Trojaner-Board - Your Computer is infected

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Your Computer is infected (https://www.trojaner-board.de/74999-your-computer-is-infected.html)

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Na dann mach ich das doch mal :)

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\internat.exe" not found!
Deletion of file "C:\WINDOWS\internat.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Nochmal Avenger:

Code:

Registry keys to delete:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat]

das selbe Spiel wie eben ;)

Zitat:

Zitat von Angel21 (Beitrag 447501)

Nochmal Avenger:

Code:

Registry keys to delete:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat]

das selbe Spiel wie eben ;)

*lach*

soooo..hier das Ergebnis, aber irgendwie hat der wohl nix gemacht..so wirklich jedenfalls..naja, ich habsch eh keine Ahnung davon *grinsel*

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Mon Jul 13 20:59:36 2009

20:59:30: Error: Invalid registry syntax in command:
"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat]"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry key deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

Sorry mein Fehler :( nimms mir bitte nicht übel *schnieeef* fettes SORRY!

Nochmal:
diesmal:

Code:

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat

*doppellach* höhö..ich nehm Dir doch nix übel..schließlich hilfste mir *lächel*

dieses Mal hat er was gemacht :)

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Zitat:

Zitat von Angel21 (Beitrag 447506)

Sorry mein Fehler :( nimms mir bitte nicht übel *schnieeef* fettes SORRY!

Nochmal:
diesmal:

Code:

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat

Rüschtüsch, so solls auch sein :)

Start >> ausführen >> notepad (hineinschreiben)
Kopiere nun folgenden Text komplett ind das leere Textdokument

Code:

@ echo off

cd \

rd /s /q ComboFix

rd /s /q Qoobox

del combofix.txt

del Windows\pev.exe

del "%userprofile%\desktop\cf.bat"

Datei >> Speichern unter >>
Dateiname: cf.bat (hineinschreiben)
DateiTyp : Alle Dateien (auswählen)
Speichere die cf.bat auf den Desktop
Doppelklick auf die .bat
(die .bat sollte danach weg sein)

Is ja auch very lieb von Disch :)

Soo, hab ich erledigt..was liegt nu an?? Bin ganz Ohr...achne..ganz Auge *grinsel*
Das Ding, was ich eben speichern sollte, ist jedenfalls nich mehr aufm Desktop zu sehen.

Zitat:

Zitat von Angel21 (Beitrag 447513)

Rüschtüsch, so solls auch sein :)

Start >> ausführen >> notepad (hineinschreiben)
Kopiere nun folgenden Text komplett ind das leere Textdokument

Code:

@ echo off

cd \

rd /s /q ComboFix

rd /s /q Qoobox

del combofix.txt

del Windows\pev.exe

del "%userprofile%\desktop\cf.bat"

Poste ein neues RSIT Logfile - danach lässt du nochmal Malwarebytes durchgehen und postest ein Log.

Zitat:

Zitat von Angel21 (Beitrag 447517)

Poste ein neues RSIT Logfile - danach lässt du nochmal Malwarebytes durchgehen und postest ein Log.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Manuela at 2009-07-13 21:35:05
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 49 GB (67%) free of 74 GB
Total RAM: 447 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:14, on 13.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Prevx\prevx.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Prevx\prevx.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Dokumente und Einstellungen\Manuela\Desktop\rsit.exe
C:\Dokumente und Einstellungen\Manuela\Desktop\Manuela.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Orbitdownloader\orbitcth.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbuA7\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Buyertools - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\BuyertoolsReminder\IEButtonBuyertoolsInterface.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Programme\CyberLink\PowerBackup\PBKScheduler.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [AVMFBoxMonitor] "C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Orbit.lnk = C:\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\BuyertoolsReminder\ReminderIE.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hyrican.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131082271875
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by134fd.bay134.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A7B4DC9-B06D-4960-814A-E08CC27158F3}: NameServer = 192.168.122.252,192.168.122.253
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Norton Internet Security\comHost.exe
O23 - Service: CSIScanner - Prevx - C:\Programme\Prevx\prevx.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10162 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Manuela.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Orbitdownloader\orbitcth.dll [2008-07-21 126152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Programme\ICQToolbar\tbuA7\toolbaru.dll [2006-10-10 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-03-26 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C7A8947-5935-4430-AC0E-E7D04697414E}]
Buyertools - C:\BuyertoolsReminder\IEButtonBuyertoolsInterface.dll [2007-03-09 681984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-23 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - C:\Programme\Hotspot_Shield\tbHot0.dll [2009-06-02 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Orbitdownloader\GrabPro.dll [2008-07-21 433272]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Programme\Hotspot_Shield\tbHot0.dll [2009-06-02 2094616]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Programme\VIAudioi\SBADeck\ADeck.exe [2005-04-08 512000]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2006-02-02 163840]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"=C:\Programme\CyberLink\PowerBackup\PBKScheduler.exe [2005-04-07 69728]
"Ulead AutoDetector"=C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-19 45056]
"AVMFBoxMonitor"=C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe [2007-05-08 1482752]
"ccApp"=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2006-03-28 53408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-09 68856]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE
Orbit.lnk - C:\Orbitdownloader\orbitdm.exe

