fri Jan 29 18:29:01 2010)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xFBCBC 0xFC000 6.66 536cd376352a705f94983506924574a9
.rdata 0xFD000 0x188A9 0x19000 4.94 b37e07321c28835812d212403d039dc4
.data 0x116000 0x5954 0x1000 5.42 8dc67231bebd001a6bd6f6148d7c041e
.reloc 0x11C000 0x197F4 0x1A000 6.13 022d27f21163b1490d0475a75bafd446

( 7 imports )

> kernel32.dll: GetProcAddress, LoadLibraryA, MultiByteToWideChar, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, GetCurrentThreadId, LoadLibraryW, WideCharToMultiByte
> msvcp60.dll: _peek@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEHXZ, _get@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEHXZ, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@0@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __C@_1___Nullstr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@CAPBGXZ@4GB, __1_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@XZ, __Tidy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEX_N@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBGABV10@@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _assign@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@2IB, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@PBGI@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV01@@Z, __Freeze@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXXZ, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@PBG@Z, __1_Lockit@std@@QAE@XZ, __0_Lockit@std@@QAE@XZ, __Mstd@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@0@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IG@Z, __Eos@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __Split@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXXZ, __Xran@std@@YAXXZ, __Grow@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAE_NI_N@Z, __Copy@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEXI@Z, __Xlen@std@@YAXXZ, _max_size@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, _substr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBE_AV12@II@Z, _find_last_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, __0logic_error@std@@QAE@ABV01@@Z, __0out_of_range@std@@QAE@ABV01@@Z, __1out_of_range@std@@UAE@XZ, __0out_of_range@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDABV_$allocator@D@1@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@PBGABV_$allocator@G@1@@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@PBG@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _erase@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@II@Z, __9std@@YA_NABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@0@Z, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, _find_first_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, _find_first_not_of@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIPBGII@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z, __1locale@std@@QAE@XZ, __Global@_Locimp@locale@std@@0PAV123@A, __Init@locale@std@@CAPAV_Locimp@12@XZ, _do_narrow@_$ctype@G@std@@MBEDGD@Z, _do_narrow@_$ctype@G@std@@MBEPBGPBG0DPAD@Z, _do_widen@_$ctype@G@std@@MBEGD@Z, _do_widen@_$ctype@G@std@@MBEPBDPBD0PAG@Z, _do_toupper@_$ctype@G@std@@MBEGG@Z, _do_toupper@_$ctype@G@std@@MBEPBGPAGPBG@Z, _do_tolower@_$ctype@G@std@@MBEGG@Z, _do_tolower@_$ctype@G@std@@MBEPBGPAGPBG@Z, _do_scan_not@_$ctype@G@std@@MBEPBGFPBG0@Z, _do_scan_is@_$ctype@G@std@@MBEPBGFPBG0@Z, _do_is@_$ctype@G@std@@MBE_NFG@Z, _do_is@_$ctype@G@std@@MBEPBGPBG0PAF@Z, __0bad_cast@std@@QAE@ABV01@@Z, __1bad_cast@std@@UAE@XZ, __1ctype_base@std@@UAE@XZ, __1facet@locale@std@@UAE@XZ, ___7bad_cast@std@@6B@, __1_Locinfo@std@@QAE@XZ, _Getctype, __0_Locinfo@std@@QAE@PBD@Z, ___7_$ctype@G@std@@6B@, ___7ctype_base@std@@6B@, ___7facet@locale@std@@6B@, __Iscloc@locale@std@@QBE_NXZ, __Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z, __Id_cnt@id@locale@std@@0HA, _id@_$ctype@G@std@@2V0locale@2@A, __1_$ctype@G@std@@UAE@XZ, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, __Copy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __1_$basic_istream@DU_$char_traits@D@std@@@std@@UAE@XZ, __1ios_base@std@@UAE@XZ, __1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ, ___7_$basic_istream@DU_$char_traits@D@std@@@std@@6B@, __1_$basic_filebuf@DU_$char_traits@D@std@@@std@@UAE@XZ, _setstate@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, _open@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z, ___7_$basic_ifstream@DU_$char_traits@D@std@@@std@@6B@, __0_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z, __0_$basic_istream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N@Z, ___7_$basic_ios@DU_$char_traits@D@std@@@std@@6B@, __0ios_base@std@@IAE@XZ, ___8_$basic_ifstream@DU_$char_traits@D@std@@@std@@7B@, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@DABV10@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __0runtime_error@std@@QAE@ABV01@@Z, __1runtime_error@std@@UAE@XZ, ___7runtime_error@std@@6B@, __8std@@YA_NPBGABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAE@ABV_$allocator@G@1@@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIABV12@II@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z, _assign@_$char_traits@G@std@@SAXAAGABG@Z, __Nullstr@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@CAPBGXZ, __Refcnt@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@AAEAAEPBG@Z, _copy@_$char_traits@G@std@@SAPAGPAGPBGI@Z, _capacity@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, _c_str@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEPBGXZ, _size@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIXZ, _find@_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@std@@QBEIABV12@I@Z, __1logic_error@std@@UAE@XZ, ___7out_of_range@std@@6B@, ___7logic_error@std@@6B@, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, ___D_$basic_ofstream@GU_$char_traits@G@std@@@std@@QAEXXZ, __1_$basic_ostream@GU_$char_traits@G@std@@@std@@UAE@XZ, ___D_$basic_ifstream@GU_$char_traits@G@std@@@std@@QAEXXZ, __1_$basic_istream@GU_$char_traits@G@std@@@std@@UAE@XZ, __1_$basic_streambuf@GU_$char_traits@G@std@@@std@@UAE@XZ, _close@_$basic_filebuf@GU_$char_traits@G@std@@@std@@QAEPAV12@XZ, ___7_$basic_filebuf@GU_$char_traits@G@std@@@std@@6B@, __6std@@YAAAV_$basic_ostream@GU_$char_traits@G@std@@@0@AAV10@PBG@Z, __6std@@YAAAV_$basic_ostream@GU_$char_traits@G@std@@@0@AAV10@ABV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@@Z, ___7_$basic_ostream@GU_$char_traits@G@std@@@std@@6B@, ___7_$basic_ofstream@GU_$char_traits@G@std@@@std@@6B@, __0_$basic_ostream@GU_$char_traits@G@std@@@std@@QAE@PAV_$basic_streambuf@GU_$char_traits@G@std@@@1@_N1@Z, ___8_$basic_ofstream@GU_$char_traits@G@std@@@std@@7B@, __1_$basic_ios@GU_$char_traits@G@std@@@std@@UAE@XZ, ___7_$basic_istream@GU_$char_traits@G@std@@@std@@6B@, __1_$basic_filebuf@GU_$char_traits@G@std@@@std@@UAE@XZ, _getline@std@@YAAAV_$basic_istream@GU_$char_traits@G@std@@@1@AAV21@AAV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@1@@Z, _setstate@_$basic_ios@GU_$char_traits@G@std@@@std@@QAEXH_N@Z, _open@_$basic_filebuf@GU_$char_traits@G@std@@@std@@QAEPAV12@PBDH@Z, ___7_$basic_ifstream@GU_$char_traits@G@std@@@std@@6B@, __0_$basic_filebuf@GU_$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z, __0_$basic_istream@GU_$char_traits@G@std@@@std@@QAE@PAV_$basic_streambuf@GU_$char_traits@G@std@@@1@_N@Z, ___7_$basic_ios@GU_$char_traits@G@std@@@std@@6B@, ___8_$basic_ifstream@GU_$char_traits@G@std@@@std@@7B@, __1_$basic_ofstream@GU_$char_traits@G@std@@@std@@UAE@XZ, __1_$basic_streambuf@DU_$char_traits@D@std@@@std@@UAE@XZ, _close@_$basic_filebuf@DU_$char_traits@D@std@@@std@@QAEPAV12@XZ, ___7_$basic_filebuf@DU_$char_traits@D@std@@@std@@6B@, _getline@std@@YAAAV_$basic_istream@DU_$char_traits@D@std@@@1@AAV21@AAV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, __1_$basic_ifstream@DU_$char_traits@D@std@@@std@@UAE@XZ, __0Init@ios_base@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1_Winit@std@@QAE@XZ, _seekg@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@V_$fpos@H@2@@Z, __0runtime_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, _tellg@_$basic_istream@DU_$char_traits@D@std@@@std@@QAE_AV_$fpos@H@2@XZ, _seekg@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z, __0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ, _what@logic_error@std@@UBEPBDXZ, __Fpz@std@@3_JB, _read@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADH@Z, _max_size@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIXZ, ___D_$basic_ofstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __1_$basic_ostream@DU_$char_traits@D@std@@@std@@UAE@XZ, _write@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z, ___7_$basic_ostream@DU_$char_traits@D@std@@@std@@6B@, _clear@_$basic_ios@DU_$char_traits@D@std@@@std@@QAEXH_N@Z, ___7_$basic_ofstream@DU_$char_traits@D@std@@@std@@6B@, __0_$basic_ostream@DU_$char_traits@D@std@@@std@@QAE@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_N1@Z, ___8_$basic_ofstream@DU_$char_traits@D@std@@@std@@7B@, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@@V_$allocator@G@2@@0@ABV10@G@Z
> msvcrt.dll: __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z, fwrite, _fdopen, _terminate@@YAXXZ, _except_handler3, __1type_info@@UAE@XZ, __CxxFrameHandler, strcpy, strlen, __2@YAPAXI@Z, wcslen, memcmp, swprintf, __0exception@@QAE@ABV0@@Z, _CxxThrowException, time, _purecall, _ltow, _ultow, wcstol, _errno, wcstoul, atof, __1exception@@UAE@XZ, __0exception@@QAE@ABQBD@Z, memmove, fclose, _wfopen, rand, _ftol, wcsftime, localtime, gmtime, wcscpy, _beginthreadex, difftime, _wstat, memchr, isalnum, tolower, fopen, _snprintf, fprintf, fread, ftell, fseek, fputc, isalpha, isspace, strncmp, strchr, free, __dllonexit, _onexit, _initterm, malloc, _adjust_fdiv
> ole32.dll: CoUnmarshalInterface, CoMarshalInterThreadInterfaceInStream
> oleaut32.dll: -, -, -, -, -
> urlmon.dll: UrlMkSetSessionOption
> user32.dll: ShowWindow, IsWindow

