tr/obfuscated.bk.2 - tr/dldr.swizzor.gen - Netpumper

#1 hab seit einigen tagen das problem. bin am verzweifeln weil der scaner bzw scanbot nix helfen.

antivir meldet ab und an (nicht wie bei anderen alle paar minuten):

tr/obfuscated.bk.2
tr/dldr.swizzor.gen

ausserdem öffnet der internetexplorer öfters man fenster mit diversen werbungen
spybot schon durchgeführt.. aber trotz entfernung und immunisierung findet er immer wieder drei mal fastclick.net
__________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 11:12:27, on 14.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\TOSHIBA\ConfigFree\CFWAN.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\Hijack1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LOG LIST] C:\DOKUME~1\awvm\ANWEND~1\ObjBone\Interidoladmin.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: eBay - {D7783732-69C6-4A28-BE53-618CC4609617} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161508555171
O16 - DPF: {C14C9409-1E1B-4F00-94AD-70F055AA71B2} (TradeSignal express) - http://www.tradesignalonline.com/wpa/tsb/2.7.0.45/components/tsbt-2-7-0-45.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

_______________________________________________________________

"awvm" - 07-01-14 10:26:18 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\tools"

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 09:39 <DIR> d-------- C:\Programme\HijackThis
2007-01-12 16:58 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2007-01-12 16:58 51,712 --a------ C:\WINDOWS\system32\tssBalloonTip2.dll
2007-01-12 16:58 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-01-12 16:58 <DIR> d-------- C:\Programme\Lemonade
2007-01-10 16:58 <DIR> d-------- C:\games
2007-01-10 12:32 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-07 00:37 <DIR> d-------- C:\Programme\TrendyFlash Site Builder
2007-01-06 16:51 <DIR> d-------- C:\Programme\PowerStrip
2007-01-06 13:04 <DIR> d-------- C:\Programme\DivX
2007-01-06 12:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InterVideo
2006-12-26 13:00 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-26 12:49 <DIR> d-------- C:\Programme\Strip Poker Red Light Edition
2006-12-24 20:51 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-12-24 20:50 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-12-24 18:19 <DIR> d-------- C:\Programme\Windows Media Connect 2
2006-12-24 18:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-24 18:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-17 16:35 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\TransRender
2006-12-17 16:35 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\Temporary
2006-12-16 19:40 <DIR> d-------- C:\Programme\mp3DirectCut
2006-12-16 19:25 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\ConvertTemp
2006-12-16 18:00 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\Samsung
2006-12-16 17:33 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2006-12-16 17:33 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2006-12-16 17:33 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2006-12-16 17:33 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2006-12-16 17:33 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2006-12-16 17:33 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2006-12-16 17:33 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2006-12-16 17:33 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2006-12-16 17:32 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2006-12-16 14:16 <DIR> d-------- C:\Programme\ObjBone
2006-12-16 14:16 <DIR> d-------- C:\Programme\Anti-Leech
2006-12-16 14:16 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\ObjBone
2006-12-16 14:16 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\NetPumper
2006-12-16 14:16 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\HeckFiveBrowseShow
2006-12-16 14:15 <DIR> d-------- C:\Programme\NetPumper


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 10:25 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\skype
2007-01-14 10:25 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\free download manager
2007-01-14 09:50 -------- d-------- C:\Programme\truedownloader
2007-01-14 09:49 -------- d-------- C:\Programme\plone 2
2007-01-14 09:23 -------- d-------- C:\Programme\mozilla firefox
2007-01-12 18:11 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\openoffice.org2
2007-01-06 12:47 -------- d--h----- C:\Programme\installshield installation information
2007-01-06 12:47 -------- d-------- C:\Programme\intervideo
2007-01-05 14:44 -------- d-------- C:\Programme\zoom player
2007-01-04 20:08 -------- d-------- C:\Programme\winamp
2007-01-04 18:28 -------- d-------- C:\Programme\antivir personaledition classic
2006-12-27 14:38 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\dvdcss


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"LOG LIST"="C:\\DOKUME~1\\awvm\\ANWEND~1\\ObjBone\\Interidoladmin.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"CeEKEY"="C:\\Programme\\TOSHIBA\\E-KEY\\CeEKey.exe"
"HWSetup"="C:\\Programme\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"SVPWUTIL"="C:\\Programme\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"SmoothView"="C:\\Programme\\TOSHIBA\\TOSHIBA Zoom-Dienstprogramm\\SmoothView.exe"
"NDSTray.exe"="NDSTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SmarThru Engine.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\SmarThru Engine.lnk"
"backup"="C:\\WINDOWS\\pss\\SmarThru Engine.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Samsung\\SmarThru\\QS.exe /i"
"item"="SmarThru Engine"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^awvm^Startmenü^Programme^Autostart^Microsoft Office OneNote 2003 Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\awvm\\Startmenü\\Programme\\Autostart\\Microsoft Office OneNote 2003 Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Schnellstart.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.EXE /tsr"
"item"="Microsoft Office OneNote 2003 Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^awvm^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
"path"="C:\\Dokumente und Einstellungen\\awvm\\Startmenü\\Programme\\Autostart\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Programme\\Apoint2K\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browse Show Regs Idol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="that cake"
"hkey"="HKLM"
"command"="C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\HeckFiveBrowseShow\\that cake.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileZilla Server Interface"
"hkey"="HKLM"
"command"="\"C:\\Programme\\FileZilla Server\\FileZilla Server Interface.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Programme\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GW Port Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PORTCTRL"
"hkey"="HKLM"
"command"="C:\\Programme\\Samsung\\SmarThru\\PORTCTRL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LOG LIST]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Interidoladmin"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\awvm\\ANWEND~1\\ObjBone\\Interidoladmin.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PadExe"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pstrip"
"hkey"="HKLM"
"command"="c:\\programme\\powerstrip\\pstrip.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TCtrlIOHook"
"hkey"="HKLM"
"command"="TCtrlIOHook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TFncKy"
"hkey"="HKLM"
"command"="TFncKy.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="toscdspd"
"hkey"="HKCU"
"command"="C:\\Programme\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPTray"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\TouchPad\\TPTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPSMain"
"hkey"="HKLM"
"command"="TPSMain.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TvsTray"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\Tvs\\TvsTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ZoomingHook"
"hkey"="HKLM"
"command"="ZoomingHook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AA4FCAF490A442A0.job