C:\Dokumente und Einstellungen\Manuela\Startmenü\Programme\Autostart
FRITZ!DSL Internet.lnk - C:\Programme\FRITZ!DSL\FritzDsl.exe
FRITZ!DSL Protect.lnk - C:\Programme\FRITZ!DSL\FwebProt.exe
FRITZ!DSL Startcenter.lnk - C:\Programme\FRITZ!DSL\StCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE"="C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe"
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE"="C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Orbitdownloader\orbitdm.exe"="C:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Orbitdownloader\orbitnet.exe"="C:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\concept design\onlineTV 3\onlineTV.exe"="C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE"="C:\PROGRA~1\GEMEIN~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent"
"C:\PROGRA~1\GEMEIN~1\MICROW~1\eScanRAD\ESCANRAD.EXE"="C:\PROGRA~1\GEMEIN~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool"

2. Teil vom log kommt gleich

======List of files/folders created in the last 1 months======

2009-07-13 21:17:07 ----A---- C:\avenger.txt
2009-07-13 20:43:48 ----D---- C:\Avenger
2009-07-13 19:35:25 ----D---- C:\rsit
2009-07-09 23:30:03 ----D---- C:\Dokumente und Einstellungen\Manuela\Anwendungsdaten\DonationCoder
2009-07-09 22:45:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder
2009-07-09 22:45:43 ----D---- C:\ScreenshotCaptor
2009-07-09 21:58:05 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-07-09 21:51:14 ----D---- C:\Programme\Prevx
2009-07-09 21:46:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PrevxCSI
2009-07-09 21:46:59 ----A---- C:\WINDOWS\wininit.ini
2009-07-09 21:18:07 ----SHD---- C:\RECYCLER
2009-07-09 19:31:51 ----D---- C:\WINDOWS\temp
2009-07-09 01:02:18 ----A---- C:\Boot.bak
2009-07-09 01:02:13 ----RASHD---- C:\cmdcons
2009-07-09 00:05:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-08 23:30:28 ----D---- C:\WINDOWS\ERDNT
2009-07-08 23:00:32 ----D---- C:\CCleaner
2009-07-08 22:59:48 ----A---- C:\ccsetup221.exe
2009-07-08 20:40:15 ----D---- C:\SmitfraudFix
2009-07-08 19:57:22 ----D---- C:\Dokumente und Einstellungen\Manuela\Anwendungsdaten\Malwarebytes
2009-07-08 19:57:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-08 19:57:02 ----D---- C:\Malwarebytes' Anti-Malware
2009-07-08 19:55:25 ----A---- C:\mbam-setup.exe
2009-07-08 18:21:36 ----D---- C:\PUB
2009-07-08 18:15:09 ----A---- C:\WINDOWS\system32\T.COM
2009-07-08 18:15:08 ----A---- C:\WINDOWS\R.COM
2009-07-08 18:14:04 ----D---- C:\Programme\Gemeinsame Dateien\MicroWorld
2009-07-08 18:13:06 ----A---- C:\WINDOWS\killproc.exe
2009-07-08 18:12:51 ----A---- C:\WINDOWS\system32\mwnsp.dll
2009-07-08 18:12:51 ----A---- C:\WINDOWS\system32\contfilt.dll
2009-07-08 18:12:48 ----A---- C:\WINDOWS\sporder.dll
2009-07-08 18:12:47 ----A---- C:\WINDOWS\sporder.exe
2009-07-08 18:12:46 ----A---- C:\WINDOWS\system32\ZIPDLL.DLL
2009-07-08 18:12:46 ----A---- C:\WINDOWS\system32\UNZDLL.DLL
2009-07-08 18:12:44 ----A---- C:\WINDOWS\system32\mwtsp.dll
2009-07-08 18:12:44 ----A---- C:\WINDOWS\inst_tsp.exe
2009-07-08 18:12:39 ----D---- C:\WINDOWS\system32\FLCSS.EXE
2009-07-08 18:10:56 ----A---- C:\iwn2k3ek.exe
2009-07-08 16:21:49 ----A---- C:\spybotsd162.exe
2009-07-08 15:58:33 ----A---- C:\SpywareTerminator_SFTSetup.exe
2009-06-18 20:29:25 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2009-07-13 21:20:43 ----D---- C:\Dokumente und Einstellungen\Manuela\Anwendungsdaten\Orbit
2009-07-13 21:17:07 ----D---- C:\WINDOWS\system32\drivers
2009-07-13 21:17:07 ----D---- C:\WINDOWS
2009-07-13 21:16:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-13 21:16:10 ----D---- C:\Dokumente und Einstellungen\Manuela\Anwendungsdaten\FRITZ!
2009-07-13 21:00:37 ----RD---- C:\Programme
2009-07-13 19:52:36 ----D---- C:\WINDOWS\Downloaded Program Files
2009-07-13 19:49:26 ----SHD---- C:\System Volume Information
2009-07-13 19:49:26 ----D---- C:\WINDOWS\system32\Restore
2009-07-13 19:49:11 ----D---- C:\WINDOWS\system32
2009-07-13 19:35:32 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2009-07-13 08:36:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 08:33:02 ----DC---- C:\WINDOWS\system32\dllcache
2009-07-13 08:32:05 ----D---- C:\WINDOWS\inf
2009-07-10 00:06:45 ----D---- C:\Dokumente und Einstellungen\Manuela\Anwendungsdaten\BVS Solitaire Collection
2009-07-09 23:59:01 ----D---- C:\Film
2009-07-09 22:45:20 ----D---- C:\WINDOWS\Prefetch
