Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Laptop im Schneckentempo - mit Logfile (https://www.trojaner-board.de/76071-laptop-schneckentempo-logfile.html)

sharcy^ 04.08.2009 17:26

Laptop im Schneckentempo - mit Logfile
 
Hallo Trojaner-Freunde,

erstmal klasse, dass es sowas hier gibt, echt spitze - vor allem fuer eher unbedarfte User wie mich :) Darum schonmal danke im Voraus an alle, die sich mit meinene Problemchen abgeben moechten.
Es dreht sich allerdings nicht um meinen Rechner, sondern um den Laptop einer Freundin.

Der Rechner laeuft seit Wochen extrem langsam, braucht auch schon ewig zum Booten. Selbst der Windows Explorer oder Firefox brauchen teils Minuten, um zu starten. Habe unnoetiges aus dem Systemstart entfernt, die alle Festplattenlaufwerke haben massig freien Speicher, und der Laptop verfuegt ueber ausreichend Ressourcen (2GHz, 3Gb Ram)
spybot s&d hat im abgesicherten Modus 11 Trojaner gefunden (juchu) und angeblich entfernt, beim zweiten Durchlauf zumindest nix mehr gefunden.
(in der Verzweiflung hab ich auch noch AdAware und TheCleaner drueberlaufen lassen, alles Erfolglos)

Auch Kaspersky und Antivir finden nichts beunruhigendes (wobei Kaspersky sich ueber die .exe Dateien von Firefox, Java und anderer 'Standardprogramme' beschwert...)


Untenan die Logfile die HiJackThis produziert hat - kann irgendwer das Raetsel loesen???


Vielen Dank schonmal im Voraus!
Olly


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:41, on 04.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\ThinkVantage\AMSG\Amsg.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Dokumente und Einstellungen\Verena\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://ollife.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=081409 serial=DR11WBL-2155585-FUG
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Programme\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programme\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://w*w.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225131915515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11625 bytes

Chris4You 04.08.2009 20:15

Hi,

was genau meldet Kaspersky?

Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html
Führe einen Systemscan durch und poste das Ergebnis!

Danach MAM, RSIT und Gmer...

Malwarebytes Antimalware (MAM).
Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Fullscan und alles bereinigen lassen! Log posten.

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.

* Lade Random's System Information Tool (RSIT) herunter http://filepony.de/download-rsit/
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Gmer:
http://www.trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html
Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris

sharcy^ 04.08.2009 20:27

sieht aus, als haette ich morgen was zu tun - danke, Chris! :)

sharcy^ 05.08.2009 13:10

Hi schon wieder,

Malwarebytes ist durchgelaufen und hat zwei Schaedlinge gefunden und dann entfernt. Hier ist das Protokoll, werde gleich die weiteren Schritte Deiner Anleitung, Chris, durchfuehren. Danke fuers checken!


Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2563
Windows 5.1.2600 Service Pack 3

05.08.2009 14:07:38
mbam-log-2009-08-05 (14-07-38).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 185182
Laufzeit: 1 hour(s), 16 minute(s), 11 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36dbc179-a19f-48f2-b16a-6a3e19b42a87} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\form.txt (Malware.Trace) -> Quarantined and deleted successfully.

sharcy^ 05.08.2009 13:20

hier ist nun TEIL1 des Logfiles, das RSIT zusammengetragen hat (Teil1 der Info.txt)

info.txt logfile of random's system information tool 1.06 2009-08-05 14:12:17

======Uninstall list======

-->C:\Programme\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->C:\Programme\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Programme\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E}
Access Help-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x7 UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Anzeige am Bildschirm-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Programme\Lenovo\HOTKEY\tphk_tp.inf
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Business Contact Manager für Outlook 2007 SP2-->"C:\Programme\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {4cb9f93c-9edc-4be9-ae61-af128ddbecfa}
Business Contact Manager für Outlook 2007 SP2-->MsiExec.exe /X{4CB9F93C-9EDC-4BE9-AE61-AF128DDBECFA}
Conexant HD Audio-->C:\Programme\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -ILvVen5a.inf
Corel Business Center-->MsiExec.exe /X{79D56DFD-D28E-4289-BED2-32A6342A305B}
Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
CorelDRAW Graphics Suite 11-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}
CorelDRAW Graphics Suite X3-->C:\Programme\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} C:\DOKUME~1\Verena\LOKALE~1\Temp\CGSX3.log
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
CyberLink YouCam-->"C:\Programme\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Programme\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
DATEV Kassenerfassung für Office V.1.23-->C:\DATEV\PROGRAMM\Kassenerfassung\DEINSTAL.EXE -FDATEV -KT0000080 -V1.0
DE-->MsiExec.exe /I{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}
Diskeeper Lite-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
Ergänzung zu Lenovo Care-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x7 -AddRemove
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Glaspreislistenviewer HOYA-->"C:\egpl-hoya\unins000.exe"
Google Earth-->MsiExec.exe /X{9509674F-3972-11DE-806D-005056806466}
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA\UIU32m.exe -U -ILVVEN5Km.inf
Help Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x7 -AddRemove
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Verena\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Integrated Camera-->C:\Programme\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 3-->"C:\Programme\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Lenovo Care-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x7 -AddRemove
Lenovo Registration-->C:\Programme\Lenovo Registration\uninstall.exe
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera-Treiber-->"C:\Programme\Gemeinsame Dateien\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Message Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x7 -AddRemove
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"c:\Programme\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.9)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{C4A230B7-518F-4224-A5A3-27F06CC57111}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Network Stumbler 0.4.0 (remove only)-->"C:\Programme\Network Stumbler\uninst.exe"
PC-Doctor 5 für Windows-->C:\Programme\PCDR5\uninst.exe
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
Präsentationsdirektor-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x7 -AddRemove
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery-->MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x7 anything
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

sharcy^ 05.08.2009 13:21

und Teil 2


Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad Energie-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Programme\Lenovo\Zoom\TpScrex.inf
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad TrackPoint Driver-->C:\WINDOWS\system32\tp4unins.exe
ThinkPad-Dienstprogramm 'EasyEject'-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x7 -AddRemove
ThinkVantage System für aktiven Festplattenschutz-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\Setup.exe" -l0x7 anything
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
Wallpapers-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x7 UNINSTALL
WebGlas local v1.00.3-->"C:\Programme\WebGlas local\unins000.exe"
Windows Live Toolbar-->"C:\Programme\Windows Live Toolbar\UnInstall.exe" {10DDCDDD-9A59-4496-9371-C17F1668D433}
Windows Live Toolbar-->MsiExec.exe /X{10DDCDDD-9A59-4496-9371-C17F1668D433}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office X3-->C:\Programme\WordPerfect Office X3\CabsDE\MSILauncher.exe {54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8} C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\WPO13.log
WordPerfect Office X3-->MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
xp-AntiSpy 3.97-3-->C:\Programme\xp-AntiSpy\Uninstall.exe

======Security center information======

AV: AntiVir Desktop
AV: Kaspersky Anti-Virus

======System event log======

Computer Name: THINKPAD-VERENA
Event Code: 7036
Message: Dienst "Gatewaydienst auf Anwendungsebene" befindet sich jetzt im Status "Ausgeführt".

Record Number: 12130
Source Name: Service Control Manager
Time Written: 20090704180859.000000+120
Event Type: Informationen
User:

Computer Name: THINKPAD-VERENA
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Gatewaydienst auf Anwendungsebene" gesendet.