Completion time: 07-01-14 10:28:25
_________________________________________________________________

filelist

----- Root -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F4B5-F693

Verzeichnis von C:\

14.01.2007 10:31 43 filelist.txt
14.01.2007 10:30 135.506 filelistneu.txt
14.01.2007 10:28 22.945 ComboFix.txt
14.01.2007 09:21 1.072.156.672 hiberfil.sys
14.01.2007 09:21 1.610.612.736 pagefile.sys
10.01.2007 12:56 211 boot.ini
22.12.2006 12:00 26.037.679 231206.ZIP

__
----- System32 -------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F4B5-F693

Verzeichnis von C:\WINDOWS\system32

14.01.2007 09:22 1.158 wpa.dbl
14.01.2007 09:22 54.112 vsconfig.xml
14.01.2007 09:21 85.263 OODBS.lor
07.01.2007 00:38 6 sitesecuredll.inf
03.01.2007 00:19 10.980.776 MRT.exe
31.12.2006 11:35 4.212 zllictbl.dat
27.12.2006 08:40 401.398 perfh009.dat
27.12.2006 08:40 62.678 perfc009.dat
27.12.2006 08:40 416.044 perfh007.dat
27.12.2006 08:40 75.392 perfc007.dat
27.12.2006 08:40 928.500 PerfStringBackup.INI
24.12.2006 18:20 23.392 nscompat.tlb
24.12.2006 18:20 16.832 amcompat.tlb
__
----- Prefetch -------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F4B5-F693