( 1 exports )

> DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 24576

7MpkxP4uDCzjbdAY0weICeIYJGXWzx15GeKw2NrRD4TXTXtn2zgOXj7Qkbuh

YV5AY7QeSHiXT9V+7QQuh
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set

zu 3. habe ich gemacht

LG

Werther

MalwareHero · 28.02.2010, 15:01

Zitat:

Zitat von werther88

Danke erst einmal, MalwareHero!

Infizierte Registrierungsschlüssel: 4
Infizierte Verzeichnisse: 9
Infizierte Dateien: 43

-> No action taken.

Bitte die Fünde von MalwarebytesAntiMalware LÖSCHEN LASSEN!
Wie du das machst ist in der Anleitung hier angegeben:
http://www.trojaner-board.de/51187-a...i-malware.html

> Wenn nicht absolut erwünscht, deinstallieren: C:\Programme\FLV Direct Player

> Lade dir dieses Tool auf dein Desktop:
http://jpshortstuff.247fixes.com/SystemLook.exe

Doppelklick auf die Datei. Ins Fenster kopierst du genau diesen Befehl:

Zitat:

:filefind
aC554QRJQ7bjGo.dll

:regfind
aC554QRJQ7bjGo.dll

Dann drückst du auf "Look" und kopierst das Log hier, nachdem gescannt wurde.

> Download: Super Anti Spyware http://www.trojaner-board.de/51871-a...tispyware.html und führe es nach der Anleitung aus. Poste das Log.

> Nachdem du die Fünde von Malwarebytes und SUPERAntiSpyware beseitigst hast poste ein neues Hijackthislog. Das Problem sollte danach beseitigt sein.

lg.

werther88 · 28.02.2010, 17:44

Hey malwareHero,

anbei die Logs zu den von dir empfohlenen Schritten! Schon einmal herzlichen Dank:

zu 1.)
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3805
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.02.2010 15:54:47
mbam-log-2010-02-28 (15-54-47).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 190882
Laufzeit: 46 minute(s), 20 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rlx-f_26gbfy (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\Free WAV to MP3 Converter\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlX-F_26GBFy.exe (Adware.LoudMo) -> Quarantined and deleted successfully.

zu 2.)
schon deinstalliert!

zu 3.)
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:55 on 28/02/2010 by Sebastian Barth (Administrator - Elevation successful)

========== filefind ==========

Searching for "aC554QRJQ7bjGo.dll"
No files found.

