| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.07.2010, 08:22
| #1 |
 |  TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen Hallo zusammen, hab ein kleines Problem, die oben angegebene Datei läßt sich nicht entfernen. Die Datei ist nach dem booten immer wieder da. Ich hoffe das ich alle nötigen Log-Dateien angehängt habe. Vielen Dank schon im Voraus Gruß, Sascha Hier die Log-Datei von Malwarebytes : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 19.07.2010 08:53:37 mbam-log-2010-07-19 (08-53-37).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152751 Laufzeit: 7 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\system32\drivers\cyitlzra.sys (Backdoor.IEbooot) -> No action taken. -------------------------------------------------------------------------- RSIT-Info: info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-07-19 08:55:38
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACT! by Sage Premium 2008 (10.0)-->C:\Programme\InstallShield Installation Information\{0580A7ED-75C0-44EA-B90F-2C566C79B8E4}\setup.exe -runfromtemp -l0x0407
ActLook-->C:\WINDOWS\ActLook Uninstaller.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Avira AntiVir Premium-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AVM FRITZ!Fernzugang-->MsiExec.exe /X{37C19C2D-9BB3-4CB0-A83C-26213C73C0BD}
Baphomets Fluch - Der schlafende Drache-->C:\WINDOWS\unvise32.exe C:\Programme\THQ\Baphomets Fluch - Der schlafende Drache\uninstal.log
Brother MFL-Pro Suite MFC-490CW-->"C:\Programme\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe" -runfromtemp -l0x0007 UNINSTALL Reg=BH9_C2 -removeonly
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
COMODO Internet Security-->C:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe -u
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Decker Maschinenelemente-->MsiExec.exe /I{24D18C8F-7C7C-4620-9A8E-71145762A2A0}
Dell Sicherungs- und Wiederherstellungs-Manager-->MsiExec.exe /I{842EFEDE-6700-4CC8-802A-444C7F927021}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Programme\DellTPad\Uninstap.exe ADDREMOVE
Dienstprogramm für Dell Wireless WLAN Karte-->"C:\Programme\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Programme\Dell\Dell Wireless WLAN Card"
DWGeditor-->MsiExec.exe /X{56DCD20A-E558-4396-AF59-14D15AA737BB}
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
FLV Player 2.0 (build 25)-->C:\Programme\FLV Player\uninst.exe
Free YouTube Download 2.4-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
FreePDF (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
FTP-Watchdog-->MsiExec.exe /X{52C97E71-DC72-4BFC-8F27-3DD60228FBAF}
GameShadow-->MsiExec.exe /I{D98C9637-93DA-44DB-B73A-B11A1192AB26}
GIMP 2.6.8-->"C:\Programme\GIMP-2.0\setup\unins000.exe"
Google Earth Plug-in-->MsiExec.exe /X{75AE638F-750A-11DF-96D5-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.70-->C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.70\uninstal.txt"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HPP-21-->C:\Programme\Hitecrcd\HPP-21\Uninstall.exe
IsoBuster 1.5-->"C:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->"C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 3.8-->"C:\WINDOWS\ISUN0407.EXE" -f"C:\Programme\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Programme\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office Access 2003 Runtime-->MsiExec.exe /I{901C0407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Project MUI (German) 2007-->MsiExec.exe /X{90120000-00B4-0407-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (ACT7)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"C:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-Abwärtskompatibilität-->MsiExec.exe /I{741D603B-85BB-4077-A779-4FCBAAF3AA3E}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Microsoft XML Parser and SDK-->MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