Verzeichnis von C:\WINDOWS\Prefetch

14.01.2007 10:30 59.476 NOTEPAD.EXE-336351A9.pf
14.01.2007 10:30 81.952 7ZFM.EXE-24800234.pf
14.01.2007 10:30 11.916 FIND.EXE-0EC32F1E.pf
14.01.2007 10:30 24.082 CMD.EXE-087B4001.pf
14.01.2007 10:29 18.270 VERCLSID.EXE-3667BD89.pf
14.01.2007 10:29 98.278 FIREFOX.EXE-17EE503B.pf
14.01.2007 10:26 13.170 NMBGMONITOR.EXE-0BC10095.pf
14.01.2007 10:26 90.580 NMINDEXSTORESVR.EXE-1DBCF9FD.pf
14.01.2007 10:26 21.788 RASAUTOU.EXE-18B88A68.pf
14.01.2007 10:21 195.062 VLC.EXE-29851A71.pf
14.01.2007 10:20 14.220 RUNDLL32.EXE-451FC2C0.pf
14.01.2007 10:07 80.038 WINAMP.EXE-08C38ED9.pf
14.01.2007 10:00 54.386 GUARDGUI.EXE-1BD45C30.pf
14.01.2007 10:00 72.108 IEXPLORE.EXE-2CA9778D.pf
14.01.2007 10:00 43.584 COPY MODE LOGO.EXE-39A4EFA3.pf
14.01.2007 09:40 17.726 HIJACK1991.EXE-355E7017.pf
14.01.2007 09:39 153.918 WINRAR.EXE-3588DFE8.pf
14.01.2007 09:39 15.822 HIJACKTHIS.EXE-28227F4A.pf
14.01.2007 09:38 13.042 RUNDLL32.EXE-268BFF96.pf
14.01.2007 09:37 53.204 UPDCLIENT.EXE-215FC96B.pf
14.01.2007 09:32 50.814 AVSCAN.EXE-05AECC0E.pf
14.01.2007 09:32 44.696 AVCENTER.EXE-37584419.pf
14.01.2007 09:26 15.160 HIJACKTHIS.EXE-334103A9.pf
14.01.2007 09:26 66.100 FDM.EXE-2B81629D.pf
14.01.2007 09:22 33.164 WUAUCLT.EXE-399A8E72.pf
14.01.2007 09:22 40.530 SVCHOST.EXE-3530F672.pf
14.01.2007 09:22 19.030 CFWAN.EXE-0285C5D6.pf
14.01.2007 09:22 56.268 WGATRAY.EXE-0ED38BED.pf
14.01.2007 09:22 83.316 ALG.EXE-0F138680.pf
14.01.2007 09:22 89.346 WMIPRVSE.EXE-28F301A9.pf
14.01.2007 09:22 1.284.200 NTOSBOOT-B00DFAAD.pf
14.01.2007 00:11 21.554 LOGONUI.EXE-0AF22957.pf
13.01.2007 23:58 110.054 FIREFOX.EXE-1D57670A.pf
13.01.2007 20:10 7.184 INTERI~1.EXE-11008A4C.pf
13.01.2007 20:02 9.032 LOGON.SCR-151EFAEA.pf
13.01.2007 20:00 9.742 1763B96.EXE-3497B54C.pf
13.01.2007 19:35 68.298 ICQLITE.EXE-2AEFACA7.pf
13.01.2007 18:24 86.386 MSIMN.EXE-0B61806C.pf
13.01.2007 17:52 106.408 ACRORD32.EXE-0EC716D9.pf
13.01.2007 17:41 41.620 AVNOTIFY.EXE-22AE9451.pf
13.01.2007 15:46 20.050 TASKMGR.EXE-20256C55.pf
13.01.2007 15:42 48.860 WINUAE.EXE-0141E28B.pf
13.01.2007 15:36 64.274 LEMONADE.EXE-1119A043.pf
13.01.2007 15:36 41.434 ACRORD32INFO.EXE-30CEC19C.pf
13.01.2007 15:27 53.550 DFRGNTFS.EXE-269967DF.pf
13.01.2007 15:27 16.484 DEFRAG.EXE-273F131E.pf
13.01.2007 15:22 624.602 Layout.ini
13.01.2007 14:05 20.664 AVGNT.EXE-36CA4640.pf
13.01.2007 14:03 48.494 UPDATE.EXE-13D57D76.pf
13.01.2007 14:03 16.446 PREUPD.EXE-358AA1C1.pf
13.01.2007 14:00 20.024 THATCA~1.EXE-220B4632.pf
13.01.2007 13:56 84.648 DRWTSN32.EXE-2B4B52AC.pf
13.01.2007 13:56 83.060 DWWIN.EXE-30875ADC.pf
13.01.2007 10:02 29.530 CALC.EXE-02CD573A.pf
12.01.2007 18:36 114.568 SKYPE.EXE-21F19BC8.pf
12.01.2007 18:11 41.088 SOFFICE.EXE-0BED0A91.pf
12.01.2007 18:11 105.966 SOFFICE.BIN-13DC9FB8.pf
12.01.2007 17:38 16.820 IGFXSRVC.EXE-2FB63FE8.pf
12.01.2007 16:58 19.268 IS-V6J0V.TMP-22B2EB56.pf
12.01.2007 16:58 15.688 SETUP098B.EXE-09A6D4FA.pf
12.01.2007 16:58 19.268 IS-L59T9.TMP-07F5218A.pf
12.01.2007 16:58 15.250 INSTALLWINUAE1330.EXE-2342891C.pf
12.01.2007 16:56 15.008 RUNDLL32.EXE-206DE983.pf
12.01.2007 14:18 58.352 FDM.EXE-0654E435.pf
12.01.2007 14:00 18.438 THAT CAKE.EXE-376E5333.pf
11.01.2007 12:49 16.086 RUNDLL32.EXE-1BA304CD.pf
11.01.2007 12:47 27.030 RUNDLL32.EXE-1FCCB91E.pf
10.01.2007 22:14 21.366 MSPAINT.EXE-11CBB631.pf
10.01.2007 21:45 32.924 SETUP_WM.EXE-19AC5A9B.pf
10.01.2007 21:39 34.156 UNREGMP2.EXE-07CACB61.pf
10.01.2007 21:39 51.250 WMPLAYER.EXE-09969332.pf
10.01.2007 21:14 101.034 NERO.EXE-2031B565.pf
10.01.2007 19:17 8.940 ATIPRBXX.EXE-2EF3CAC1.pf
10.01.2007 18:58 70.162 HELPSVC.EXE-2878DDA2.pf
10.01.2007 16:30 16.100 7ZGN.EXE-2E99A423.pf
10.01.2007 14:16 33.620 CNMSM5N.EXE-027EF4A0.pf
10.01.2007 13:00 14.018 INTERIDOLADMIN.EXE-114C3407.pf
10.01.2007 12:32 67.618 MSCONFIG.EXE-35E4DAE9.pf
10.01.2007 12:32 48.746 MRT.EXE-1B4A8D49.pf
10.01.2007 12:32 19.268 WINDOWS-KB890830-V1.24-DELTA.-11E703DC.pf
10.01.2007 12:32 51.214 MRTSTUB.EXE-31354199.pf
10.01.2007 12:32 62.484 UPDATE.EXE-0EDB45DE.pf
08.01.2007 22:40 19.566 RUNDLL32.EXE-12E27DD0.pf
07.01.2007 22:52 85.280 WINDVD.EXE-01AC55D2.pf
07.01.2007 22:45 16.600 SNDVOL32.EXE-383480B7.pf
07.01.2007 00:37 23.252 TRENDYFLASH SITE BUILDER.EXE-1469467A.pf
07.01.2007 00:36 56.630 MSIEXEC.EXE-2F8A8CAE.pf
07.01.2007 00:36 11.072 TRENDYFLASH-SITE-BUILDER-FULL-277AA4A8.pf
07.01.2007 00:36 51.368 XTE19.TMP-02DDA6C5.pf
07.01.2007 00:35 60.726 TRENDY_FLASH_SITE_BUILDER.EXE-3001EA04.pf
07.01.2007 00:30 58.192 DAEMON.EXE-28AD7272.pf
06.01.2007 18:59 32.534 DIVXSM.EXE-3407AB62.pf
06.01.2007 18:20 18.642 CONTROL.EXE-013DBFB5.pf
06.01.2007 18:20 24.614 RUNDLL32.EXE-2035388B.pf
06.01.2007 18:02 35.836 RUNDLL32.EXE-3410BDE1.pf
06.01.2007 16:58 17.446 PSTRIP.EXE-02844298.pf
06.01.2007 16:56 17.442 WINCINEMAMGR.EXE-04A7509F.pf
06.01.2007 16:56 1.396 TEATIMER.EXE-38E505A8.pf
06.01.2007 16:56 63.132 CTFMON.EXE-0E17969B.pf
06.01.2007 16:56 12.378 DUMPREP.EXE-1B46F901.pf
06.01.2007 16:52 4.112 LOADER.EXE-2A6B03C3.pf
06.01.2007 16:51 12.732 REGEDIT.EXE-1B606482.pf
06.01.2007 16:51 13.844 PSTRIP.EXE-127C669D.pf
06.01.2007 15:57 15.928 RAR.EXE-3899994E.pf
06.01.2007 13:20 37.620 PHOTOSNAPVIEWER.EXE-1BCDA4AE.pf
06.01.2007 13:04 13.778 DIVXCOMPONENTINSTALLER.EXE-2EABEE14.pf
06.01.2007 13:04 32.654 DIVXPLAYER.EXE-3A4D2AEA.pf
06.01.2007 13:04 5.412 LICENSEACTIVATOR.EXE-2D273188.pf
06.01.2007 13:04 13.936 REGSVR32.EXE-25EEFE2F.pf
06.01.2007 13:04 54.388 INSTALL.EXE-0CB27DC6.pf
06.01.2007 12:48 18.602 INSTALLSHIELDUPDATESERVICE.EX-00AA98DB.pf
06.01.2007 12:48 9.202 KEYGEN.EXE-03E214B0.pf
06.01.2007 12:47 55.220 IKERNEL.EXE-092EF074.pf
06.01.2007 12:47 30.230 SETUP.EXE-338929A1.pf
06.01.2007 12:47 16.200 WINDVD7.EXE-38604188.pf
06.01.2007 12:43 21.980 MAIN.EXE-35869F23.pf
06.01.2007 12:24 6.360 XTE89.TMP-2C35C49C.pf
06.01.2007 12:20 7.950 ALHLP.EXE-3540EC45.pf
06.01.2007 11:51 18.556 UNINSTALL.EXE-05B02A77.pf
06.01.2007 11:50 13.406 VLC-0.8.6A-WIN32.EXE-0A0BF167.pf
06.01.2007 11:41 30.920 POWERDVD.EXE-35D9A3BA.pf
06.01.2007 11:30 19.650 RUNDLL32.EXE-1187A170.pf
05.01.2007 14:43 113.436 ZPLAYER.EXE-05AC08A4.pf
04.01.2007 19:08 62.054 RUNDLL32.EXE-357AE56D.pf
04.01.2007 12:47 23.998 SCHED.EXE-236A886F.pf
04.01.2007 12:47 50.380 AVGUARD.EXE-3490B18B.pf
04.01.2007 12:47 29.308 UPDATE.EXE-112D8648.pf
03.01.2007 13:35 82.126 QT3GPPFLATTEN.EXE-064129F4.pf
03.01.2007 13:35 63.296 FFMPEG.EXE-29CA5B26.pf
03.01.2007 12:49 41.354 RUNDLL32.EXE-2576181F.pf
130 Datei(en) 7.188.112 Bytes
0 Verzeichnis(se), 18.341.998.592 Bytes frei
__
----- Windows --------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F4B5-F693