Record Number: 12129
Source Name: Service Control Manager
Time Written: 20090704180859.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: THINKPAD-VERENA
Event Code: 7036
Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt".

Record Number: 12128
Source Name: Service Control Manager
Time Written: 20090704180858.000000+120
Event Type: Informationen
User:

Computer Name: THINKPAD-VERENA
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.

Record Number: 12127
Source Name: Service Control Manager
Time Written: 20090704180858.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: THINKPAD-VERENA
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet.

Record Number: 12126
Source Name: Service Control Manager
Time Written: 20090704180858.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: THINKPAD-VERENA
Event Code: 11728
Message: Produkt: Microsoft Office Professional Hybrid 2007 -- Die Konfiguration wurde erfolgreich abgeschlossen.

Record Number: 5339
Source Name: MsiInstaller
Time Written: 20090616185542.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: THINKPAD-VERENA
Event Code: 1022
Message: Produkt: Microsoft Office Professional Hybrid 2007 - Update "Update for Microsoft Office Outlook 2007 (KB969907)" wurde installiert.

Record Number: 5338
Source Name: MsiInstaller
Time Written: 20090616185542.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: THINKPAD-VERENA
Event Code: 1025
Message: Produkt: Microsoft Office Professional Hybrid 2007. Die Datei C:\Programme\Microsoft Office\Office12\OLMAPI32.DLL wird von folgendem Prozess verwendet: jqs, Kennung 1564.

Record Number: 5337
Source Name: MsiInstaller
Time Written: 20090616185517.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: THINKPAD-VERENA
Event Code: 1025
Message: Produkt: Microsoft Office Professional Hybrid 2007. Die Datei C:\Programme\Microsoft Office\Office12\OLMAPI32.DLL wird von folgendem Prozess verwendet: DkService, Kennung 1432.

Record Number: 5336
Source Name: MsiInstaller
Time Written: 20090616185517.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: THINKPAD-VERENA
Event Code: 1517
Message: Die Registrierung des Benutzers "THINKPAD-VERENA\Verena" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird.


Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden.

Record Number: 5335
Source Name: Userenv
Time Written: 20090616185353.000000+120
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Intel\Wireless\Bin\;C:\Programme\Diskeeper Corporation\Diskeeper\;C:\Programme\Gemeinsame Dateien\Lenovo;c:\Programme\Microsoft SQL Server\90\Tools\binn\;C:\DATEV\SYSTEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\
"TPCCommon"=C:\PROGRA~1\Lenovo\LENOVO~2
"TVT"=C:\Programme\Lenovo
"TVTCOMMON"=C:\Programme\Gemeinsame Dateien\Lenovo
"SWSHARE"=C:\SWSHARE
"RR"=C:\Programme\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Programme\Gemeinsame Dateien\Lenovo\Python24

-----------------EOF-----------------

sharcy^ 05.08.2009 13:23

und hier zu guter Letzt noch die log.txt scanfile - mein Respekt an den, der damit was anfangen kann :)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Verena at 2009-08-05 14:12:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 118 GB (81%) free of 146 GB
Total RAM: 3062 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:12, on 05.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\programme\lenovo\system update\suservice.exe
C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
C:\Programme\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programme\Prisma\Prisma_watchdog.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Dokumente und Einstellungen\Verena\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Verena\Desktop\Verena.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ollife.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 11\Register\registration.exe /title="CorelDRAW Graphics Suite 11" /date=081409 serial=DR11WBL-2155585-FUG
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Programme\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programme\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225131915515
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programme\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11917 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2475039010-2914711719-530577762-1008Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2475039010-2914711719-530577762-1008UA.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-02-02 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-12-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-07 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-19 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-12-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 546672]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"=C:\WINDOWS\system32\tp4serv.exe [2007-04-26 91184]
"TPHOTKEY"=C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2008-12-30 136600]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"DiskeeperSystray"=C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-05-18 196696]
"CorelDRAW Graphics Suite 11b"=C:\Programme\Corel\Corel Graphics 11\Register\registration.exe [2005-02-17 315392]
"AVP"=C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-07-21 208616]
"UCam_Menu"=C:\Programme\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2007-07-11 540672]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"LPManager"=C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2007-07-12 124256]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPFNF7"=C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-09 58416]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248]
"AMSG"=C:\Programme\ThinkVantage\AMSG\Amsg.exe [2007-02-01 419376]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-07-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-09-07 162328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-09-07 141848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Programme\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-09-07 137752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-19 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
C:\WINDOWS\system32\TpShocks.exe [2007-09-28 181544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2007-07-11 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PRISMA Augenoptik.lnk]
C:\PROGRA~1\Prisma\EINRIC~1.EXE [2008-06-16 885248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Verena^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"odserv"=3
"IBMPMSVC"=2
"helpsvc"=2
"gusvc"=3
"Browser"=2
"BITS"=2

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Programme\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Programme\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temp\prismafw\winvnc.exe"="C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temp\prismafw\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\German\setup.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Anti-Virus 2009"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