2009-07-09 22:39:05 ----DC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-09 19:34:36 ----A---- C:\WINDOWS\system.ini
2009-07-09 19:32:48 ----SHD---- C:\WINDOWS\system32\bookls
2009-07-09 19:29:20 ----D---- C:\WINDOWS\AppPatch
2009-07-09 19:29:11 ----D---- C:\Programme\Gemeinsame Dateien
2009-07-09 01:25:48 ----D---- C:\WINDOWS\Tasks
2009-07-09 01:17:31 ----D---- C:\WINDOWS\Installer
2009-07-09 01:02:18 ----RASH---- C:\boot.ini
2009-07-09 00:50:36 ----D---- C:\Programme\Symantec
2009-07-09 00:44:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2009-07-09 00:39:11 ----A---- C:\WINDOWS\CD_START.INI
2009-07-08 23:57:11 ----D---- C:\Programme\Mozilla Firefox
2009-07-08 23:49:51 ----A---- C:\WINDOWS\win.ini
2009-07-08 23:23:42 ----D---- C:\WINDOWS\Debug
2009-07-08 23:23:39 ----D---- C:\WINDOWS\Minidump
2009-07-08 18:15:44 ----D---- C:\Dokumente und Einstellungen
2009-07-08 18:04:28 ----D---- C:\WINDOWS\Help
2009-07-08 16:26:59 ----D---- C:\Programme\Norton Internet Security
2009-06-29 11:07:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys []
R1 NETDSL;AVM PPP over Ethernet; C:\WINDOWS\system32\DRIVERS\netdsl.sys [2005-11-21 11264]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NETFWDSL;AVM FRITZ!web DSL PPP; C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [2005-11-21 367104]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\Programme\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20090707.005\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-02 247040]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-04-08 179968]
S3 CA504AV;MegaCam, WDM Video Capture; C:\WINDOWS\System32\Drivers\CA504AV.SYS [2001-11-23 512917]
S3 catchme;catchme; \??\C:\DOKUME~1\Manuela\LOKALE~1\Temp\catchme.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-01-15 41984]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SAVRT;SAVRT; \??\C:\Programme\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SQTECH9160;CAMERA; C:\WINDOWS\System32\Drivers\Capt9160.sys [2005-11-02 45711]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunplus;MegaCam Still Image Capture, Sunplus Version 1.00; C:\WINDOWS\System32\Drivers\Bulk504.sys [2001-10-05 10952]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 NAVENG;NAVENG; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20060922.018\NAVENG.Sys []
S4 NAVEX15;NAVEX15; \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20060922.018\NavEx15.Sys []
S4 SAVRTPEL;SAVRTPEL; \??\C:\Programme\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
S4 SPBBCDrv;SPBBCDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVM IGD CTRL Service;AVM IGD CTRL Service; C:\Programme\FRITZ!DSL\IGDCTRL.EXE [2005-11-21 81920]
R2 ccEvtMgr;Symantec Event Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [2006-03-28 192160]
R2 ccProxy;Symantec Network Proxy; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe [2006-06-22 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [2006-03-28 169632]
R2 CSIScanner;CSIScanner; C:\Programme\Prevx\prevx.exe [2009-07-09 4368952]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MWAgent;MWAgent; C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE [2007-04-07 414208]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 NSCService;Norton Protection Center Service; C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S2 HotspotShieldService;Hotspot Shield Service; C:\Programme\Hotspot Shield\bin\openvpnas.exe [2008-07-24 84440]
S2 navapsvc;Norton AntiVirus Auto-Protect-Dienst; C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-28 139888]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Programme\Norton Internet Security\ccPwdSvc.exe [2006-03-24 72328]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:\Programme\Norton Internet Security\comHost.exe [2007-02-01 45696]
S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2005-11-21 315392]
S3 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 182768]
S3 SAVScan;Symantec AVScan; C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 Symantec Core LC;Symantec Core LC; C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-07-08 1251720]
S3 WMConnectCDS;Windows Media Connect-Dienst; C:\Programme\Windows Media Connect 2\wmccds.exe [2005-10-06 856064]
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-05-11 1160848]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-13 21:35:21