Verzeichnis von C:\WINDOWS

14.01.2007 10:13 258.641 setupapi.log
14.01.2007 09:47 0 iPlayer.INI
14.01.2007 09:22 0 0.log
14.01.2007 09:21 1.175.630 WindowsUpdate.log
14.01.2007 09:21 159 wiadebug.log
14.01.2007 09:21 50 wiaservc.log
14.01.2007 09:21 2.048 bootstat.dat
14.01.2007 00:11 32.436 SchedLgU.Txt
12.01.2007 17:04 54.156 QTFont.qfn
12.01.2007 16:52 116 NeroDigital.ini
10.01.2007 22:24 809 win.ini
10.01.2007 21:48 61.839 wmsetup.log
10.01.2007 12:56 227 system.ini
10.01.2007 12:32 1.374 imsins.log
10.01.2007 12:32 142.926 ntdtcsetup.log
10.01.2007 12:32 267.866 tsoc.log
10.01.2007 12:32 108.523 iis6.log
10.01.2007 12:32 236.928 comsetup.log
10.01.2007 12:32 38.439 ocmsn.log
10.01.2007 12:32 3.557 KB929969.log
10.01.2007 12:32 338.310 ocgen.log
10.01.2007 12:32 34.328 msgsocm.log
10.01.2007 12:32 677.957 FaxSetup.log
06.01.2007 16:52 279 wininit.ini
06.01.2007 14:10 1.409 QTFont.for
06.01.2007 12:48 87 setup.log
02.01.2007 13:36 151 PhotoSnapViewer.INI
26.12.2006 13:53 5.515 AERA Bestellkompass Uninstall Log.txt
26.12.2006 13:00 75.464 DirectX.log
24.12.2006 20:50 218.466 setupact.log
24.12.2006 18:24 45.959 spupdsvc.log
24.12.2006 18:21 3.224 wmsetup10.log
24.12.2006 18:20 1.393 imsins.BAK
24.12.2006 18:20 5.720 KB926239.log
24.12.2006 18:20 58.144 updspapi.log
24.12.2006 18:20 3.360 MSCompPackV1.log
24.12.2006 18:20 17.475 wmp11.log
24.12.2006 18:19 24.367 WMFDist11.log
24.12.2006 18:19 316.640 WMSysPr9.prx
24.12.2006 18:18 12.428 Wudf01000Inst.log
__
----- Tasks ----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F4B5-F693

Verzeichnis von C:\WINDOWS\tasks

14.01.2007 10:05 258 AA4FCAF490A442A0.job
14.01.2007 09:21 6 SA.DAT
04.08.2004 13:00 65 desktop.ini
3 Datei(en) 329 Bytes
0 Verzeichnis(se), 18.341.994.496 Bytes frei

----- Wintemp --------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F4B5-F693

Verzeichnis von C:\WINDOWS\temp

14.01.2007 09:21 256 ZLT062f4.TMP
14.01.2007 09:21 256 ZLT0092a.TMP
2 Datei(en) 512 Bytes
0 Verzeichnis(se), 18.341.990.400 Bytes frei

----- Temp -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F4B5-F693

Verzeichnis von C:\DOKUME~1\awvm\LOKALE~1\Temp

#2 digismo

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein: (ohne "Zitat" )

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LOG LIST
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browse Show Regs Idol

Files to delete:
C:\WINDOWS\tasks\AA4FCAF490A442A0.job

Folders to delete:
C:\Programme\ObjBone
C:\Programme\Anti-Leech
C:\Programme\NetPumper
C:\Dokumente und Einstellungen\All Users\HeckFiveBrowseShow
C:\Dokumente und Einstellungen\awvm\Anwendungsdaten\ObjBone
C:\Dokumente und Einstellungen\awvm\Anwendungsdaten\NetPumper

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
öffne das HijackThis -- Button "scan" -- vor diesen Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKCU\..\Run: [LOG LIST] C:\DOKUME~1\awvm\ANWEND~1\ObjBone\Interidoladmin.exe

»»
scanne mit Counterspy und lasse mit remove den ganzen netpumper/Anti-Leech-Muell loeschen
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 1000 dank für die schnelle hilfe....
ich finde e gut das du mir das schreibst...
ich will natürlich dazulernen um evtl später auch mal anderen leuten helfen zu können. woher hast du gewusst was ich löschen muss.