sharcy^ 05.08.2009 13:24

und Teil zwei davon auch



======List of files/folders created in the last 1 months======

2009-08-05 14:12:04 ----D---- C:\rsit
2009-08-05 12:32:04 ----D---- C:\Programme\Adobe
2009-08-05 12:30:04 ----SHD---- C:\Config.Msi
2009-08-05 12:22:22 ----D---- C:\Dokumente und Einstellungen\Verena\Anwendungsdaten\Malwarebytes
2009-08-05 12:22:12 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-08-05 12:22:12 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-08-04 19:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-04 16:58:28 ----D---- C:\Programme\Spybot - Search & Destroy
2009-08-04 16:58:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-08-04 12:52:55 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-08-03 13:18:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-03 12:59:59 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-03 12:59:52 ----D---- C:\Programme\MSBuild
2009-08-03 12:59:49 ----D---- C:\WINDOWS\system32\en-US
2009-08-03 12:59:40 ----D---- C:\Programme\Reference Assemblies
2009-08-03 12:58:41 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-03 12:58:40 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-03 12:58:40 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-03 12:58:40 ----D---- C:\239cd7b2620ac18e708caed0
2009-08-03 12:58:15 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-03 12:49:07 ----D---- C:\Programme\aida32
2009-08-03 12:10:10 ----A---- C:\WINDOWS\system32\ctfmon.exe.backup
2009-08-03 12:08:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2009-08-03 12:01:29 ----D---- C:\Programme\Avira
2009-08-03 12:01:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-08-03 11:56:35 ----D---- C:\Programme\xp-AntiSpy
2009-07-16 09:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 09:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 08:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-05 14:12:10 ----D---- C:\WINDOWS\Prefetch
2009-08-05 14:11:39 ----D---- C:\WINDOWS\Temp
2009-08-05 14:07:38 ----AD---- C:\WINDOWS\system32
2009-08-05 12:34:01 ----SHD---- C:\WINDOWS\Installer
2009-08-05 12:32:43 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-08-05 12:32:35 ----D---- C:\WINDOWS\WinSxS
2009-08-05 12:32:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-08-05 12:32:04 ----RD---- C:\Programme
2009-08-05 12:22:57 ----D---- C:\WINDOWS\system32\drivers
2009-08-05 12:18:45 ----D---- C:\Programme\Mozilla Firefox
2009-08-05 11:49:52 ----D---- C:\Dokumente und Einstellungen\Verena\Anwendungsdaten\Corel
2009-08-05 09:09:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-05 08:45:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-08-05 08:45:01 ----AD---- C:\WINDOWS
2009-08-05 08:44:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-05 08:43:30 ----A---- C:\TPHKLOCK.TXT
2009-08-04 19:06:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 19:06:34 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-04 19:06:28 ----HD---- C:\WINDOWS\inf
2009-08-04 19:06:13 ----ASHD---- C:\WINDOWS\system32\dllcache
2009-08-04 17:47:53 ----RSH---- C:\boot.ini
2009-08-04 17:47:53 ----A---- C:\WINDOWS\win.ini
2009-08-04 17:47:53 ----A---- C:\WINDOWS\system.ini
2009-08-04 16:47:45 ----D---- C:\WINDOWS\pss
2009-08-04 16:00:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-04 15:57:43 ----RSD---- C:\WINDOWS\assembly
2009-08-04 15:57:26 ----D---- C:\Programme\OpenOffice.org 3
2009-08-04 15:39:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-03 12:59:47 ----RSD---- C:\WINDOWS\Fonts
2009-08-03 12:59:20 ----D---- C:\WINDOWS\system32\spool
2009-08-03 12:49:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-08-03 12:43:46 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-08-03 12:42:28 ----D---- C:\Programme\Microsoft Works
2009-08-03 12:14:08 ----D---- C:\Dokumente und Einstellungen\Verena\Anwendungsdaten\Skype
2009-08-03 12:11:18 ----SD---- C:\WINDOWS\Tasks
2009-08-03 12:10:02 ----D---- C:\Programme\Messenger
2009-08-03 11:49:59 ----D---- C:\Dokumente und Einstellungen\Verena\Anwendungsdaten\skypePM
2009-08-02 11:00:14 ----D---- C:\SWSHARE
2009-07-30 03:10:56 ----D---- C:\Programme\Internet Explorer
2009-07-30 03:01:34 ----A---- C:\WINDOWS\imsins.BAK
2009-07-30 03:01:22 ----D---- C:\WINDOWS\system32\de-de
2009-07-30 03:01:09 ----D---- C:\WINDOWS\ie7updates
2009-07-29 15:47:51 ----D---- C:\Dokumente und Einstellungen\Verena\Anwendungsdaten\Move Networks
2009-07-29 06:30:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-19 15:25:34 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 15:25:30 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-08 14:02:48 ----D---- C:\Programme\PCDR5
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-06 226832]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-09-05 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-04-09 12848]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-20 21393]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-03-29 12416]
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2008-09-20 33536]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAudN.sys [2007-04-27 666112]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-03-25 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-03-25 210688]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-09 5765056]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-05-22 21376]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-04-26 22832]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2007-07-11 17792]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-03-25 731136]
S1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-18 322432]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TwoTrack;IBM PS/2 TrackPoint-Filtertreiber; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AVP;Kaspersky Anti-Virus; C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-07-21 208616]
R2 BcmSqlStartupSvc;SQL Server-Startdienst für Business Contact Manager; C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 btwdins;Bluetooth Service; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 Diskeeper;Diskeeper; C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-23 622700]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168]
R2 IviRegMgr;IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-30 152984]
R2 LVPrcSrv;Process Monitor; c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2007-04-16 983040]
R2 SimpTcp;Einfache TCP/IP-Dienste; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SQLBrowser;SQL Server-Browser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 SUService;System Update; c:\programme\lenovo\system update\suservice.exe [2007-06-07 13312]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [2007-08-03 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-09-28 37424]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe [2007-07-11 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe [2007-07-11 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [2007-07-11 1126400]
R2 tvtnetwk;tvtnetwk; C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-07-11 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 LVSrvLauncher;LVSrvLauncher; C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMConnectCDS;Windows Media Connect-Dienst; C:\Programme\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
S4 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 182768]
S4 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

-----------------EOF-----------------

Chris4You 05.08.2009 13:55

Hi,

habe mich mal durch die Unmengen an Treibern gewühlt, Du solltest da mal aufräumen... Auch die Google-Updatejobs sind nicht notwendig...
SQl-Server etc.....

Dann hast Du zwei Guards (Avira und Kaspersky) parallel laufen, die stören sich gegenseitig, einen runterwerfen...

Aufgefallen ist mir nichts, auch MAM meldet nur einen Trace, d.h. die eigentlichen Files sind wohl schon gelöscht...

Bitte noch das Log von Gmer posten...

Hast Du neue SW kürzlich installiert...?

Was hat Kaspersky bei Firefox, java etc. gemeldet? Einen Fileinfector?

Chris

sharcy^ 05.08.2009 14:23

Hi Chris,

danke fuer die Antwort.

Habe versucht, GMER laufen zu lassen, aber es stürzt entweder selbst ab dabei oder nimmt gleich das ganze System mit (buescreen)

Kaspersky war zuerst drauf, ich habe nur gestern Antivir draufgemacht und durchlaufen lassen, um noch 'eine zweite Meinung' zu haben. Antivir hab ich nun runter geworfen.

Neu installiert wurde laut meiner Freundin (deren Laptop es ist) nichts...
und in der Software habe ich schon etwas gewütet und einiges deinstalliert, das sah davor noch viel schlimmer aus...werd aber auf Dein Anraten nun noch weiter machen und dann versuchen, GMER im abgesicherten Modus laufen zu lassen. Dann melde ich mich wieder.

Vielen Dank!
Olly

Chris4You 05.08.2009 14:29

Hi,

weist Du noch was Kaspersky bei Firefox gemeldet hat?
Sonst lade die Firefox-EXE mal hoch (virustotal.com) und poste das gesamte Ergebnis...

Alternativ statt GMER geht auch Avira-Antirootkit oder Sophos-Antirootkit,
wobei mit GMER lieber wäre...

Recht gute Ergebnisse bringt auch PrevX...
http://www.prevx.com/freescan.asp
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

Avira-Antirootkit
Downloade Avira Antirootkit und Scanne dein system, poste das logfile.
http://dl.antivir.de/down/windows/antivir_rootkit.zip

Sophos Antirootkit:
Downloade Sophos Antirookit und Scanne Dein gesamtes System, poste das Logfile.
Benutzeranleitung (english): http://www.sophos.de/sophos/docs/eng/manuals/sar_15_umeng.pdf
http://www.chip.de/downloads/Sophos-Anti-Rootkit_21584106.html
Mit Registrierung von der Herstellerpage: http://www.sophos.de/products/free-tools/sophos-anti-rootkit.html

chris

sharcy^ 05.08.2009 14:34

das meint Kaspersky zu Firefox

http://www.viruslist.com/de/advisories/35914

mache jetzt weiter mit Deinen Tips - thx

Chris4You 05.08.2009 14:39

Hi,

das ist von der Schwachstellenanalyse, ihr solltet auf den aktuellsten Firefox updaten (3.5.2).
Das gleiche wahrscheinlich dann bei JAVA...

Eventuell solltet Ihr auch mal die Festplatte prüfen, das geht allerdings eine ganze Weile...

Festplatte prüfen (XP):
Arbeitsplatz-Datenträger mit Rechts Anklicken->Eigenschaften->Extras->Jetzt Prüfen: Beide Kästchen anklicken das dort ein Haken erscheint -> dann OK. Falls eine Fehlermeldung kommt , diese mit Ja bestätigen und alle Fenster schliessen. Neustart Durchführen, der Datenträger wird dann beim Neustart überprüft (das kann sehr lange gehen)...

chris

sharcy^ 05.08.2009 16:23

Hi,

hab das mit den Schwachstellen dann auch gecheckt und Firefox und Java auf den neuesten Stand gebracht.