========== regfind ==========

Searching for "aC554QRJQ7bjGo.dll "
No data found.

-=End Of File=-

zu 4.)

zu 5.
Hijackthislog
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/28/2010 at 05:16 PM

Application Version : 4.34.1000

Core Rules Database Version : 4624
Trace Rules Database Version: 2436

Scan type : Complete Scan
Total Scan Time : 01:14:16

Memory items scanned : 715
Memory threats detected : 0
Registry items scanned : 5547
Registry threats detected : 0
File items scanned : 73054
File threats detected : 10

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@atdmt[1].txt
C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@bs.serving-sys[2].txt
C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@doubleclick[1].txt
C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@msnportal.112.2o7[1].txt
C:\Dokumente und Einstellungen\Sebastian Barth\Cookies\sebastian_barth@serving-sys[2].txt

Trojan.Agent/Gen-Trashur
C:\PROGRAMME\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20100228-092306-853.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C80C23F-2F54-4C8D-9264-A4AE9BE47321}\RP49\A0005539.DLL

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C80C23F-2F54-4C8D-9264-A4AE9BE47321}\RP49\A0005621.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0C80C23F-2F54-4C8D-9264-A4AE9BE47321}\RP49\A0005622.EXE

Unclassified.Unknown Origin
D:\EIGENE DATEIEN -ALT\INSTALL FILES\TRANSKRIBTION\MAXQDA\KEYGEN.NFO

Danke
Werther

werther88 · 01.03.2010, 16:39

Ist leider immer noch da!

MalwareHero · 01.03.2010, 17:48

Zitat:

Zitat von werther88

Ist leider immer noch da!

Dann müssen wir wohl tiefer graben.

Bitte dieses Log posten:
http://www.trojaner-board.de/74910-a...tion-tool.html

und sage mir mal, woher das kommt:

Unclassified.Unknown Origin
D:\EIGENE DATEIEN -ALT\INSTALL FILES\TRANSKRIBTION\MAXQDA\KEYGEN.NFO

lg.

werther88 · 01.03.2010, 18:08

Also noch einmal herzlichen Dank:

Die Logs:

1.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sebastian Barth at 2010-03-01 18:04:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 87 GB (87%) free of 100 GB
Total RAM: 1526 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:40, on 01.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lenovo\TrackPoint\tp4serv.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\Programme\Lenovo\AwayTask\AwaySch.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\lotus\notes\ntmulti.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programme\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Dokumente und Einstellungen\Sebastian Barth\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Sebastian Barth.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://izarc.org/donate.html
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Programme\lotus\notes\ntmulti.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Programme\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9255 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\SystemToolsDailyTest.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-18 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\Programme\Lenovo\TrackPoint\tp4serv.exe [2009-06-26 92960]
"FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2007-06-26 312320]
"TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2009-12-11 337256]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2009-07-23 185688]
"LPMailChecker"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [2009-07-23 124248]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"AMSG"=C:\Programme\ThinkVantage\AMSG\Amsg.exe [2009-09-03 436800]
"AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688]
"SoundMAXPnP"=C:\Programme\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Programme\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-05 137752]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-01-11 246504]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-07-11 20480]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2007-05-10 835584]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2009-04-24 360448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-02-18 2012912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2010-01-27 256280]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Device Detector 2.lnk - C:\Programme\Olympus\DeviceDetector\DevDtct2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll [2009-12-01 100104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24a04726-1ad1-11df-8ade-0013024e8682}]
shell\play\command - "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1