____________________________________________________

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tncaegvh

*******************

Script file located at: \??\C:\Program Files\tlagxofi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\tasks\AA4FCAF490A442A0.job deleted successfully.
Folder C:\Programme\ObjBone deleted successfully.
Folder C:\Programme\Anti-Leech deleted successfully.
Folder C:\Programme\NetPumper deleted successfully.


Folder C:\Dokumente und Einstellungen\All Users\HeckFiveBrowseShow not found!
Deletion of folder C:\Dokumente und Einstellungen\All Users\HeckFiveBrowseShow failed!

Could not process line:
C:\Dokumente und Einstellungen\All Users\HeckFiveBrowseShow
Status: 0xc0000034

Folder C:\Dokumente und Einstellungen\awvm\Anwendungsdaten\ObjBone deleted successfully.
Folder C:\Dokumente und Einstellungen\awvm\Anwendungsdaten\NetPumper deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LOG LIST deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browse Show Regs Idol deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
____________________
ps
ok hab jetzt alles erledigt wie beschrieben.
1000 dank nochmal

______________________________________

pss

tr/obfuscated.bk.2 ist wieder da..

fastclick wird mit spybot immer noch gefunden während counterspy nix anzeigt.

_____________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 17:44:59, on 14.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\TOSHIBA\ConfigFree\CFWAN.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\Hijack1991.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: eBay - {D7783732-69C6-4A28-BE53-618CC4609617} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161508555171
O16 - DPF: {C14C9409-1E1B-4F00-94AD-70F055AA71B2} (TradeSignal express) - http://www.tradesignalonline.com/wpa/tsb/2.7.0.45/components/tsbt-2-7-0-45.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

__________________________________________________________



"awvm" - 07-01-14 17:47:13 Service Pack 2
ComboFix 07-01-14.2 - Running from: "C:\tools"

((((((((((((((((((((((((((((((( Files Created from 2006-12-14 to 2007-01-14 ))))))))))))))))))))))))))))))))))


2007-01-14 16:17 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Adobe
2007-01-14 16:17 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\Adobe
2007-01-14 14:20 <DIR> d-------- C:\Programme\Sunbelt Software
2007-01-14 14:05 <DIR> d-------- C:\avenger
2007-01-14 09:39 <DIR> d-------- C:\Programme\HijackThis
2007-01-12 16:58 53,248 --a------ C:\WINDOWS\system32\zlib.dll
2007-01-12 16:58 51,712 --a------ C:\WINDOWS\system32\tssBalloonTip2.dll
2007-01-12 16:58 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-01-12 16:58 <DIR> d-------- C:\Programme\Lemonade
2007-01-10 16:58 <DIR> d-------- C:\games
2007-01-10 12:32 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-07 00:37 <DIR> d-------- C:\Programme\TrendyFlash Site Builder
2007-01-06 16:51 <DIR> d-------- C:\Programme\PowerStrip
2007-01-06 13:04 <DIR> d-------- C:\Programme\DivX
2007-01-06 12:48 <DIR> d-------- C:\Programme\Gemeinsame Dateien\InterVideo
2006-12-26 13:00 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-26 12:49 <DIR> d-------- C:\Programme\Strip Poker Red Light Edition
2006-12-24 20:51 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-12-24 20:50 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-12-24 18:19 <DIR> d-------- C:\Programme\Windows Media Connect 2
2006-12-24 18:18 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-24 18:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-17 16:35 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\TransRender
2006-12-17 16:35 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\Temporary
2006-12-16 19:40 <DIR> d-------- C:\Programme\mp3DirectCut
2006-12-16 18:00 <DIR> d-------- C:\DOKUME~1\awvm\Anwendungsdaten\Samsung
2006-12-16 17:33 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2006-12-16 17:33 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2006-12-16 17:33 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2006-12-16 17:33 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2006-12-16 17:33 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2006-12-16 17:33 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2006-12-16 17:33 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2006-12-16 17:33 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2006-12-16 17:32 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2006-12-16 14:16 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\HeckFiveBrowseShow