GMER laeuft weiterhin nicht und auch die Festplattenpruefung nicht...'Volume kann fuer den direkten Zugriff nicht geöffnet werden'...

PrevX hat zwei Probs gefunden, das Avira Toolkit allerdings nichts.

Hier nun, was Sophos alles gefunden hat:



Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 05.08.2009 at 16:13:19
User "Verena" on computer "THINKPAD-VERENA"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Error: Could not start the helper process - unable to complete scan.
Please restart and try again.
Unzulässige Funktion.
Stopped logging on 05.08.2009 at 16:17:50


Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 05.08.2009 at 16:35:01
User "Verena" on computer "THINKPAD-VERENA"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\RRbackups\common\usersids.dat
Hidden: file C:\RRbackups\common\tvtcmn.dat
Hidden: file C:\RRbackups\common\hints.dat
Hidden: file C:\RRbackups\common\regcerts.dat
Hidden: file C:\RRbackups\common\system.dat
Hidden: file C:\RRbackups\common\seccache.dat
Hidden: file C:\RRbackups\common\secpolicy.dat
Hidden: file C:\RRbackups\common\backups.dat
Hidden: file C:\RRbackups\common\settings.dat
Hidden: file C:\RRbackups\common\mnd.dat
Hidden: file C:\RRbackups\common\css.dat
Hidden: file C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST
Hidden: file C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2706652704-1808101796-3574698601-500\e4658b19-42bb-47cd-8ff9-4cc75bde525e
Hidden: file C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2706652704-1808101796-3574698601-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2884109300-975055538-1317598307-500\277e2f41-3911-4df4-b4c5-90a0903aea8a
Hidden: file C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2884109300-975055538-1317598307-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST
Hidden: file C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2706652704-1808101796-3574698601-500\e4658b19-42bb-47cd-8ff9-4cc75bde525e
Hidden: file C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2706652704-1808101796-3574698601-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2884109300-975055538-1317598307-500\277e2f41-3911-4df4-b4c5-90a0903aea8a
Hidden: file C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2884109300-975055538-1317598307-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\CREDHIST
Hidden: file C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\0877b19a-ce53-434b-a98e-e394890156d1
Hidden: file C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\5a268ec6-fefe-4a5e-bd3f-a662c223e67b
Hidden: file C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\b71a4e8a-cc16-40ea-9a14-036ceee72f94
Hidden: file C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\CREDHIST
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2475039010-2914711719-530577762-1008\103cd7fc-c43d-41db-aeda-d3acd64f8e0b
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2475039010-2914711719-530577762-1008\1c64c2ce-b556-4ab6-89f8-140b7d550879
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2475039010-2914711719-530577762-1008\9d3a95be-44b3-444b-ac34-5f78c7a5f1e4
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2475039010-2914711719-530577762-1008\d0924c0a-5634-46d4-8a32-34f989252f01
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2475039010-2914711719-530577762-1008\d58f0663-bc67-4f7b-a09f-69bd2d397d23
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2475039010-2914711719-530577762-1008\d9cc2a0e-9ca7-4a17-9bbc-eb8f87ddec56
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2475039010-2914711719-530577762-1008\Preferred
Hidden: file C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3732135377-2272962450-2100202965-500\a437e69e-57a7-4943-b181-4dcb7e29c5a9
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2706652704-1808101796-3574698601-500\e4658b19-42bb-47cd-8ff9-4cc75bde525e
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2706652704-1808101796-3574698601-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Lenovo\Client Security Solution\encobject.dat
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Lenovo\Client Security Solution\hibernation.dat
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2475039010-2914711719-530577762-1008\6b29ae44e85efac3c72ff4d1865d73f1_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2475039010-2914711719-530577762-1008\83aa4cc77f591dfc2374580bbd95f6ba_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2475039010-2914711719-530577762-1008\882bfe8e2e1a57f81cb2197db182ea9f_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-2475039010-2914711719-530577762-1008\8f71098770f72c7a67cd8f1151619865_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2884109300-975055538-1317598307-500\277e2f41-3911-4df4-b4c5-90a0903aea8a
Hidden: file C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\Preferred
Hidden: file C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\9921d43dc7a746715c0c2d40741ccd3c_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3732135377-2272962450-2100202965-500\a437e69e-57a7-4943-b181-4dcb7e29c5a9
Hidden: file C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3732135377-2272962450-2100202965-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-2884109300-975055538-1317598307-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3732135377-2272962450-2100202965-500\a437e69e-57a7-4943-b181-4dcb7e29c5a9
Hidden: file C:\RRbackups\Documents and Settings\Verena\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3732135377-2272962450-2100202965-500\Preferred
Hidden: file C:\SWTOOLS\APPS\networkmagic\IT\NmSetup.exe
Hidden: file C:\SWTOOLS\APPS\networkmagic\SP\NmSetup.exe