Mozilla Firefox (3.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ger.exe
Nokia PC Suite-->MsiExec.exe /I{19DC9559-9C20-4A46-A67D-7ECBA52A2788}
Nokia Software Updater-->MsiExec.exe /X{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}
NSS (remove only)-->C:\Programme\NSS\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PC Connectivity Solution-->MsiExec.exe /I{7397EDED-F38A-4654-B669-BF61065803D0}
PDF-XChange 3-->"C:\Programme\Tracker Software\PDF-XChange 3\unins000.exe"
PhotoView 360-->MsiExec.exe /I{736D2DAD-3D87-4CAA-8646-83D238AD68E0}
PowerDVD DX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x7 -cluninstall
PrintKey2000-->C:\WINDOWS\unin0407.exe -fC:\Programme\PrintKey2000\DeIsL1.isu -cC:\Programme\PrintKey2000\_ISREG32.DLL
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Rigs of Rods 0.36.2-->C:\Programme\Rigs of Rods 0.36.2\uninst.exe
Sage Office Line-->MsiExec.exe /I{23637147-34AA-4C9C-A1D1-58B6419A3767}
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Task Manager 1.7h-->C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Silent Hunter III-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7} /l1031
SimCity 4 Deluxe-->C:\Programme\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
USB2.0 Card Reader Software-->"C:\Programme\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0007 -removeonly
Voice Tracer-->C:\Programme\InstallShield Installation Information\{B7908330-93A8-4DB1-B6EE-6B0446E26939}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation DE Language Pack-->MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}
Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Security center information======
AV: AntiVir Desktop
FW: COMODO Firewall
======System event log======
Computer Name: LAPTOP_SG
Event Code: 4201
Message: Netzwerkadapter "Dell...1397 WLAN Mini-Card - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.
Record Number: 45087
Source Name: Tcpip
Time Written: 20100710002402.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 7036
Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Beendet".
Record Number: 45086
Source Name: Service Control Manager
Time Written: 20100710002341.000000+120
Event Type: Informationen
User:
Record Number: 45085
Source Name: Service Control Manager
Time Written: 20100710002337.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 7036
Message: Dienst "FLEXnet Licensing Service" befindet sich jetzt im Status "Ausgeführt".
Record Number: 45084
Source Name: Service Control Manager
Time Written: 20100710002041.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "FLEXnet Licensing Service" gesendet.
Record Number: 45083
Source Name: Service Control Manager
Time Written: 20100710002041.000000+120
Event Type: Informationen
User: LAPTOP_SG\Sascha
=====Application event log=====
Computer Name: LAPTOP_SG
Event Code: 17164
Message: Detected 2 CPUs. This is an informational message; no user action is required.
Record Number: 50183
Source Name: MSSQL$ACT7
Time Written: 20100709145049.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17162
Message: SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
Record Number: 50182
Source Name: MSSQL$ACT7
Time Written: 20100709145049.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17110
Message: Registry startup parameters:
Record Number: 50181
Source Name: MSSQL$ACT7
Time Written: 20100709145048.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17176
Message: This instance of SQL Server last reported using a process ID of 168 at 09.07.2010 14:49:19 (local) 09.07.2010 12:49:19 (UTC). This is an informational message only; no user action is required.
Record Number: 50180
Source Name: MSSQL$ACT7
Time Written: 20100709145048.000000+120
Event Type: Informationen
User:
Computer Name: LAPTOP_SG
Event Code: 17111
Message: Logging SQL Server messages in file 'C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'.