======List of files/folders created in the last 1 months======

2010-03-01 18:04:35 ----D---- C:\rsit
2010-03-01 17:49:46 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\MAXQDA2007
2010-03-01 17:48:52 ----D---- C:\Programme\MAXQDA2007
2010-02-28 15:57:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2010-02-28 15:57:34 ----D---- C:\Programme\SUPERAntiSpyware
2010-02-28 15:57:34 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\SUPERAntiSpyware.com
2010-02-28 15:56:49 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2010-02-28 09:24:49 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Malwarebytes
2010-02-28 09:24:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-02-28 09:24:41 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-02-28 01:35:40 ----D---- C:\Programme\Trend Micro
2010-02-28 01:32:29 ----A---- C:\cleannavi.txt
2010-02-28 01:31:41 ----D---- C:\Programme\Navilog1
2010-02-27 15:22:12 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-02-27 15:19:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lidl_Fotos
2010-02-27 15:19:10 ----D---- C:\Programme\Lidl_Fotos
2010-02-25 10:11:58 ----A---- C:\WINDOWS\system32\VNUSB.dll
2010-02-25 10:11:58 ----A---- C:\WINDOWS\system32\DW90USB.DLL
2010-02-25 06:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-24 19:33:39 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-02-23 18:25:08 ----D---- C:\Programme\pdfsam
2010-02-22 09:40:51 ----D---- C:\Programme\Olympus
2010-02-21 20:00:28 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\dvdcss
2010-02-19 23:54:12 ----D---- C:\WINDOWS\Sun
2010-02-19 07:42:22 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-02-19 07:40:59 ----A---- C:\WINDOWS\FixCamera.exe
2010-02-19 07:40:59 ----A---- C:\WINDOWS\amcap.exe
2010-02-19 07:40:56 ----A---- C:\WINDOWS\vsnpstd3.exe
2010-02-19 07:40:56 ----A---- C:\WINDOWS\tsnpstd3.exe
2010-02-19 07:40:56 ----A---- C:\WINDOWS\snpstd3.ini
2010-02-19 07:40:52 ----D---- C:\Programme\Gemeinsame Dateien\snpstd3
2010-02-19 07:40:52 ----A---- C:\WINDOWS\system32\vsnpstd3.dll
2010-02-19 07:40:52 ----A---- C:\WINDOWS\system32\rsnpstd3.dll
2010-02-19 07:40:52 ----A---- C:\WINDOWS\system32\csnpstd3.dll
2010-02-19 07:40:52 ----A---- C:\WINDOWS\csnpstd3.dll
2010-02-19 07:40:38 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\InstallShield
2010-02-18 13:12:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
2010-02-18 13:12:31 ----D---- C:\Programme\Gemeinsame Dateien\Java
2010-02-18 13:12:08 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-18 13:12:08 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-18 13:12:08 ----A---- C:\WINDOWS\system32\java.exe
2010-02-18 13:12:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-18 13:11:48 ----D---- C:\Programme\Java
2010-02-18 13:11:27 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Sun
2010-02-18 11:52:27 ----D---- C:\Programme\Free WAV to MP3 Converter
2010-02-18 08:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-17 22:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-17 09:56:15 ----A---- C:\WINDOWS\brmx2001.ini
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\BRVPDNTA.DLL
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\BRVPD95A.DLL
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\brrbtool.exe
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\BROSNMP.DLL
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\brlm03a.dll
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\BRGSRC32.DLL
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\BRGSRC16.DLL
2010-02-17 09:56:14 ----A---- C:\WINDOWS\system32\Brdiag2.exe
2010-02-17 09:56:14 ----A---- C:\WINDOWS\bw5150d.ini
2010-02-17 09:56:14 ----A---- C:\WINDOWS\BRVIDEO.INI
2010-02-17 09:56:14 ----A---- C:\WINDOWS\Brownie.ini
2010-02-17 09:56:14 ----A---- C:\WINDOWS\BRDIAG.INI
2010-02-17 09:56:13 ----D---- C:\Programme\Brownie
2010-02-17 09:56:13 ----A---- C:\WINDOWS\HL-5150D.INI
2010-02-17 09:55:50 ----A---- C:\WINDOWS\system32\PDRVINST.DLL
2010-02-17 09:55:49 ----N---- C:\WINDOWS\system32\BRWEBUP.EXE
2010-02-17 09:55:49 ----N---- C:\WINDOWS\system32\BrWebIns.dll
2010-02-17 09:55:48 ----D---- C:\Programme\Brother
2010-02-17 09:55:22 ----A---- C:\WINDOWS\IsUn0407.exe
2010-02-17 09:13:05 ----SHD---- C:\RECYCLER
2010-02-17 09:02:30 ----RD---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Brother
2010-02-17 09:00:45 ----A---- C:\WINDOWS\BO5150D.INI
2010-02-17 09:00:07 ----A---- C:\WINDOWS\BRWMARK.INI
2010-02-17 09:00:07 ----A---- C:\WINDOWS\BRPP2KA.INI
2010-02-17 09:00:06 ----A---- C:\WINDOWS\system32\brss01a.ini
2010-02-17 08:58:10 ----D---- C:\9ddfb9556c07fa49f47ea51f2232
2010-02-17 08:57:54 ----D---- C:\WINDOWS\SxsCaPendDel
2010-02-17 07:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-17 07:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-17 07:42:49 ----D---- C:\Programme\MSXML 4.0
2010-02-17 01:12:55 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-17 00:59:18 ----D---- C:\Programme\lotus
2010-02-17 00:55:21 ----D---- C:\TEMP
2010-02-17 00:51:54 ----A---- C:\WINDOWS\SpssLM.ini
2010-02-17 00:51:11 ----D---- C:\Programme\SPSS
2010-02-17 00:46:21 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\vlc
2010-02-17 00:35:07 ----D---- C:\Programme\Microsoft Works
2010-02-17 00:33:54 ----D---- C:\Programme\Microsoft Visual Studio
2010-02-17 00:33:53 ----D---- C:\Programme\Gemeinsame Dateien\DESIGNER
2010-02-17 00:32:10 ----D---- C:\Programme\Microsoft.NET
2010-02-17 00:28:50 ----D---- C:\Programme\Microsoft Visual Studio 8
2010-02-17 00:27:47 ----D---- C:\WINDOWS\SHELLNEW
2010-02-17 00:26:46 ----D---- C:\Programme\Microsoft Office
2010-02-17 00:26:17 ----RHD---- C:\MSOCache
2010-02-17 00:25:49 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\skypePM
2010-02-17 00:23:49 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Skype
2010-02-17 00:23:21 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2010-02-17 00:23:20 ----RD---- C:\Programme\Skype
2010-02-17 00:16:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2010-02-17 00:00:20 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-02-16 23:53:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-02-16 08:59:08 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\OpenOffice.org
2010-02-15 19:48:00 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-02-15 19:46:36 ----D---- C:\Programme\CONEXANT
2010-02-15 19:46:11 ----D---- C:\WINDOWS\system32\x64
2010-02-15 19:46:11 ----D---- C:\WINDOWS\system32\Lang
2010-02-15 19:46:11 ----A---- C:\WINDOWS\system32\igxpun.exe
2010-02-15 19:45:53 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-02-15 14:55:02 ----N---- C:\WINDOWS\PWMBTHLP.EXE
2010-02-15 14:47:14 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2010-02-15 14:45:19 ----D---- C:\Programme\MSBuild
2010-02-15 14:45:16 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-15 14:45:12 ----D---- C:\WINDOWS\system32\en-us
2010-02-15 14:45:11 ----D---- C:\Programme\Reference Assemblies
2010-02-15 14:44:37 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-02-15 14:32:03 ----D---- C:\DRIVERS
2010-02-15 14:21:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr
2010-02-15 14:20:35 ----D---- C:\Programme\PC-Doctor
2010-02-15 14:11:17 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Macromedia
2010-02-15 14:11:17 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Adobe
2010-02-15 14:04:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2010-02-15 14:04:04 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-02-15 14:04:04 ----D---- C:\Programme\Adobe
2010-02-15 14:00:11 ----D---- C:\Programme\Avira
2010-02-15 14:00:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2010-02-15 13:44:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2010-02-15 13:42:51 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Lenovo
2010-02-15 12:07:42 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-02-15 12:07:34 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2010-02-15 12:06:31 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-02-15 12:06:26 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2010-02-15 12:06:26 ----N---- C:\WINDOWS\system32\SMMedia.dll
2010-02-15 12:06:26 ----N---- C:\WINDOWS\system32\CleanUp.exe
2010-02-15 12:06:26 ----D---- C:\Programme\Analog Devices
2010-02-15 12:06:26 ----A---- C:\WINDOWS\system32\DSndUp.exe
2010-02-15 12:04:15 ----A---- C:\WINDOWS\system32\TP4HOOK.dll
2010-02-15 12:04:15 ----A---- C:\WINDOWS\system32\TP4EX.exe
2010-02-15 12:04:15 ----A---- C:\WINDOWS\system32\tp4cross.exe
2010-02-15 12:04:15 ----A---- C:\WINDOWS\system32\FPCALL.dll
2010-02-15 12:03:55 ----N---- C:\WINDOWS\system32\ahlprun.exe
2010-02-15 12:03:55 ----A---- C:\WINDOWS\system32\msxml4r.dll
2010-02-15 12:03:55 ----A---- C:\WINDOWS\system32\msxml4a.dll