======Uninstall list======

-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acronis*True*Image-->MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Ahead Nero Burning ROM-->C:\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
ANNO 1602-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4C781ED5-4C2A-4495-875B-85CC9266F1F0}\Setup.exe"
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
AVM FRITZ!Box Monitor-->"C:\Programme\FRITZ!Box Monitor\install.exe" -d
AVM FRITZ!DSL-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\FRITZ!DSL\WebUnins.isu -cC:\Programme\FRITZ!DSL\Webunins.dll
AVM FRITZ!fax-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\FRITZ!fax\Uninst.isu -cC:\Programme\FRITZ!fax\UNINST.DLL
Azureus-->C:\Programme\Azureus\Uninstall.exe
Billiard Total-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{871EFABF-ED09-42A0-8C4C-000000000024}\Setup.exe"
BitComet FLV Converter 1.0-->C:\BitComet FLV Converter\uninst.exe
BrainSprinter 4.12-->MsiExec.exe /I{AEE82CE6-0D43-4D74-948B-20F780366F6A}
Buyertools Reminder-->"C:\BuyertoolsReminder\Uninstall.exe" "C:\BuyertoolsReminder\install.log" -u
BVS Solitaire Sammlung version 4.0-->"C:\BVS Solitaire Collection\unins000.exe"
Camera-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4EB9E9E6-45FF-4998-8477-D2E8A9C1ED5B}\Setup.exe"
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only)-->"C:\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cult-->C:\WINDOWS\ST5UNST.EXE -n "C:\Programme\Cult\ST5UNST.LOG"
Das Amt-->C:\WINDOWS\IsUn0407.exe -f"C:\Greenwood\Das Amt\Uninst.isu"
Der Planer 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D11016EA-8CFB-4E07-91D4-28606762DF06}\Setup.exe" -l0x7 -UNINST
Die Sims - Tierisch gut drauf-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l0007
Digital Camera Driver-->C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
DVD Solution-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Easy Burning (remove only)-->C:\EasyBurning\Uninst Easy_Burning.exe
FLV Player 1.3.3-->"C:\FLVPlayer\uninstall.exe"
Free Video Converter V 1.2-->"C:\Free Video Converter\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GrabPro - Toolbar-->regsvr32 /u /s "C:\Orbitdownloader\GrabPro.dll"
Hexedit-->C:\WINDOWS\uninst.exe -fC:\Hexedit\DeIsL1.isu -cC:\Hexedit\_ISREG32.DLL
Hex-Editor MX-->"C:\Hex-Editor MX\unins000.exe"
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Manuela\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotspot Shield 1.06-->C:\Programme\Hotspot Shield\Uninstall.exe
Hotspot_Shield Toolbar-->C:\PROGRA~1\HOTSPO~2\UNWISE.EXE C:\PROGRA~1\HOTSPO~2\INSTALL.LOG
ICQ6-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Imperialismus-->C:\WINDOWS\unin0407.exe -fc:\Imperialismus\DeIsL1.isu
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Malwarebytes' Anti-Malware-->"C:\Malwarebytes' Anti-Malware\unins000.exe"
MediaShow 3.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.6)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2006 (Symantec Corporation)-->"C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
PC SpeedScan Pro-->C:\Programme\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0007 -removeonly
Peron-->C:\WINDOWS\IsUn0407.exe -fC:\Greenwood\Peron\Uninst.isu
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Power2Go 4.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD Copy 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Prevx 3.0-->"C:\Programme\Prevx\prevx.exe" /prop UNINSTALL=Y
Quest For Glory V: Drachenfeuer-->C:\WINDOWS\IsUn0407.exe -fC:\SIERRA\QFG5\Uninst.isu
QuickTime 3.0-->C:\WINDOWS\uninst.exe -fC:\Programme\QuickTime\DeIsL1.isu -c"C:\WINDOWS\system32\QTUninst.dll
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Screenshot Captor 2.57.01-->"C:\ScreenshotCaptor\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sierra Print Artist 6.0-->C:\WINDOWS\IsUn0407.exe -fC:\SIERRA\PA6\Uninst.isu -c"C:\SIERRA\PA6\PASTP.DLL"
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Ulead Photo Explorer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x7
Ulead Photo Express 4.0 SE-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUn0407.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VIA/S3G Display Driver-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{835686C5-8650-49EB-8CA0-4528B4035495}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{DF5F687F-8018-4542-9F98-7084E9022917}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"C:\Programme\Xvid\unins000.exe"
Yahtzee Deluxe-->"C:\Zylom Games\Yahtzee Deluxe\GameInstlr.exe" --uninstall UnInstall.log