Record Number: 50179
Source Name: MSSQL$ACT7
Time Written: 20100709145048.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programme\PC Connectivity Solution;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared;C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared;C:\Programme\Microsoft SQL Server\90\Tools\binn;C:\Programme\Microsoft SQL Server\80\Tools\Binn
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
-------------------------------------------------------------------------- RSIT-Log: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Sascha at 2010-07-19 08:54:57 Microsoft Windows XP Professional Service Pack 3 System drive C: has 85 GB (55%) free of 153 GB Total RAM: 3067 MB (75% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:55:35, on 19.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\drivers\audio\r211990\stacsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Programme\FRITZ!Fernzugang\certsrv.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\FRITZ!Fernzugang\nwtsrv.exe C:\WINDOWS\system32\DRIVERS\o2flash.exe c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe C:\Programme\Dell Support Center\bin\sprtsvc.exe C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\Avira\AntiVir Desktop\avmailc.exe C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Programme\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe C:\Programme\FreePDF_XP\fpassist.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programme\ScanSoft\PaperPort\pptd40nt.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe C:\Programme\Brother\Brmfcmon\BrMfcmon.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE C:\Programme\FRITZ!Fernzugang\avmike.exe C:\02 Privat\loadz\Viren\RSIT.exe C:\Programme\trend micro\Sascha.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://ftpuser@gerlach-iv.dyndns.org/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe" O4 - HKLM\..\Run: [Act! Preloader] "C:\Programme\ACT\Act for Windows\ActSage.exe" -preload O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Status Monitor.lnk = C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Webseite zu ACT! Kontakt hinzufügen - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Webseite zu ACT! Kontakt hinzufügen... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA5E288-A303-4E63-AFC1-272D6FE97CDD}: NameServer = 192.168.3.111 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Programme\ACT\Act for Windows\Act.Scheduler.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: AVM FRITZ!Fernzugang IKE Service (avmike) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\avmike.exe O23 - Service: AVM FRITZ!Fernzugang Cert Service (certsrv) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\certsrv.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdateInstaller - Sage Software - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: AVM FRITZ!Fernzugang Client (nwtsrv) - AVM Berlin - C:\Programme\FRITZ!Fernzugang\nwtsrv.exe O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe O23 - Service: Sage Registrierungsdienst (Registry) - Sage Software - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Programme\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r211990\stacsv.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11682 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}] Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"=C:\Programme\IDT\WDM\sttray.exe [2009-02-23 483420] "AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-23 729088] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-22 13590528] "nwiz"=nwiz.exe /installquiet [] "NVHotkey"=nvHotkey.dll,Start [] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-12-12 2220032] "Act.Outlook.Service"=C:\Programme\ACT\Act for Windows\Act.Outlook.Service.exe [2008-08-14 20480] "Act! Preloader"=C:\Programme\ACT\Act for Windows\ActSage.exe [2008-06-25 393216] "FreePDF Assistant"=C:\Programme\FreePDF_XP\fpassist.exe [2009-08-06 381440] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824] "ControlCenter3"=C:\Programme\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit [] "IndexSearch"=C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368] "PaperPort PTD"=C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-07-08 282792] "COMODO Internet Security"=C:\Programme\COMODO\COMODO Internet Security\cfp.exe [2010-07-14 1800464] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "PC Suite Tray"=C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoRecentDocsNetHood"=1 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Programme\ACT\Act for Windows\ActSage.exe"="C:\Programme\ACT\Act for Windows\ActSage.exe:*:Enabled:ACT! by Sage" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-07-19 08:55:08 ----D---- C:\Programme\trend micro 2010-07-19 08:54:57 ----D---- C:\rsit 2010-07-19 08:54:43 ----A---- C:\WINDOWS\system32\drivers\tolmeqn.sys 2010-07-19 08:41:48 ----D---- C:\Programme\CCleaner 2010-07-16 13:02:24 ----SHD---- C:\Config.Msi 2010-07-16 10:27:19 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-07-16 10:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-07-16 10:25:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-16 10:25:34 ----A---- C:\WINDOWS\system32\MRT.INI 2010-07-16 10:21:24 ----D---- C:\WINDOWS\system32\MpEngineStore 2010-07-16 10:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-07-16 10:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-07-16 10:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-07-16 10:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-07-16 10:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$ 2010-07-15 22:05:22 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Help 2010-07-15 21:58:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-07-15 21:58:17 ----D---- C:\Programme\Security Task Manager 2010-07-14 13:56:22 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\guard32.dll 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\drivers\inspect.sys 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\drivers\cmdhlp.sys 2010-07-14 13:56:19 ----A---- C:\WINDOWS\system32\drivers\cmdguard.sys 2010-07-14 11:29:49 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Malwarebytes 2010-07-14 11:29:39 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-07-14 11:29:37 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-07-14 11:29:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-07-14 11:29:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-07-14 10:48:40 ----ASH---- C:\hiberfil.sys 2010-07-14 10:44:36 ----SD---- C:\CoFi 2010-07-09 13:02:11 ----D---- C:\WINDOWS\temp 2010-07-09 12:19:47 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Google 2010-07-08 18:12:55 ----SHD---- C:\RECYCLER 2010-07-08 18:01:08 ----A---- C:\Boot.bak 2010-07-08 18:00:57 ----RASHD---- C:\cmdcons 2010-07-08 17:57:54 ----A---- C:\WINDOWS\MBR.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\zip.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\SWSC.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\SWREG.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\sed.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\PEV.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\NIRCMD.exe 2010-07-08 17:57:53 ----A---- C:\WINDOWS\grep.exe 2010-07-08 17:57:44 ----D---- C:\WINDOWS\ERDNT 2010-07-08 17:56:21 ----D---- C:\Qoobox 2010-07-08 13:03:50 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Avira 2010-07-08 12:57:25 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-07-08 12:57:22 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-07-08 12:57:22 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-07-08 12:57:22 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-07-08 11:39:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software 2010-07-06 16:40:00 ----D---- C:\Programme\Google 2010-07-05 16:53:20 ----D---- C:\Programme\SotS Gold Demo 2010-06-28 13:57:14 ----D---- C:\Programme\Spybot - Search & Destroy 2010-06-28 13:57:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-06-28 13:42:13 ----A---- C:\WINDOWS\system32\drivers\cyitlzra.sys 2010-06-28 13:39:49 ----A---- C:\WINDOWS\system32\drivers\lbrtfdc.sys 2010-06-28 13:38:13 ----A---- C:\WINDOWS\system32\drivers\changer.sys ======List of files/folders modified in the last 1 months====== 2010-07-19 08:55:08 ----RD---- C:\Programme 2010-07-19 08:55:04 ----D---- C:\WINDOWS\Prefetch 2010-07-19 08:54:43 ----D---- C:\WINDOWS\system32\drivers 2010-07-19 08:54:43 ----D---- C:\WINDOWS\Debug 2010-07-19 08:44:26 ----D---- C:\WINDOWS\Minidump 2010-07-19 08:44:26 ----AD---- C:\WINDOWS 2010-07-19 08:33:17 ----D---- C:\Programme\Mozilla Firefox 2010-07-19 07:32:16 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-19 07:31:36 ----D---- C:\WINDOWS\ime 2010-07-18 02:51:22 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-07-18 00:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-07-16 16:43:06 ----SHD---- C:\System Volume Information 2010-07-16 16:40:57 ----D---- C:\WINDOWS\system32\NtmsData 2010-07-16 13:26:34 ----D---- C:\WINDOWS\Registration 2010-07-16 13:24:36 ----D---- C:\WINDOWS\Microsoft.NET 2010-07-16 13:24:13 ----RSD---- C:\WINDOWS\assembly 2010-07-16 13:04:25 ----SHD---- C:\WINDOWS\Installer 2010-07-16 13:04:12 ----AD---- C:\WINDOWS\system32 2010-07-16 13:03:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-07-16 13:03:19 ----D---- C:\WINDOWS\WinSxS 2010-07-16 10:27:24 ----HD---- C:\WINDOWS\inf 2010-07-16 10:27:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-16 10:27:09 ----HD---- C:\WINDOWS\$hf_mig$ 2010-07-16 09:06:45 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\gtk-2.0 2010-07-16 07:21:01 ----A---- C:\WINDOWS\cfplogvw.INI 2010-07-14 13:56:10 ----D---- C:\Programme\COMODO 2010-07-14 13:44:22 ----RASH---- C:\boot.ini 2010-07-14 13:44:22 ----A---- C:\WINDOWS\win.ini 2010-07-14 13:44:22 ----A---- C:\WINDOWS\system.ini 2010-07-14 13:17:08 ----D---- C:\WINDOWS\addins 2010-07-14 11:09:08 ----A---- C:\WINDOWS\wininit.ini 2010-07-13 15:54:06 ----D---- C:\temp 2010-07-13 14:51:33 ----D---- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\SolidWorks 2010-07-13 13:20:07 ----D---- C:\Programme\FreePDF_XP 2010-07-09 13:01:00 ----D---- C:\WINDOWS\AppPatch 2010-07-09 13:00:59 ----D---- C:\Programme\Gemeinsame Dateien 2010-07-08 18:07:14 ----D---- C:\WINDOWS\system32\drivers\etc 2010-07-08 13:57:33 ----D---- C:\WINDOWS\repair 2010-07-08 13:51:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-07-08 12:54:33 ----D---- C:\Programme\Panzerkrieg_&_Blitzkrieg_RT 2010-07-07 13:52:25 ----D---- C:\02 Privat 2010-07-06 16:40:04 ----SD---- C:\WINDOWS\Tasks 2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576] R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2009-01-19 328728] R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-07-14 87104] R0 ohci1394;OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696] R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656] R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-07-08 124784] R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-07-14 132808] R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-07-14 25160] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848] R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-02-23 112512] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-04-01 196144] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-12-12 1287552] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-22 6163552] R3 NWIM;AVM VPN Miniport; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [2008-10-02 337200] R3 O2MDGRDR;O2MDGRDR; C:\WINDOWS\system32\DRIVERS\o2mdg.sys [2009-01-21 51616] R3 O2SDGRDR;O2SDGRDR; C:\WINDOWS\system32\DRIVERS\o2sdg.sys [2009-01-21 41760] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-02-03 120064] R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-02-23 1548339] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008] S0 vixtfcml;vixtfcml; C:\WINDOWS\System32\drivers\tolmeqn.sys [2010-07-19 54016] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] S3 catchme;catchme; \??\C:\DOKUME~1\Sascha\LOKALE~1\Temp\catchme.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-12-30 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [] S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys [] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Programme\Avira\AntiVir Desktop\avmailc.exe [2010-07-08 337064] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-07-08 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-07-08 267432] R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-07-08 405672] R2 avmike;AVM FRITZ!Fernzugang IKE Service; C:\Programme\FRITZ!Fernzugang\avmike.exe [2008-10-02 267568] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 certsrv;AVM FRITZ!Fernzugang Cert Service; C:\Programme\FRITZ!Fernzugang\certsrv.exe [2008-10-02 132400] R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [2010-07-14 723632] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 LiveUpdateInstaller;LiveUpdateInstaller; C:\Programme\Gemeinsame Dateien\Sage KHK Shared\LiveUpdate\LiveUpdateInstaller.exe [2006-04-19 659456] R2 MSSQL$ACT7;SQL Server (ACT7); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-22 168004] R2 nwtsrv;AVM FRITZ!Fernzugang Client; C:\Programme\FRITZ!Fernzugang\nwtsrv.exe [2008-10-02 161072] R2 O2FLASH;O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [2009-01-21 72224] R2 PSI_SVC_2;Protexis Licensing V2; c:\programme\gemeinsame dateien\protexis\license service\psiservice_2.exe [2007-04-12 178752] R2 Registry;Sage Registrierungsdienst; C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Registry.exe [2007-04-16 94208] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Programme\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968] R2 SQLBrowser;SQL Server Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 STacSV;Audio Service; c:\drivers\audio\r211990\stacsv.exe [2009-02-23 249938] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-17 604416] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-12-12 24064] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800] S2 ACT! Scheduler;ACT! Scheduler; C:\Programme\ACT\Act for Windows\Act.Scheduler.exe [2008-06-25 65536] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2010-07-06 136176] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-10-15 87336] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-18 867080] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-11-18 79360] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-17 360704] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
| Themen zu TR/Crypt.ZPACK.Gen (cyitlzra.sys) läßt sich nicht entfernen |
| .com, antivir, antivir guard, avgntflt.sys, bho, booten, desktop, diagnostics, drvstore, entfernen, excel, firefox, flash player, fontcache, gupdate, hijack, hijackthis, hkus\s-1-5-18, hotfix.exe, iastor.sys, installation, logfile, msiexec.exe, mssql, problem, realtek, registry, rundll, security update, server, software, starten, studio, system, tracker, updates, viren, visual studio, windows xp |
Baum-Darstellung