2010-02-15 12:02:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
2010-02-15 12:02:59 ----A---- C:\WINDOWS\system32\MFC71.DLL
2010-02-15 12:02:57 ----HD---- C:\Programme\InstallShield Installation Information
2010-02-15 12:02:57 ----D---- C:\Programme\ThinkVantage
2010-02-15 12:02:45 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2010-02-15 12:02:00 ----D---- C:\Programme\Gemeinsame Dateien\SPBA
2010-02-15 12:01:56 ----D---- C:\Programme\ThinkVantage Fingerprint Software
2010-02-15 12:01:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB
2010-02-15 11:14:11 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Intel
2010-02-15 11:13:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-15 11:13:48 ----A---- C:\WINDOWS\system32\NETw5r32.dll
2010-02-15 11:13:48 ----A---- C:\WINDOWS\system32\NETw5c32.dll
2010-02-15 11:13:42 ----D---- C:\Programme\Gemeinsame Dateien\Intel
2010-02-15 11:13:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel
2010-02-15 11:13:09 ----D---- C:\Programme\ThinkPad
2010-02-15 11:11:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-15 11:11:47 ----D---- C:\Programme\Intel
2010-02-15 10:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-15 10:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-15 10:12:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-15 10:12:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-15 10:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-15 10:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-15 10:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-15 10:11:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-15 10:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-02-15 10:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-15 10:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-15 10:10:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-15 10:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-15 10:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-15 10:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-15 10:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-15 10:09:21 ----D---- C:\WINDOWS\ie8updates
2010-02-15 10:09:01 ----D---- C:\WINDOWS\WBEM
2010-02-15 10:08:05 ----HDC---- C:\WINDOWS\ie8
2010-02-15 10:06:48 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-15 09:59:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-15 09:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-15 09:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-15 09:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-15 09:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-15 09:58:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-15 09:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-15 09:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-15 09:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-15 09:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-15 09:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-15 09:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-15 09:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-15 09:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-15 09:58:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-15 09:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-15 09:57:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-15 09:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-15 09:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-15 09:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-15 09:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-15 09:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-15 09:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-15 09:57:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-15 09:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-15 09:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-02-15 09:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-02-15 09:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-15 09:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-15 09:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-02-15 09:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-15 09:56:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-15 09:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-15 09:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-15 09:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-15 09:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-15 09:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-15 09:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-15 09:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-15 09:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-15 09:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-15 09:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-15 09:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-02-15 09:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-15 09:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-15 09:55:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-15 09:35:04 ----D---- C:\WINDOWS\system32\(null)
2010-02-15 09:34:50 ----D---- C:\Programme\Lenovo
2010-02-15 09:34:50 ----D---- C:\Programme\Gemeinsame Dateien\Lenovo
2010-02-15 09:31:17 ----D---- C:\Programme\VideoLAN
2010-02-15 09:30:22 ----D---- C:\Programme\OpenOffice.org 3
2010-02-15 09:28:52 ----A---- C:\WINDOWS\system32\unredmon.exe
2010-02-15 09:28:52 ----A---- C:\WINDOWS\system32\redmonnt.dll
2010-02-15 09:28:51 ----D---- C:\Programme\FreePDF_XP
2010-02-15 09:28:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-15 09:28:47 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-15 09:28:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-15 09:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-02-15 09:28:46 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-15 09:28:27 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Thunderbird
2010-02-15 09:28:27 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Mozilla
2010-02-15 09:28:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
2010-02-15 09:28:21 ----D---- C:\Programme\gs
2010-02-15 09:28:18 ----D---- C:\Programme\Ashampoo
2010-02-15 09:28:02 ----D---- C:\Programme\Mozilla Thunderbird
2010-02-15 09:27:10 ----D---- C:\Programme\Mozilla Firefox
2010-02-15 09:27:07 ----RSD---- C:\WINDOWS\assembly
2010-02-15 09:26:57 ----D---- C:\Programme\IZArc
2010-02-15 09:26:45 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-15 09:24:03 ----A---- C:\WINDOWS\system32\wpa.bak
2010-02-15 09:24:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-02-15 09:23:35 ----A---- C:\WINDOWS\system32\PROUnstl.exe
2010-02-15 09:23:26 ----A---- C:\WINDOWS\system32\NicInstE.dll
2010-02-15 09:23:26 ----A---- C:\WINDOWS\system32\NicCo2.dll
2010-02-15 09:23:26 ----A---- C:\WINDOWS\system32\e1000msg.dll
2010-02-12 15:53:44 ----SH---- C:\boot.ini
2010-02-12 15:47:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-12 15:47:05 ----RSD---- C:\WINDOWS\Fonts
2010-02-12 15:47:05 ----RD---- C:\WINDOWS\Web
2010-02-12 15:47:05 ----HD---- C:\WINDOWS\inf
2010-02-12 15:47:05 ----D---- C:\WINDOWS\WinSxS
2010-02-12 15:47:05 ----D---- C:\WINDOWS\twain_32
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Temp
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\wins
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\wbem
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\usmt
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\spool
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\ShellExt
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\Setup
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\ras
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\oobe
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\npp
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\mui
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\inetsrv
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\IME
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\icsxml
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\ias
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\export
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\drivers
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\dhcp
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\de-de
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\de
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\config
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\3com_dmi
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\3076
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\2052
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1054
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1042
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1041