Hidden: file C:\SWTOOLS\APPS\networkmagic\US\NmSetup.exe
Hidden: file C:\SWTOOLS\DRIVERS\TPBTooth\Win32\Lang\1041\btrez.dll
Hidden: file C:\Config.Msi\12d28e.rbf
Hidden: file C:\Config.Msi\12d28f.rbf
Hidden: file C:\Config.Msi\12d290.rbf
Hidden: file C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP221\A0041518.exe
Hidden: file C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3732135377-2272962450-2100202965-500\Preferred
Hidden: file C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\PreloadInstall.ini
Hidden: file C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_590de400-21b7-4237-a928-2f55cf4b832e
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DIO6UMKL\6.8-2749934.4-2749910.2-2749912.3-2749918.2-2749916.2-2749914.2-2749922.2-3022396.1-2749920.3-4400358.3-4815818.15-4807214.23-6740156.5-2749988.13[1].js
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I5YKRGM5\68x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=w&pa=25&pp=D__71093&pn=3B&bd=0&s i=6A17xCnwUx8NE8loETC_036[1]
Hidden: file C:\RRbackups\common\restore.log
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\DIO6UMKL\ectangle&adsize=310x120&params[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_first_time&tile=9037414703700795012345678910ab
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Anwendungsdaten\Google\Picasa2\update\LifescapeUpdater\setup.exe
Hidden: file C:\RRbackups\common\SAM
Hidden: file C:\RRbackups\common\rr.log
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NWQXO9UA\68x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=w&pa=25&pp=D__71093&pn=3B&bd=0&s i=6A17xCnwUx8NE8loETC_036[1]
Hidden: file C:\Programme\Microsoft Office\Office12\1031\OUTLLIBR.DLL
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I5YKRGM5\est;sz=120x600,160x600,200x600;tile=2;trgt1=;trgt2=0;trgt3=25;trgt4=71093;trgt5=0;trgt6=0;trgt7=3;trgt8=0;chn3=1;chn9=1;chn 10=1;ord=9720395408081436[1]
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0DFDP2HE\est;sz=120x600,160x600,200x600;tile=2;trgt1=;trgt2=0;trgt3=25;trgt4=71093;trgt5=0;trgt6=0;trgt7=3;trgt8=0;chn3=1;chn9=1;chn 10=1;ord=4655155589604626[1]
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0DFDP2HE\=rectangle&adsize=310x120&params[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_repeated&tile=002931472376048238601234567891
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I5YKRGM5\415,300x600,400x400,450x300,600x400,640x480;tile=1;trgt1=;trgt2=0;trgt3=28;trgt4=71101;trgt5=0;trgt6=0;trgt7=0;trgt8=0;dcop t=ist;ord=713971132659697[1]
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I5YKRGM5\=rectangle&adsize=310x120&params[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_repeated&tile=7544495829374942012345678910ab
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0DFDP2HE\68x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=w&pa=25&pp=D__71093&pn=3B&bd=0&s i=ghAcqQzLTnF6RWgAI0H_020[1]
Hidden: file C:\RRbackups\SIS\C\0\~TOCFile
Hidden: file C:\RRbackups\common\tvtns.bin
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NWQXO9UA\68x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=w&pa=25&pp=D__71093&pn=3B&bd=0&s i=1HmQCSriiASjs_X5CDr_035[2]
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NWQXO9UA\=rectangle&adsize=310x120&params[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_repeated&tile=41455407302168456012345678910a
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\I5YKRGM5\68x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=w&pa=25&pp=D__71093&pn=3B&bd=0&s i=ghAcqQzLTnF6RWgAI0H_020[1]
Hidden: file C:\WINDOWS\$NtServicePackUninstall$\wdmaud.sys
Hidden: file C:\RRbackups\SIS\C\0\~HashFile
Hidden: file C:\RRbackups\C\0\~TOCFile
Hidden: file C:\RRbackups\C\0\~EFSFile
Hidden: file C:\RRbackups\C\0\~HashFile
Hidden: file C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP221\A0041513.rbf
Hidden: file C:\Programme\HomeCinema\YouCam\LTCLR13n.dll
Hidden: file C:\Dokumente und Einstellungen\Verena\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mariokart.com\settings.sol
Hidden: file C:\Dokumente und Einstellungen\Verena\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3B7SG6JH\.0%7C788[1].1%7C1503454%7C0%7C170%7CADTECH;alias=sport-fussball-bundesliga_hamburger_sv-story-rectangle;loc=100;target=_blank;grp=420;misc=1237874111218
Hidden: file C:\RRbackups\C\0\TOCFile
Hidden: file C:\RRbackups\C\0\EFSFile
Hidden: file C:\RRbackups\C\0\HashFile
Hidden: file C:\RRbackups\C\0\Info
Hidden: file C:\RRbackups\C\0\Data0
Hidden: file C:\RRbackups\C\0\Data1
Hidden: file C:\RRbackups\C\0\Data2
Hidden: file C:\RRbackups\C\0\Data3
Hidden: file C:\RRbackups\C\0\Data4
Hidden: file C:\RRbackups\common\bt0.dat
Hidden: file C:\RRbackups\C\0\Data5
Hidden: file C:\RRbackups\C\0\Data6
Hidden: file C:\RRbackups\C\0\Data7
Hidden: file C:\RRbackups\C\0\Data8
Hidden: file C:\RRbackups\C\0\Data9
Hidden: file C:\RRbackups\C\0\Data10
Hidden: file C:\RRbackups\C\0\Data11
Hidden: file C:\RRbackups\C\0\Data12
Hidden: file C:\RRbackups\C\0\Data13
Hidden: file C:\RRbackups\C\0\Data14
Hidden: file C:\RRbackups\C\0\Data15
Hidden: file C:\RRbackups\C\0\Data16
Hidden: file C:\RRbackups\C\0\Data17
Hidden: file C:\RRbackups\C\0\Data18
Hidden: file C:\RRbackups\C\0\Data19
Hidden: file C:\RRbackups\C\0\Data20
Hidden: file C:\RRbackups\C\0\Data21
Hidden: file C:\RRbackups\C\0\Data22
Hidden: file C:\RRbackups\C\0\Data23
Hidden: file C:\RRbackups\C\0\Data24
Hidden: file C:\RRbackups\C\0\Data25
Hidden: file C:\RRbackups\C\0\Data26
Hidden: file C:\RRbackups\C\0\Data27
Hidden: file C:\RRbackups\C\0\Data34
Hidden: file C:\RRbackups\C\0\Data28
Hidden: file C:\RRbackups\C\0\Data29
Hidden: file C:\RRbackups\C\0\Data30