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-14 17:47 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\free download manager
2007-01-14 16:59 -------- d-------- C:\Programme\mozilla firefox
2007-01-14 16:15 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\adobeum
2007-01-14 14:24 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\skype
2007-01-14 13:17 -------- d-------- C:\Programme\zoom player
2007-01-14 09:50 -------- d-------- C:\Programme\truedownloader
2007-01-14 09:49 -------- d-------- C:\Programme\plone 2
2007-01-12 18:11 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\openoffice.org2
2007-01-06 12:47 -------- d--h----- C:\Programme\installshield installation information
2007-01-06 12:47 -------- d-------- C:\Programme\intervideo
2007-01-04 20:08 -------- d-------- C:\Programme\winamp
2007-01-04 18:28 -------- d-------- C:\Programme\antivir personaledition classic
2006-12-27 14:38 -------- d-------- C:\DOKUME~1\awvm\Anwendungsdaten\dvdcss
2006-12-16 17:32 -------- d-------- C:\Programme\samsung
2006-11-28 20:37 -------- d-------- C:\Programme\icqlite
2006-11-19 12:22 -------- d-------- C:\Programme\aera
2006-11-14 21:01 -------- d-------- C:\Programme\msxml 4.0
2006-11-10 21:17 73216 --a------ C:\WINDOWS\cadkasdeinst01.exe
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 10:02 8282112 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:56 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:55 275968 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:54 8192 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 11:51 43008 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-21 12:03 81920 --a------ C:\DOKUME~1\awvm\Anwendungsdaten\ezpinst.exe
2006-10-21 12:03 7176 --a------ C:\DOKUME~1\awvm\Anwendungsdaten\pcouffin.cat
2006-10-21 12:03 47360 --a------ C:\DOKUME~1\awvm\Anwendungsdaten\pcouffin.sys
2006-10-21 12:03 33 --a------ C:\DOKUME~1\awvm\Anwendungsdaten\pcouffin.log
2006-10-21 12:03 1144 --a------ C:\DOKUME~1\awvm\Anwendungsdaten\pcouffin.inf
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AGRSMMSG"="AGRSMMSG.exe"
"CeEKEY"="C:\\Programme\\TOSHIBA\\E-KEY\\CeEKey.exe"
"HWSetup"="C:\\Programme\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"SVPWUTIL"="C:\\Programme\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"SmoothView"="C:\\Programme\\TOSHIBA\\TOSHIBA Zoom-Dienstprogramm\\SmoothView.exe"
"NDSTray.exe"="NDSTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SmarThru Engine.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\SmarThru Engine.lnk"
"backup"="C:\\WINDOWS\\pss\\SmarThru Engine.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Samsung\\SmarThru\\QS.exe /i"
"item"="SmarThru Engine"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^awvm^Startmenü^Programme^Autostart^Microsoft Office OneNote 2003 Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\awvm\\Startmenü\\Programme\\Autostart\\Microsoft Office OneNote 2003 Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Schnellstart.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.EXE /tsr"
"item"="Microsoft Office OneNote 2003 Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^awvm^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
"path"="C:\\Dokumente und Einstellungen\\awvm\\Startmenü\\Programme\\Autostart\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Programme\\Apoint2K\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FileZilla Server Interface"
"hkey"="HKLM"
"command"="\"C:\\Programme\\FileZilla Server\\FileZilla Server Interface.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Programme\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GW Port Controller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PORTCTRL"
"hkey"="HKLM"
"command"="C:\\Programme\\Samsung\\SmarThru\\PORTCTRL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PadExe"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerStrip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pstrip"
"hkey"="HKLM"
"command"="c:\\programme\\powerstrip\\pstrip.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TCtrlIOHook"
"hkey"="HKLM"
"command"="TCtrlIOHook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TFncKy"
"hkey"="HKLM"
"command"="TFncKy.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="toscdspd"
"hkey"="HKCU"
"command"="C:\\Programme\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPTray"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\TouchPad\\TPTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPSMain"
"hkey"="HKLM"
"command"="TPSMain.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TvsTray"
"hkey"="HKLM"
"command"="C:\\Programme\\TOSHIBA\\Tvs\\TvsTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ZoomingHook"
"hkey"="HKLM"
"command"="ZoomingHook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


Completion time: 07-01-14 17:49:38
C:\ComboFix2.txt ... 07-01-14 10:28

#4 es ist alles wieder in Ordnung ...oder ?
__________
MfG Sabina

rund um die PC-Sicherheit

#5 also vorhin ist der tr/obfuscated.bk.2 wieder gekommen. muss es morgen nochmal testen...

#6 Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)
dann sollte wirklich wieder alles i.o. sein
__________
MfG Sabina

rund um die PC-Sicherheit

#7 so. bin gradeheim gekommen. der trojaner hat sich in der vergangenheit eher sporadisch gezeigt. bisher, ist er nicht mehr gekommen.
wäre ja super wenn der weg wäre.

ne kurze frage. spybot melder wenn was an der registry geändert wird und fragt nach erlaubnis. allerdings ist das fenster was er macht so klen dassman das gar nicht vernünftig sieht. manual kann man das fenster nicht aufziehen. hab ihr nen tipp wie man das grösser bekommt.

1000 dank nochmal.

#8 scanne mit Spybot, dann kopiere den scanreport ab und hier in den Thread
__________
MfG Sabina

rund um die PC-Sicherheit

#9 --- Search result list ---
FastClick: Verfolgender Cookie (Firefox: default) (Cookie, fixed)


FastClick: Verfolgender Cookie (Firefox: default) (Cookie, fixed)


FastClick: Verfolgender Cookie (Firefox: default) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-08-31 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-12 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-01-12 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-01-12 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-01-12 Includes\KeyloggersC.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-01-12 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2007-01-12 Includes\PUPSC.sbi (*)
2007-01-12 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-01-12 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2007-01-12 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-01-12 Includes\TrojansC.sbi (*)