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1037
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1033
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1031
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1028
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32\1025
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system32
2010-02-12 15:47:05 ----D---- C:\WINDOWS\system
2010-02-12 15:47:05 ----D---- C:\WINDOWS\security
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Resources
2010-02-12 15:47:05 ----D---- C:\WINDOWS\repair
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Provisioning
2010-02-12 15:47:05 ----D---- C:\WINDOWS\PeerNet
2010-02-12 15:47:05 ----D---- C:\WINDOWS\pchealth
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Network Diagnostic
2010-02-12 15:47:05 ----D---- C:\WINDOWS\mui
2010-02-12 15:47:05 ----D---- C:\WINDOWS\msapps
2010-02-12 15:47:05 ----D---- C:\WINDOWS\msagent
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Media
2010-02-12 15:47:05 ----D---- C:\WINDOWS\L2Schemas
2010-02-12 15:47:05 ----D---- C:\WINDOWS\java
2010-02-12 15:47:05 ----D---- C:\WINDOWS\ime
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Help
2010-02-12 15:47:05 ----D---- C:\WINDOWS\ehome
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Driver Cache
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Debug
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Cursors
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Connection Wizard
2010-02-12 15:47:05 ----D---- C:\WINDOWS\Config
2010-02-12 15:47:05 ----D---- C:\WINDOWS\AppPatch
2010-02-12 15:47:05 ----D---- C:\WINDOWS\addins
2010-02-12 15:47:05 ----D---- C:\WINDOWS
2010-02-12 15:20:16 ----D---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Identities
2010-02-12 15:20:14 ----HD---- C:\Programme\Uninstall Information
2010-02-12 15:20:09 ----SD---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\Microsoft
2010-02-12 15:20:09 ----ASH---- C:\Dokumente und Einstellungen\Sebastian Barth\Anwendungsdaten\desktop.ini
2010-02-12 15:16:30 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-12 15:16:28 ----SD---- C:\WINDOWS\system32\Microsoft
2010-02-12 15:16:28 ----D---- C:\WINDOWS\Prefetch
2010-02-12 15:16:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-12 15:10:43 ----D---- C:\WINDOWS\system32\xircom
2010-02-12 15:10:43 ----D---- C:\Programme\xerox
2010-02-12 15:10:43 ----D---- C:\Programme\microsoft frontpage
2010-02-12 15:10:26 ----A---- C:\WINDOWS\control.ini
2010-02-12 15:10:26 ----A---- C:\AUTOEXEC.BAT
2010-02-12 15:10:16 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-12 15:10:12 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-02-12 15:09:22 ----RD---- C:\WINDOWS\Offline Web Pages
2010-02-12 15:09:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-12 15:09:21 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-12 15:09:16 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-12 15:09:12 ----HD---- C:\Programme\WindowsUpdate
2010-02-12 15:09:08 ----D---- C:\Programme\Online-Dienste
2010-02-12 15:08:53 ----D---- C:\WINDOWS\system32\DirectX
2010-02-12 15:08:48 ----A---- C:\WINDOWS\system32\atrace.dll
2010-02-12 15:08:46 ----A---- C:\WINDOWS\desktop.ini
2010-02-12 15:08:40 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-02-12 15:08:39 ----A---- C:\WINDOWS\system32\acctres.dll
2010-02-12 15:08:38 ----D---- C:\Programme\Gemeinsame Dateien\Dienste
2010-02-12 15:08:36 ----SD---- C:\WINDOWS\Tasks
2010-02-12 15:08:36 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-02-12 15:08:35 ----D---- C:\Programme\Gemeinsame Dateien\MSSoap
2010-02-12 15:08:32 ----D---- C:\WINDOWS\srchasst
2010-02-12 15:08:31 ----D---- C:\WINDOWS\system32\Macromed
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wups.dll
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-02-12 15:08:28 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-02-12 15:08:27 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-02-12 15:08:27 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-02-12 15:08:27 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-02-12 15:08:27 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-02-12 15:08:27 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-02-12 15:08:24 ----D---- C:\Programme\Movie Maker
2010-02-12 15:08:08 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-02-12 15:08:08 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-02-12 15:08:08 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-02-12 15:08:08 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-02-12 15:08:05 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-02-12 15:08:05 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-02-12 15:08:04 ----D---- C:\WINDOWS\system32\Restore
2010-02-12 15:08:04 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-02-12 15:08:04 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-02-12 15:08:04 ----A---- C:\WINDOWS\system32\srclient.dll
2010-02-12 15:08:04 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-02-12 15:08:04 ----A---- C:\WINDOWS\system32\ils.dll
2010-02-12 15:08:03 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-02-12 15:08:03 ----A---- C:\WINDOWS\system32\msconf.dll
2010-02-12 15:08:03 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-02-12 15:08:03 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-02-12 15:08:01 ----D---- C:\Programme\NetMeeting
2010-02-12 15:08:01 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-02-12 15:08:01 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-02-12 15:08:00 ----A---- C:\WINDOWS\system32\inetres.dll
2010-02-12 15:07:59 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-02-12 15:07:58 ----D---- C:\Programme\Outlook Express
2010-02-12 15:07:58 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-02-12 15:07:58 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-02-12 15:07:58 ----A---- C:\WINDOWS\system32\mstask.dll
2010-02-12 15:07:57 ----A---- C:\WINDOWS\system32\isign32.dll
2010-02-12 15:07:57 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-02-12 15:07:57 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-02-12 15:07:57 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-02-12 15:07:52 ----D---- C:\Programme\Gemeinsame Dateien\System
2010-02-12 15:07:51 ----D---- C:\Programme\Internet Explorer
2010-02-12 15:07:14 ----D---- C:\Programme\ComPlus Applications
2010-02-12 15:07:12 ----A---- C:\WINDOWS\vbaddin.ini
2010-02-12 15:07:12 ----A---- C:\WINDOWS\vb.ini
2010-02-12 15:07:07 ----D---- C:\WINDOWS\Registration
2010-02-12 15:06:59 ----D---- C:\Programme\Online Services
2010-02-12 15:06:58 ----D---- C:\Programme\Windows Media Player
2010-02-12 15:06:52 ----D---- C:\Programme\Messenger
2010-02-12 15:06:49 ----D---- C:\Programme\MSN Gaming Zone
2010-02-12 15:06:49 ----A---- C:\WINDOWS\system32\write.exe
2010-02-12 15:06:41 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-02-12 15:06:41 ----A---- C:\WINDOWS\system32\hticons.dll
2010-02-12 15:06:40 ----A---- C:\WINDOWS\system32\winchat.exe
2010-02-12 15:06:40 ----A---- C:\WINDOWS\system32\avwav.dll
2010-02-12 15:06:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-02-12 15:06:40 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-02-12 15:06:34 ----A---- C:\WINDOWS\system32\getuname.dll
2010-02-12 15:06:33 ----A---- C:\WINDOWS\system32\winmine.exe
2010-02-12 15:06:33 ----A---- C:\WINDOWS\system32\sol.exe
2010-02-12 15:06:33 ----A---- C:\WINDOWS\system32\charmap.exe
2010-02-12 15:06:33 ----A---- C:\WINDOWS\system32\calc.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\tskill.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\tscon.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\shadow.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\reset.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-02-12 15:06:32 ----A---- C:\WINDOWS\system32\freecell.exe
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\regini.exe
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\msg.exe
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\logoff.exe
2010-02-12 15:06:31 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-02-12 15:06:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-02-12 15:06:13 ----D---- C:\Programme\MSN
2010-02-12 15:06:13 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-02-12 15:06:13 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-02-12 15:06:12 ----D---- C:\Programme\Windows NT
2010-02-12 15:06:12 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-02-12 15:06:12 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-02-12 15:06:12 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-02-12 15:06:11 ----A---- C:\WINDOWS\system32\spider.exe