Hidden: file C:\RRbackups\C\0\Data31
Hidden: file C:\RRbackups\C\0\Data32
Hidden: file C:\RRbackups\C\0\Data33
Hidden: file C:\RRbackups\C\0\Data35
Hidden: file C:\RRbackups\C\0\Data36
Hidden: file C:\RRbackups\C\0\Data37
Hidden: file C:\RRbackups\C\0\Data38
Hidden: file C:\RRbackups\C\0\Data39
Hidden: file C:\RRbackups\C\0\Data40
Hidden: file C:\RRbackups\C\0\Data41
Hidden: file C:\RRbackups\C\0\Data42
Hidden: file C:\RRbackups\C\0\Data43
Hidden: file C:\RRbackups\C\0\Data44
Hidden: file C:\RRbackups\C\0\Data45
Hidden: file C:\RRbackups\C\0\Data46
Hidden: file C:\RRbackups\C\0\Data47
Hidden: file C:\RRbackups\C\0\Data48
Hidden: file C:\RRbackups\C\0\Data49
Hidden: file C:\RRbackups\C\0\Data50
Hidden: file C:\RRbackups\C\0\Data51
Hidden: file C:\RRbackups\C\0\Data52
Hidden: file C:\RRbackups\C\0\Data53
Hidden: file C:\RRbackups\C\0\Data54
Hidden: file C:\RRbackups\C\0\Data55
Hidden: file C:\RRbackups\C\0\Data56
Hidden: file C:\RRbackups\C\0\Data57
Hidden: file C:\RRbackups\C\0\Data58
Hidden: file C:\RRbackups\C\0\Data59
Hidden: file C:\RRbackups\C\0\Data60
Hidden: file C:\RRbackups\C\0\Data61
Hidden: file C:\RRbackups\C\0\Data62
Hidden: file C:\RRbackups\C\0\Data63
Hidden: file C:\RRbackups\C\0\Data64
Hidden: file C:\RRbackups\C\0\Data65
Hidden: file C:\RRbackups\C\0\Data66
Hidden: file C:\RRbackups\C\0\Data67
Hidden: file C:\RRbackups\C\0\Data68
Hidden: file C:\RRbackups\C\0\Data69
Hidden: file C:\RRbackups\C\0\Data70
Hidden: file C:\RRbackups\C\0\Data71
Hidden: file C:\RRbackups\C\0\Data72
Hidden: file C:\RRbackups\C\0\Data73
Hidden: file C:\RRbackups\C\0\Data74
Hidden: file C:\RRbackups\C\0\Data75
Hidden: file C:\RRbackups\C\0\Data96
Hidden: file C:\RRbackups\C\0\Data76
Hidden: file C:\RRbackups\C\0\Data77
Hidden: file C:\RRbackups\C\0\Data78
Hidden: file C:\RRbackups\C\0\Data79
Hidden: file C:\RRbackups\C\0\Data80
Hidden: file C:\RRbackups\C\0\Data81
Hidden: file C:\RRbackups\C\0\Data82
Hidden: file C:\RRbackups\C\0\Data83
Hidden: file C:\RRbackups\C\0\Data84
Hidden: file C:\RRbackups\C\0\Data85
Hidden: file C:\RRbackups\C\0\Data86
Hidden: file C:\RRbackups\C\0\Data87
Hidden: file C:\RRbackups\C\0\Data88
Hidden: file C:\RRbackups\C\0\Data89
Hidden: file C:\RRbackups\C\0\Data90
Hidden: file C:\RRbackups\C\0\Data91
Hidden: file C:\RRbackups\C\0\Data92
Hidden: file C:\RRbackups\C\0\Data93
Hidden: file C:\RRbackups\C\0\Data94
Hidden: file C:\RRbackups\C\0\Data95
Hidden: file C:\RRbackups\C\0\Data97
Hidden: file C:\RRbackups\C\0\Data98
Hidden: file C:\RRbackups\C\0\Data99
Hidden: file C:\RRbackups\C\0\Data100
Hidden: file C:\RRbackups\C\0\Data101
Hidden: file C:\RRbackups\C\0\Data102
Hidden: file C:\RRbackups\C\0\Data103
Hidden: file C:\RRbackups\C\0\Data104
Hidden: file C:\RRbackups\C\0\Data105
Hidden: file C:\RRbackups\C\0\Data106
Hidden: file C:\RRbackups\C\0\Data107
Hidden: file C:\RRbackups\C\0\Data108
Hidden: file C:\RRbackups\C\0\Data109
Hidden: file C:\RRbackups\C\0\Data110
Hidden: file C:\RRbackups\C\0\Data111
Hidden: file C:\RRbackups\C\0\Data112
Hidden: file C:\RRbackups\C\0\Data113
Hidden: file C:\RRbackups\C\0\Data114
Hidden: file C:\RRbackups\C\0\Data115
Hidden: file C:\RRbackups\C\0\Data116
Hidden: file C:\RRbackups\C\0\Data124
Hidden: file C:\RRbackups\C\0\Data117
Hidden: file C:\RRbackups\C\0\Data118
Hidden: file C:\RRbackups\C\0\Data119
Hidden: file C:\RRbackups\C\0\Data120
Hidden: file C:\RRbackups\C\0\Data121
Hidden: file C:\RRbackups\C\0\Data122
Hidden: file C:\RRbackups\C\0\Data123
Hidden: file C:\RRbackups\C\0\Data125
Hidden: file C:\RRbackups\C\0\Data126
Hidden: file C:\RRbackups\C\0\Data127
Hidden: file C:\RRbackups\C\0\Data128
Hidden: file C:\RRbackups\C\0\Data129
Hidden: file C:\RRbackups\C\0\Data130
Hidden: file C:\RRbackups\C\0\Data131
Hidden: file C:\RRbackups\C\0\Data132
Hidden: file C:\RRbackups\C\0\Data133
Hidden: file C:\RRbackups\C\0\Data134
Hidden: file C:\RRbackups\C\0\Data137
Hidden: file C:\RRbackups\C\0\Data135
Hidden: file C:\RRbackups\C\0\Data136
Hidden: file C:\RRbackups\C\0\Data138
Hidden: file C:\RRbackups\C\0\Data139
Hidden: file C:\RRbackups\C\0\Data140
Hidden: file C:\RRbackups\C\0\Data141
Hidden: file C:\RRbackups\C\0\Data142
Hidden: file C:\RRbackups\C\0\Data143
Hidden: file C:\RRbackups\C\0\Data144
Hidden: file C:\RRbackups\C\0\Data145
Hidden: file C:\RRbackups\C\0\Data146
Hidden: file C:\RRbackups\C\0\Data147
Hidden: file C:\RRbackups\C\0\Data148
Hidden: file C:\RRbackups\C\0\Data149
Hidden: file C:\RRbackups\C\0\Data150
Hidden: file C:\RRbackups\C\0\Data151
Hidden: file C:\RRbackups\C\0\Data152
Hidden: file C:\RRbackups\C\0\Data153
Hidden: file C:\RRbackups\C\0\Data154
Hidden: file C:\RRbackups\C\0\Data155
Hidden: file C:\RRbackups\C\0\Data156
Hidden: file C:\RRbackups\C\0\Data157
Hidden: file C:\RRbackups\C\0\Data158
Hidden: file C:\RRbackups\C\0\Data159
Hidden: file C:\RRbackups\C\0\Data160
Hidden: file C:\RRbackups\C\0\Data161
Hidden: file C:\RRbackups\C\0\Data162
Hidden: file C:\RRbackups\C\0\Data163
Hidden: file C:\RRbackups\C\0\Data164
Hidden: file C:\RRbackups\C\0\Data165
Hidden: file C:\RRbackups\C\0\Data166
Hidden: file C:\RRbackups\C\0\Data167
Hidden: file C:\RRbackups\C\0\Data168
Hidden: file C:\RRbackups\C\0\Data169
Hidden: file C:\RRbackups\C\0\Data170
Hidden: file C:\RRbackups\C\0\Data171
Hidden: file C:\RRbackups\C\0\Data172
Hidden: file C:\RRbackups\C\0\Data173
Hidden: file C:\RRbackups\C\0\Data174
Hidden: file C:\RRbackups\C\0\Data175
Hidden: file C:\RRbackups\C\0\Data176
Hidden: file C:\RRbackups\C\0\Data177
Hidden: file C:\RRbackups\C\0\Data178
Hidden: file C:\RRbackups\C\0\Data179
Hidden: file C:\RRbackups\SIS\C\0\TOCFile
Hidden: file C:\RRbackups\SIS\C\0\HashFile
Hidden: file C:\RRbackups\SIS\C\0\Data274