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/917283
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/922770
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ Step By Step Interactive Training / SP2: Sicherheitsupdate für Step by Step Interactive Training (KB898458)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 10: Sicherheitsupdate für Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Sicherheitsupdate für Windows Media Player 10 (KB917734)
/ Windows Media Player 6.4: Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
/ Windows XP: Sicherheitsupdate für Windows XP (KB923689)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP-Hotfix - KB873333
/ Windows XP / SP3: Windows XP-Hotfix - KB873339
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB883939)
/ Windows XP / SP3: Windows XP-Hotfix - KB884018
/ Windows XP / SP3: Windows XP-Hotfix - KB885250
/ Windows XP / SP3: Windows XP-Hotfix - KB885835
/ Windows XP / SP3: Windows XP-Hotfix - KB885836
/ Windows XP / SP3: Windows XP-Hotfix - KB885855
/ Windows XP / SP3: Windows XP-Hotfix - KB886185
/ Windows XP / SP3: Windows XP-Hotfix - KB887472
/ Windows XP / SP3: Windows XP-Hotfix - KB887742
/ Windows XP / SP3: Windows XP-Hotfix - KB888113
/ Windows XP / SP3: Windows XP-Hotfix - KB888302
/ Windows XP / SP3: Windows XP-Hotfix - KB889673
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB890046)
/ Windows XP / SP3: Windows XP-Hotfix - KB890047
/ Windows XP / SP3: Windows XP-Hotfix - KB890175
/ Windows XP / SP3: Windows XP-Hotfix - KB890859
/ Windows XP / SP3: Windows XP-Hotfix - KB890923
/ Windows XP / SP3: Windows XP-Hotfix - KB891781
/ Windows XP / SP3: Windows XP-Hotfix - KB893056
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB893066)
/ Windows XP / SP3: Windows XP-Hotfix - KB893086
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update für Windows XP (KB894391)
/ Windows XP / SP3: Hotfix für Windows XP (KB894871)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896358)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896422)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896423)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896424)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896428)
/ Windows XP / SP3: Update für Windows XP (KB898461)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899587)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899591)
/ Windows XP / SP3: Update für Windows XP (KB900485)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB900725)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901017)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901190)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901214)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB902400)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB903235)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB904706)
/ Windows XP / SP3: Update für Windows XP (KB904942)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB905414)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB905749)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB905915)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB908519)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB908531)
/ Windows XP / SP3: Update für Windows XP (KB910437)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911280)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911562)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911567)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911927)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB912812)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB912919)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB913446)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB913580)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB914388)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB914389)
/ Windows XP / SP3: Hotfix für Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB916281)
/ Windows XP / SP3: Update für Windows XP (KB916595)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917159)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917344)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917422)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917953)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918439)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918899)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB919007)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920213)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920214)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920670)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920683)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920685)
/ Windows XP / SP3: Update für Windows XP (KB920872)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB921398)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB921883)
/ Windows XP / SP3: Update für Windows XP (KB922582)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB922616)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB922819)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923191)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923414)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923694)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923980)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924191)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924270)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924496)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB925486)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB926255)


--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88358
MD5: b2ed4020ee2a9446649ce6b0a918c91c

Located: HK_LM:Run, ATIPTA
command: "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
file: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 8824078bda1635639aae125d24b85383

Located: HK_LM:Run, avgnt
command: "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
size: 262184
MD5: dd157e7c9508b918f541d1d86992a1d0

Located: HK_LM:Run, CeEKEY
command: C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
file: C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
size: 671744
MD5: 08835ac90c7a02f55a0d0b1d0397acae

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122941
MD5: 352fbf618066d0ceb7dc8ecabeb1a8d7

Located: HK_LM:Run, HWSetup
command: C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
file:

Located: HK_LM:Run, ICQ Lite
command: "C:\Programme\ICQLite\ICQLite.exe" -minimize
file: C:\Programme\ICQLite\ICQLite.exe
size: 3144800
MD5: c0f38029c013894b668aeca496f6db50

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 2a8714774f4f6db56bba49df1c5d9c3a

Located: HK_LM:Run, NDSTray.exe
command: NDSTray.exe
file:

Located: HK_LM:Run, SmoothView
command: C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
file: C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
size: 118784
MD5: e5c72b1639a95a95cf16add1bb746b15

Located: HK_LM:Run, SunServer
command: C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
file: C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
size: 290816
MD5: a6498e745702f2b9c1d1702c094ca2b5

Located: HK_LM:Run, SVPWUTIL
command: C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
file:

Located: HK_LM:Run, Zone Labs Client
command: "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
size: 968696
MD5: 71514e2c74d554f5902dc184046eca3b

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 7ce20569925df6789c31799f0c538f29

Located: HK_CU:Run, Skype
command: "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Programme\Skype\Phone\Skype.exe
size: 20058152
MD5: 32cc2915fcc207086d9b43ccece298f7

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496eee0ddbe485f658693826f44d38

Located: HK_CU:RunOnce, ICQ Lite
command: C:\Programme\ICQLite\ICQLite.exe -trayboot
file: C:\Programme\ICQLite\ICQLite.exe
size: 3144800
MD5: c0f38029c013894b668aeca496f6db50

Located: Startup (allgemein), InterVideo WinCinema Manager.lnk
command: C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
file: C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
size: 278528
MD5: 47a651eb2bdd2b46f4c50a2743d527e2

Located: Startup (deaktiviert), Adobe Reader - Schnellstart (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (deaktiviert), SmarThru Engine (DISABLED)
command: C:\PROGRA~1\Samsung\SmarThru\QS.exe /i
file: C:\PROGRA~1\Samsung\SmarThru\QS.exe
size: 258048
MD5: 4208494f4381e0684c8a472198847805

Located: Startup (deaktiviert), Microsoft Office OneNote 2003 Schnellstart (DISABLED)
command: C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE /tsr
file: C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE
size: 59080
MD5: b2337403a5e582811f96de88c03ac7a9

Located: Startup (deaktiviert), OpenOffice.org 2.0 (DISABLED)
command: C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE
file: C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE
size: 61440
MD5: 5cb03ee68f33c0bdf5484d36ef7f1212

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Programme\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 18.12.2006 04:16:42
Date (last access): 16.01.2007 12:25:36
Date (last write): 18.12.2006 04:16:42
Filesize: 59032
Attributes: archive
MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
CRC32: 7B0A854F
Version: 7.0.9.50