2010-02-12 15:06:11 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-02-12 15:06:10 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-02-12 15:06:10 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-02-12 15:06:10 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-02-12 15:06:10 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-02-12 15:06:09 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-02-12 15:06:09 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-02-12 15:06:09 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-02-12 15:06:09 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-02-12 15:06:09 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-02-12 15:06:09 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-02-12 15:06:09 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-02-12 15:06:08 ----D---- C:\WINDOWS\system32\MsDtc
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-02-12 15:06:08 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-02-12 15:06:07 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-02-12 15:06:07 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-02-12 15:06:07 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-02-12 15:06:07 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-02-12 15:06:07 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-02-12 15:06:06 ----D---- C:\WINDOWS\system32\Com
2010-02-12 15:06:06 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-02-12 15:06:06 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-02-12 15:06:06 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-02-12 15:06:06 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-02-12 15:06:06 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-02-12 15:06:06 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-02-12 15:06:06 ----A---- C:\WINDOWS\system32\colbact.dll
2010-02-12 15:06:05 ----A---- C:\WINDOWS\system32\stclient.dll
2010-02-12 15:06:05 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-02-12 15:06:05 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-02-12 15:06:05 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-02-12 15:06:05 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-02-12 15:06:04 ----A---- C:\WINDOWS\system32\comuid.dll
2010-02-12 15:06:04 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-02-12 15:06:04 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-02-12 15:06:04 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-02-12 15:05:59 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-02-12 15:05:59 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-02-12 15:05:59 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-02-12 15:05:59 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-02-12 15:00:31 ----A---- C:\WINDOWS\system32\h323log.txt
2010-02-12 14:58:08 ----A---- C:\WINDOWS\system32\tp4res.dll
2010-02-12 14:58:04 ----A---- C:\WINDOWS\system32\tp4.dll
2010-02-12 14:58:03 ----A---- C:\WINDOWS\system32\tp4mon.exe
2010-02-12 14:57:46 ----A---- C:\WINDOWS\system32\irmon.dll
2010-02-12 14:57:45 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-02-12 14:57:45 ----A---- C:\WINDOWS\system32\irftp.exe
2010-02-12 14:57:03 ----A---- C:\WINDOWS\system32\usbui.dll
2010-02-12 14:56:00 ----A---- C:\WINDOWS\imsins.BAK
2010-02-12 14:55:57 ----SHD---- C:\WINDOWS\Installer
2010-02-12 14:55:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-12 14:55:56 ----D---- C:\Programme\Gemeinsame Dateien\ODBC
2010-02-12 14:55:56 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-12 14:55:53 ----RD---- C:\Programme
2010-02-12 14:55:53 ----D---- C:\Programme\Gemeinsame Dateien\SpeechEngines
2010-02-12 14:55:53 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-02-12 14:55:53 ----D---- C:\Programme\Gemeinsame Dateien
2010-02-12 14:55:49 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-02-12 14:55:49 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-02-12 14:55:49 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-02-12 14:55:48 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-02-12 14:55:47 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-02-12 14:55:47 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-02-12 14:55:47 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-02-12 14:55:47 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-02-12 14:55:46 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-02-12 14:55:46 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-02-12 14:55:46 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-02-12 14:55:46 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-02-12 14:55:46 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-02-12 14:55:46 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-02-12 14:55:46 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-02-12 14:55:45 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-02-12 14:55:45 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-02-12 14:55:44 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-02-12 14:55:44 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-02-12 14:55:44 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-02-12 14:55:43 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-02-12 14:55:41 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-12 14:55:40 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-12 14:55:40 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-02-12 14:55:40 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-02-12 14:55:40 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-02-12 14:55:38 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-02-12 14:55:38 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-02-12 14:55:38 ----A---- C:\WINDOWS\system32\batt.dll
2010-02-12 14:55:37 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-02-12 14:55:36 ----A---- C:\WINDOWS\system32\storprop.dll
2010-02-12 14:55:29 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2010-02-12 14:55:25 ----RA---- C:\WINDOWS\SET8.tmp
2010-02-12 14:55:23 ----RA---- C:\WINDOWS\SET4.tmp
2010-02-12 14:55:22 ----RA---- C:\WINDOWS\SET3.tmp
2010-02-12 14:55:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-12 14:55:17 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-12 14:55:12 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-02-12 14:54:53 ----A---- C:\WINDOWS\setuplog.txt
2010-02-12 14:54:50 ----D---- C:\Dokumente und Einstellungen
2010-02-12 14:54:49 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2010-02-28 17:47:43 ----A---- C:\WINDOWS\system32\PROCDB.INI
2010-02-28 17:47:27 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2010-02-19 17:31:39 ----A---- C:\WINDOWS\win.ini
2010-02-12 14:55:52 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS []
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2010-01-06 4442]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-18 56816]
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PROCDD;IPS-Helper-Treiber; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2009-08-10 13952]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2009-06-18 234496]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2003-07-03 11344]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NETw5x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32-Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-09-15 5977216]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NSCIRDA;NSC-Infrarotgerätetreiber; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-12-09 50832]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2009-06-26 23080]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
S2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2009-06-22 10498688]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TwoTrack;IBM PS/2 TrackPoint-Filtertreiber; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VNUSB;VN Series Device; C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 38448]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2003-08-27 57344]
R2 DozeSvc;Lenovo Doze Mode Service; C:\Programme\ThinkPad\Utilities\DOZESVC.EXE [2010-01-06 132456]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\WiFi\bin\EvtEng.exe [2009-09-21 858384]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2003-07-03 57344]
R2 IPSSVC;IPS-Basisservice; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-02-18 153376]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Programme\lotus\notes\ntmulti.exe [2005-12-01 57393]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [2010-01-06 53248]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [2009-09-21 954368]
R2 SUService;System Update; C:\Programme\Lenovo\System Update\SUService.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2009-10-09 39976]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