sharcy^ 05.08.2009 16:28

und Teil 2


Hidden: file C:\RRbackups\SIS\C\0\Data1
Hidden: file C:\RRbackups\SIS\C\0\Data2
Hidden: file C:\RRbackups\SIS\C\0\Data3
Hidden: file C:\RRbackups\SIS\C\0\Data4
Hidden: file C:\RRbackups\SIS\C\0\Data5
Hidden: file C:\RRbackups\SIS\C\0\Data6
Hidden: file C:\RRbackups\SIS\C\0\Data7
Hidden: file C:\RRbackups\SIS\C\0\Data8
Hidden: file C:\RRbackups\SIS\C\0\Data9
Hidden: file C:\RRbackups\SIS\C\0\Data10
Hidden: file C:\RRbackups\SIS\C\0\Data11
Hidden: file C:\RRbackups\SIS\C\0\Data12
Hidden: file C:\RRbackups\SIS\C\0\Data13
Hidden: file C:\RRbackups\SIS\C\0\Data14
Hidden: file C:\RRbackups\SIS\C\0\Data15
Hidden: file C:\RRbackups\SIS\C\0\Data16
Hidden: file C:\RRbackups\SIS\C\0\Data17
Hidden: file C:\RRbackups\SIS\C\0\Data18
Hidden: file C:\RRbackups\SIS\C\0\Data19
Hidden: file C:\RRbackups\SIS\C\0\Data20
Hidden: file C:\RRbackups\SIS\C\0\Data21
Hidden: file C:\RRbackups\SIS\C\0\Data22
Hidden: file C:\RRbackups\SIS\C\0\Data23
Hidden: file C:\RRbackups\SIS\C\0\Data24
Hidden: file C:\RRbackups\SIS\C\0\Data25
Hidden: file C:\RRbackups\SIS\C\0\Data26
Hidden: file C:\RRbackups\SIS\C\0\Data27
Hidden: file C:\RRbackups\SIS\C\0\Data28
Hidden: file C:\RRbackups\SIS\C\0\Data29
Hidden: file C:\RRbackups\SIS\C\0\Data30
Hidden: file C:\RRbackups\SIS\C\0\Data31
Hidden: file C:\RRbackups\SIS\C\0\Data32
Hidden: file C:\RRbackups\SIS\C\0\Data33
Hidden: file C:\RRbackups\SIS\C\0\Data34
Hidden: file C:\RRbackups\SIS\C\0\Data35
Hidden: file C:\RRbackups\SIS\C\0\Data36
Hidden: file C:\RRbackups\SIS\C\0\Data37
Hidden: file C:\RRbackups\SIS\C\0\Data38
Hidden: file C:\RRbackups\SIS\C\0\Data39
Hidden: file C:\RRbackups\SIS\C\0\Data40
Hidden: file C:\RRbackups\SIS\C\0\Data41
Hidden: file C:\RRbackups\SIS\C\0\Data42
Hidden: file C:\RRbackups\SIS\C\0\Data43
Hidden: file C:\RRbackups\SIS\C\0\Data44
Hidden: file C:\RRbackups\SIS\C\0\Data45
Hidden: file C:\RRbackups\SIS\C\0\Data46
Hidden: file C:\RRbackups\SIS\C\0\Data47
Hidden: file C:\RRbackups\SIS\C\0\Data48
Hidden: file C:\RRbackups\SIS\C\0\Data49
Hidden: file C:\RRbackups\SIS\C\0\Data50
Hidden: file C:\RRbackups\SIS\C\0\Data51
Hidden: file C:\RRbackups\SIS\C\0\Data52
Hidden: file C:\RRbackups\SIS\C\0\Data53
Hidden: file C:\RRbackups\SIS\C\0\Data54
Hidden: file C:\RRbackups\SIS\C\0\Data55
Hidden: file C:\RRbackups\SIS\C\0\Data56
Hidden: file C:\RRbackups\SIS\C\0\Data57
Hidden: file C:\RRbackups\SIS\C\0\Data58
Hidden: file C:\RRbackups\SIS\C\0\Data59
Hidden: file C:\RRbackups\SIS\C\0\Data60
Hidden: file C:\RRbackups\SIS\C\0\Data61
Hidden: file C:\RRbackups\SIS\C\0\Data62
Hidden: file C:\RRbackups\SIS\C\0\Data63
Hidden: file C:\RRbackups\SIS\C\0\Data64
Hidden: file C:\RRbackups\SIS\C\0\Data65
Hidden: file C:\RRbackups\SIS\C\0\Data66
Hidden: file C:\RRbackups\SIS\C\0\Data67
Hidden: file C:\RRbackups\SIS\C\0\Data68
Hidden: file C:\RRbackups\SIS\C\0\Data69
Hidden: file C:\RRbackups\SIS\C\0\Data70
Hidden: file C:\RRbackups\SIS\C\0\Data71
Hidden: file C:\RRbackups\SIS\C\0\Data72
Hidden: file C:\RRbackups\SIS\C\0\Data73
Hidden: file C:\RRbackups\SIS\C\0\Data74
Hidden: file C:\RRbackups\SIS\C\0\Data75
Hidden: file C:\RRbackups\SIS\C\0\Data76
Hidden: file C:\RRbackups\SIS\C\0\Data77
Hidden: file C:\RRbackups\SIS\C\0\Data78
Hidden: file C:\RRbackups\SIS\C\0\Data79
Hidden: file C:\RRbackups\SIS\C\0\Data80
Hidden: file C:\RRbackups\SIS\C\0\Data81
Hidden: file C:\RRbackups\SIS\C\0\Data82
Hidden: file C:\RRbackups\SIS\C\0\Data83
Hidden: file C:\RRbackups\SIS\C\0\Data84
Hidden: file C:\RRbackups\SIS\C\0\Data85
Hidden: file C:\RRbackups\SIS\C\0\Data86
Hidden: file C:\RRbackups\SIS\C\0\Data87
Hidden: file C:\RRbackups\SIS\C\0\Data88
Hidden: file C:\RRbackups\SIS\C\0\Data89
Hidden: file C:\RRbackups\SIS\C\0\Data90
Hidden: file C:\RRbackups\SIS\C\0\Data91
Hidden: file C:\RRbackups\SIS\C\0\Data92
Hidden: file C:\RRbackups\SIS\C\0\Data93
Hidden: file C:\RRbackups\SIS\C\0\Data94
Hidden: file C:\RRbackups\SIS\C\0\Data95
Hidden: file C:\RRbackups\SIS\C\0\Data96
Hidden: file C:\RRbackups\SIS\C\0\Data97
Hidden: file C:\RRbackups\SIS\C\0\Data98
Hidden: file C:\RRbackups\SIS\C\0\Data99
Hidden: file C:\RRbackups\SIS\C\0\Data100
Hidden: file C:\RRbackups\SIS\C\0\Data101
Hidden: file C:\RRbackups\SIS\C\0\Data102
Hidden: file C:\RRbackups\SIS\C\0\Data103
Hidden: file C:\RRbackups\SIS\C\0\Data104
Hidden: file C:\RRbackups\SIS\C\0\Data105
Hidden: file C:\RRbackups\SIS\C\0\Data106
Hidden: file C:\RRbackups\SIS\C\0\Data107
Hidden: file C:\RRbackups\SIS\C\0\Data108
Hidden: file C:\RRbackups\SIS\C\0\Data109
Hidden: file C:\RRbackups\SIS\C\0\Data110
Hidden: file C:\RRbackups\SIS\C\0\Data111
Hidden: file C:\RRbackups\SIS\C\0\Data112
Hidden: file C:\RRbackups\SIS\C\0\Data113
Hidden: file C:\RRbackups\SIS\C\0\Data114
Hidden: file C:\RRbackups\SIS\C\0\Data115
Hidden: file C:\RRbackups\SIS\C\0\Data116
Hidden: file C:\RRbackups\SIS\C\0\Data117
Hidden: file C:\RRbackups\SIS\C\0\Data118
Hidden: file C:\RRbackups\SIS\C\0\Data119
Hidden: file C:\RRbackups\SIS\C\0\Data120
Hidden: file C:\RRbackups\SIS\C\0\Data121
Hidden: file C:\RRbackups\SIS\C\0\Data122
Hidden: file C:\RRbackups\SIS\C\0\Data123
Hidden: file C:\RRbackups\SIS\C\0\Data124
Hidden: file C:\RRbackups\SIS\C\0\Data125
Hidden: file C:\RRbackups\SIS\C\0\Data126
Hidden: file C:\RRbackups\SIS\C\0\Data127
Hidden: file C:\RRbackups\SIS\C\0\Data128
Hidden: file C:\RRbackups\SIS\C\0\Data129
Hidden: file C:\RRbackups\SIS\C\0\Data130