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://einwahl.oleco.de/ [2009-07-08]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\pavuppad.exe,C:\WINDOWS\system32\twext.exe, [2009-07-08]
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe [2009-07-08]
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\pavuppad.exe,C:\WINDOWS\system32\twext.exe, [2009-07-08]
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\pavuppad.exe, [2009-07-08]
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\pavuppad.exe,C:\WINDOWS\system32\twext.exe, [2009-07-08]
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\pavuppad.exe, [2009-07-09]

======Security center information======

AV: Norton Internet Security 2006 (disabled) (outdated)
FW: Norton Internet Worm Protection (disabled)
FW: Norton Internet Security 2006

======System event log======

Computer Name:
Event Code: 11
Message: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Record Number: 11181
Source Name: Disk
Time Written: 20090710032940.000000+120
Event Type: Fehler
User:

Computer Name:
Event Code: 11
Message: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Record Number: 11180
Source Name: Disk
Time Written: 20090710032939.000000+120
Event Type: Fehler
User:

Computer Name:
Event Code: 11
Message: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Record Number: 11179
Source Name: Disk
Time Written: 20090710032936.000000+120
Event Type: Fehler
User:

Computer Name:
Event Code: 11
Message: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Record Number: 11178
Source Name: Disk
Time Written: 20090710032934.000000+120
Event Type: Fehler
User:

Computer Name:
Event Code: 11
Message: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.

Record Number: 11177
Source Name: Disk
Time Written: 20090710032932.000000+120
Event Type: Fehler
User:

=====Application event log=====

Computer Name:
Event Code: 34
Message:
Record Number: 15079
Source Name: NSCService
Time Written: 20081128153945.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name:
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 15078
Source Name: SecurityCenter
Time Written: 20081128153857.000000+060
Event Type: Informationen
User:

Computer Name:
Event Code: 35
Message: Der Dienst 'Symantec Netzwerk-Proxy' wurde gestartet.

Record Number: 15077
Source Name: ccProxy
Time Written: 20081128153840.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name:
Event Code: 1
Message: Application started

Record Number: 15076
Source Name: SNDSrvc
Time Written: 20081128153836.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name:
Event Code: 26
Message: Application starting

Record Number: 15075
Source Name: SNDSrvc
Time Written: 20081128153836.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Wow, nu konnte ich das durchlaufen lassen und mir ist gleich schlecht geworden..da ist ja noch so viel infiziert *seufzganzlaut* und nu???????

Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2394
Windows 5.1.2600 Service Pack 3

13.07.2009 21:51:36
mbam-log-2009-07-13 (21-51-30).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 101814
Laufzeit: 9 minute(s), 32 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> No action taken.
C:\WINDOWS\system32\pavuppad.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> No action taken.
C:\Programme\ICQToolbar\tbuA7\toolbaru.dll (Adware.BHO) -> No action taken.

Weiter mit Superantispyware und Log hierher:

was mach ich eigentlich mit den Sachen, die bei malwarebytes als infiziert erkannt wurden???
soll ich das fenster einfach schließen??

Auswahl entfernen anklicken.