DANKE

Werther

werther88 · 01.03.2010, 18:08

2.
info.txt logfile of random's system information tool 1.06 2010-03-01 18:04:43

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
AFPL Ghostscript 8.54-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
Ashampoo Burning Studio 6 FREE-->"C:\Programme\Ashampoo\Ashampoo Burning Studio 6 FREE\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Brother HL-5150D-->"C:\Programme\Brother\BRHL5150\IsUn0407.exe" -f"C:\Programme\Brother\BRHL5150\DeIsL1.isu" -cbruninst.dll
Ergänzung zu Productivity Center für ThinkPad-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x7 -AddRemove
Free WAV to MP3 Converter-->C:\Programme\Free WAV to MP3 Converter\Uninstall.exe
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
Funktion "TrackPoint-Eingabehilfen"-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Help Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x7 -AddRemove
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Network Connections Drivers-->Prounstl.exe
IZArc 4.1-->"C:\Programme\IZArc\unins000.exe"
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Lenovo ThinkVantage Toolbox-->C:\Programme\PC-Doctor\uninst.exe
Lidl-Fotos-->"C:\Programme\Lidl_Fotos\unins000.exe"
Lotus Notes 6.5.5 de-->MsiExec.exe /I{CCD378A2-71C4-4452-8A9D-D84A6FF9B766}
Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MAXQDA2007 (R190110)-->C:\Programme\MAXQDA2007\uninst.exe
Message Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x7 -AddRemove
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.8)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.1)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x7
PC Camera-168-->C:\Programme\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0007 -removeonly
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x7 -removeonly
SPSS 12.0G for Windows-->MsiExec.exe /I{72B456C6-BFF1-442e-A8F6-71B9B8FA0FD9}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Energie-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad Modem-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad TrackPoint Driver-->C:\Programme\Lenovo\TrackPoint\tp4unins.exe
ThinkPad-Konfiguration-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x7 -AddRemove
ThinkVantage Fingerprint Software-->MsiExec.exe /I{6CE851D7-DD98-489A-9227-5BBE08E7064B}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x7 -AddRemove
ThinkVantage System für aktiven Festplattenschutz-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update für Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
VLC media player 1.0.3-->C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p [2010-02-28]
O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544928.dll [2010-02-28]
O2 - BHO: flvdirect - {f4d92dd0-9d7a-c41f-2ac2-05a602621129} - C:\WINDOWS\system32\aC554QRJQ7bjGo.dll [2010-02-28]

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: SEBASTIA-4F8F5C
Event Code: 15007
Message: Die von URL-Präfix "http://*:2869/" identifizierte Namespacereservierung wurde erfolgreich hinzugefügt.

Record Number: 5
Source Name: HTTP
Time Written: 20100212150910.000000+060
Event Type: Informationen
User:

Computer Name: SEBASTIA-4F8F5C
Event Code: 3260
Message: Dieser Computer wurde erfolgreich "workgroup" hinzugefügt: "ARBEITSGRUPPE".

Record Number: 4
Source Name: Workstation
Time Written: 20100212150554.000000+060
Event Type: Informationen
User:

Computer Name: SEBASTIA-4F8F5C
Event Code: 6011
Message: Der NetBIOS-Name und DNS-Hostname dieses Computers wurden von MACHINENAME in SEBASTIA-4F8F5C geändert.

Record Number: 3
Source Name: EventLog
Time Written: 20100212150042.000000+060
Event Type: Informationen
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20100212145457.000000+060
Event Type: Informationen
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20100212145457.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: SEBASTIA-4F8F5C
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst MSDTC (MSDTC) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 5
Source Name: LoadPerf
Time Written: 20100212150702.000000+060
Event Type: Informationen
User:

Computer Name: SEBASTIA-4F8F5C
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 4
Source Name: LoadPerf
Time Written: 20100212150658.000000+060
Event Type: Informationen
User:

Computer Name: SEBASTIA-4F8F5C
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 3
Source Name: LoadPerf
Time Written: 20100212150121.000000+060
Event Type: Informationen
User:

Computer Name: SEBASTIA-4F8F5C
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst PSched (PSched) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 2
Source Name: LoadPerf
Time Written: 20100212150053.000000+060
Event Type: Informationen
User:

Computer Name: SEBASTIA-4F8F5C
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.

Record Number: 1
Source Name: LoadPerf
Time Written: 20100212150052.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\ThinkPad\Utilities;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Lenovo;C:\Programme\Intel\WiFi\bin\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TVT"=C:\Programme\Lenovo
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr

-----------------EOF-----------------

MalwareHero · 01.03.2010, 20:04

Nocheinmal:

Zitat:

und sage mir mal, woher das kommt:

Unclassified.Unknown Origin
D:\EIGENE DATEIEN -ALT\INSTALL FILES\TRANSKRIBTION\MAXQDA\KEYGEN.NFO

Diese Files bei Virus Total hochladen:

C:\WINDOWS\System32\drivers\Tppwrif.sys
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- Deinstalliere Firefox und installiere ihn erneut:
Webbrowser Firefox | Schneller, sicherer & anpassbar | Mozilla Europe

> Lade dir SD fix von hier runter: http://downloads.andymanchesta.com/R...ools/SDFix.zip

• SDFix.zip entpacken

• es erscheint folgende Meldung:
"The SDFix Folder has been extracted to %systemdrive% - Please run from that location.
(%systemdrive% = drive that contains the Windows directory
typically C:\SDFix )"

• unter C:\ findet man nun den SDFix-Ordner

• boote in den abgesicherten Modus ! (die Taste F8 drücken, während der Rechner neustartet)

• gehe in den Ordner C:\SDFix

• Die Datei "RunThis.bat" doppeltklicken

Es öffnet sich ein Fenster:

• schreibe: Y

• folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten und ein Log erstellen.

• kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag hier.

lg.

Larusso · 01.03.2010, 22:43

@ MalwareHero.

Tu dir und uns einen gefallen. Lass es sein.

@ werther88

Code:

ATTFilter

D:\EIGENE DATEIEN -ALT\INSTALL FILES\TRANSKRIBTION\MAXQDA\KEYGEN.NFO

Dateien, die crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten

Du bist entlassen.