Hidden: file C:\RRbackups\SIS\C\0\Data131
Hidden: file C:\RRbackups\SIS\C\0\Data132
Hidden: file C:\RRbackups\SIS\C\0\Data133
Hidden: file C:\RRbackups\SIS\C\0\Data134
Hidden: file C:\RRbackups\SIS\C\0\Data135
Hidden: file C:\RRbackups\SIS\C\0\Data136
Hidden: file C:\RRbackups\SIS\C\0\Data137
Hidden: file C:\RRbackups\SIS\C\0\Data138
Hidden: file C:\RRbackups\SIS\C\0\Data139
Hidden: file C:\RRbackups\SIS\C\0\Data140
Hidden: file C:\RRbackups\SIS\C\0\Data141
Hidden: file C:\RRbackups\SIS\C\0\Data142
Hidden: file C:\RRbackups\SIS\C\0\Data143
Hidden: file C:\RRbackups\SIS\C\0\Data144
Hidden: file C:\RRbackups\SIS\C\0\Data145
Hidden: file C:\RRbackups\SIS\C\0\Data146
Hidden: file C:\RRbackups\SIS\C\0\Data147
Hidden: file C:\RRbackups\SIS\C\0\Data148
Hidden: file C:\RRbackups\SIS\C\0\Data149
Hidden: file C:\RRbackups\SIS\C\0\Data150
Hidden: file C:\RRbackups\SIS\C\0\Data151
Hidden: file C:\RRbackups\SIS\C\0\Data152
Hidden: file C:\RRbackups\SIS\C\0\Data153
Hidden: file C:\RRbackups\SIS\C\0\Data154
Hidden: file C:\RRbackups\SIS\C\0\Data155
Hidden: file C:\RRbackups\SIS\C\0\Data156
Hidden: file C:\RRbackups\SIS\C\0\Data157
Hidden: file C:\RRbackups\SIS\C\0\Data158
Hidden: file C:\RRbackups\SIS\C\0\Data159
Hidden: file C:\RRbackups\SIS\C\0\Data160
Hidden: file C:\RRbackups\SIS\C\0\Data161
Hidden: file C:\RRbackups\SIS\C\0\Data162
Hidden: file C:\RRbackups\SIS\C\0\Data163
Hidden: file C:\RRbackups\SIS\C\0\Data164
Hidden: file C:\RRbackups\SIS\C\0\Data165
Hidden: file C:\RRbackups\SIS\C\0\Data166
Hidden: file C:\RRbackups\SIS\C\0\Data167
Hidden: file C:\RRbackups\SIS\C\0\Data168
Hidden: file C:\RRbackups\SIS\C\0\Data169
Hidden: file C:\RRbackups\SIS\C\0\Data170
Hidden: file C:\RRbackups\SIS\C\0\Data171
Hidden: file C:\RRbackups\SIS\C\0\Data172
Hidden: file C:\RRbackups\SIS\C\0\Data173
Hidden: file C:\RRbackups\SIS\C\0\Data174
Hidden: file C:\RRbackups\SIS\C\0\Data175
Hidden: file C:\RRbackups\SIS\C\0\Data176
Hidden: file C:\RRbackups\SIS\C\0\Data177
Hidden: file C:\RRbackups\SIS\C\0\Data178
Hidden: file C:\RRbackups\SIS\C\0\Data179
Hidden: file C:\RRbackups\SIS\C\0\Data180
Hidden: file C:\RRbackups\SIS\C\0\Data181
Hidden: file C:\RRbackups\SIS\C\0\Data182
Hidden: file C:\RRbackups\SIS\C\0\Data183
Hidden: file C:\RRbackups\SIS\C\0\Data184
Hidden: file C:\RRbackups\SIS\C\0\Data185
Hidden: file C:\RRbackups\SIS\C\0\Data186
Hidden: file C:\RRbackups\SIS\C\0\Data187
Hidden: file C:\RRbackups\SIS\C\0\Data188
Hidden: file C:\RRbackups\SIS\C\0\Data189
Hidden: file C:\RRbackups\SIS\C\0\Data190
Hidden: file C:\RRbackups\SIS\C\0\Data191
Hidden: file C:\RRbackups\SIS\C\0\Data192
Hidden: file C:\RRbackups\SIS\C\0\Data193
Hidden: file C:\RRbackups\SIS\C\0\Data194
Hidden: file C:\RRbackups\SIS\C\0\Data195
Hidden: file C:\RRbackups\SIS\C\0\Data196
Hidden: file C:\RRbackups\SIS\C\0\Data197
Hidden: file C:\RRbackups\SIS\C\0\Data198
Hidden: file C:\RRbackups\SIS\C\0\Data199
Hidden: file C:\RRbackups\SIS\C\0\Data200
Hidden: file C:\RRbackups\SIS\C\0\Data201
Hidden: file C:\RRbackups\SIS\C\0\Data202
Hidden: file C:\RRbackups\SIS\C\0\Data203
Hidden: file C:\RRbackups\SIS\C\0\Data204
Hidden: file C:\RRbackups\SIS\C\0\Data205
Hidden: file C:\RRbackups\SIS\C\0\Data206
Hidden: file C:\RRbackups\SIS\C\0\Data207
Hidden: file C:\RRbackups\SIS\C\0\Data208
Hidden: file C:\RRbackups\SIS\C\0\Data209
Hidden: file C:\RRbackups\SIS\C\0\Data210
Hidden: file C:\RRbackups\SIS\C\0\Data211
Hidden: file C:\RRbackups\SIS\C\0\Data212
Hidden: file C:\RRbackups\SIS\C\0\Data213
Hidden: file C:\RRbackups\SIS\C\0\Data214
Hidden: file C:\RRbackups\SIS\C\0\Data215
Hidden: file C:\RRbackups\SIS\C\0\Data216
Hidden: file C:\RRbackups\SIS\C\0\Data217
Hidden: file C:\RRbackups\SIS\C\0\Data218
Hidden: file C:\RRbackups\SIS\C\0\Data219
Hidden: file C:\RRbackups\SIS\C\0\Data220
Hidden: file C:\RRbackups\SIS\C\0\Data221
Hidden: file C:\RRbackups\SIS\C\0\Data222
Hidden: file C:\RRbackups\SIS\C\0\Data223
Hidden: file C:\RRbackups\SIS\C\0\Data224
Hidden: file C:\RRbackups\SIS\C\0\Data225
Hidden: file C:\RRbackups\SIS\C\0\Data226
Hidden: file C:\RRbackups\SIS\C\0\Data227
Hidden: file C:\RRbackups\SIS\C\0\Data228
Hidden: file C:\RRbackups\SIS\C\0\Data229
Hidden: file C:\RRbackups\SIS\C\0\Data230
Hidden: file C:\RRbackups\SIS\C\0\Data231
Hidden: file C:\RRbackups\SIS\C\0\Data232
Hidden: file C:\RRbackups\SIS\C\0\Data233
Hidden: file C:\RRbackups\SIS\C\0\Data234
Hidden: file C:\RRbackups\SIS\C\0\Data235
Hidden: file C:\RRbackups\SIS\C\0\Data236
Hidden: file C:\RRbackups\SIS\C\0\Data237
Hidden: file C:\RRbackups\SIS\C\0\Data238
Hidden: file C:\RRbackups\SIS\C\0\Data239
Hidden: file C:\RRbackups\SIS\C\0\Data240
Hidden: file C:\RRbackups\SIS\C\0\Data241
Hidden: file C:\RRbackups\SIS\C\0\Data242
Hidden: file C:\RRbackups\SIS\C\0\Data243
Hidden: file C:\RRbackups\SIS\C\0\Data244
Hidden: file C:\RRbackups\SIS\C\0\Data245
Hidden: file C:\RRbackups\SIS\C\0\Data246
Hidden: file C:\RRbackups\SIS\C\0\Data247
Hidden: file C:\RRbackups\SIS\C\0\Data248
Hidden: file C:\RRbackups\SIS\C\0\Data249
Hidden: file C:\RRbackups\SIS\C\0\Data250
Hidden: file C:\RRbackups\SIS\C\0\Data251
Hidden: file C:\RRbackups\SIS\C\0\Data252
Hidden: file C:\RRbackups\SIS\C\0\Data253
Hidden: file C:\RRbackups\SIS\C\0\Data254
Hidden: file C:\RRbackups\SIS\C\0\Data255
Stopped logging on 05.08.2009 at 17:15:37


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132