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 31.08.2006 11:36:26
Date (last access): 16.01.2007 13:27:04
Date (last write): 31.05.2005 00:04:00
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 14.09.2005 15:26:46
Date (last access): 16.01.2007 12:25:36
Date (last write): 31.05.2005 04:33:00
Filesize: 118844
Attributes: archive
MD5: ECBB15757C8DFCB1D23685FC2B96B898
CRC32: 7934BE76
Version: 1.4.8.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Programme\Java\jre1.5.0_09\bin\
Long name: ssv.dll
Short name:
Date (created): 12.10.2006 03:10:58
Date (last access): 16.01.2007 12:25:38
Date (last write): 12.10.2006 03:25:44
Filesize: 434279
Attributes: archive
MD5: D62E335F137D9E0F9F4DBE09564959B1
CRC32: 72699310
Version: 5.0.90.3

{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
BHO name:
CLSID name: FDMIECookiesBHO Class
Path: C:\Programme\Free Download Manager\
Long name: iefdmcks.dll
Short name:
Date (created): 23.08.2006 15:00:06
Date (last access): 16.01.2007 12:25:38
Date (last write): 20.08.2006 18:55:00
Filesize: 81920
Attributes: archive
MD5: B48BDBA896C133A4980ADF0036AA07BC
CRC32: 451A7D30
Version: 493.0.0.0



--- ActiveX list ---
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161508555171
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 26.05.2005 03:19:32
Date (last access): 16.01.2007 12:26:12
Date (last write): 26.05.2005 03:19:32
Filesize: 178408
Attributes: archive
MD5: EE37AA2C0700221CD8B02FADCD4C7FB5
CRC32: F5494B06
Version: 5.8.0.2469

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programme\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12.10.2006 03:10:58
Date (last access): 16.01.2007 13:11:08
Date (last write): 12.10.2006 03:25:44
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{C14C9409-1E1B-4F00-94AD-70F055AA71B2} (TradeSignal express)
DPF name:
CLSID name: TradeSignal express
Installer: C:\WINDOWS\Downloaded Program Files\tsbti.inf
Codebase: http://www.tradesignalonline.com/wpa/tsb/2.7.0.45/components/tsbt-2-7-0-45.cab
description:
classification: Open for discussion
known filename: tsbtitls.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: tsbtitls.dll
Short name:
Date (created): 02.06.2005 09:46:16
Date (last access): 16.01.2007 12:40:28
Date (last write): 02.08.2006 12:12:50
Filesize: 180224
Attributes: archive
MD5: CFC1046BD9E436C21E39C616E08405F9
CRC32: D0A997F0
Version: 2.7.0.45

{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_03
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.5.0_03\bin\
Long name: NPJPI150_03.dll
Short name: NPJPI1~1.DLL
Date (created): 13.04.2005 02:48:56
Date (last access): 16.01.2007 13:11:08
Date (last write): 13.04.2005 03:06:32
Filesize: 69746
Attributes: archive
MD5: 13FCA03EBCA6E1F8C6481166C516D1FE
CRC32: 868C298F
Version: 5.0.30.7

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12.10.2006 03:10:58
Date (last access): 16.01.2007 13:11:08
Date (last write): 12.10.2006 03:25:44
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12.10.2006 03:10:58
Date (last access): 16.01.2007 13:11:08
Date (last write): 12.10.2006 03:25:44
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 09.11.2006 14:46:28
Date (last access): 16.01.2007 12:24:42
Date (last write): 09.11.2006 14:46:28
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 700 ( 4) \SystemRoot\System32\smss.exe
PID: 780 ( 700) \??\C:\WINDOWS\system32\csrss.exe
PID: 808 ( 700) \??\C:\WINDOWS\system32\winlogon.exe
PID: 856 ( 808) C:\WINDOWS\system32\services.exe
size: 108544
MD5: EDB6B81761BD60F32F740BBC40AFB676
PID: 868 ( 808) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 183805EB05BCA5A1E4AAAED4D2BE3690
PID: 1040 ( 856) C:\WINDOWS\system32\Ati2evxx.exe
size: 380928
MD5: ABC57A6F6070BAF9786C318F59F29F0B
PID: 1052 ( 856) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1148 ( 856) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1236 ( 856) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1296 ( 856) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1484 ( 856) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1744 ( 808) C:\WINDOWS\system32\Ati2evxx.exe
size: 380928
MD5: ABC57A6F6070BAF9786C318F59F29F0B
PID: 1844 (1780) C:\WINDOWS\Explorer.EXE
size: 1035264
MD5: 22FE1BE02EADDE1632E478E4125639E0
PID: 1956 ( 856) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 284 (1052) C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
size: 1093697
MD5: 480B777D7D844D557EA110DA0F8F67F4
PID: 504 ( 856) C:\Programme\AntiVir PersonalEdition Classic\sched.exe
size: 47656
MD5: 51F67FA55AB86E8524E4D4CCC5D39F50
PID: 532 ( 856) C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
size: 200744
MD5: EBE38B3951F169497FC9D08F0A158424
PID: 552 ( 856) C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
size: 40960
MD5: 3CB0CC8879956C187E87E18634EE5164
PID: 620 ( 856) C:\WINDOWS\system32\DVDRAMSV.exe
size: 110592
MD5: C9FFBD6B8EDC46CD3D13E3C6DB914FB7
PID: 676 ( 856) C:\WINDOWS\system32\oodag.exe
size: 225280
MD5: 2DD5A7C3EC4B83A41E266DDAA345EB18
PID: 1192 ( 856) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1304 ( 856) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
size: 75768
MD5: A9062968DF9419FA45ACF044B4D9F5AC
PID: 1376 (1052) C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
size: 802885
MD5: 30FB1224228D9D676F443ECE175B7711
PID: 2096 ( 856) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 6596DD260FFDE1BDC994C1DF236307BB
PID: 2344 (1844) C:\WINDOWS\AGRSMMSG.exe
size: 88358
MD5: B2ED4020EE2A9446649CE6B0A918C91C
PID: 2400 (1844) C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
size: 671744
MD5: 08835AC90C7A02F55A0D0B1D0397ACAE
PID: 2460 (1844) C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
size: 118784
MD5: E5C72B1639A95A95CF16ADD1BB746B15
PID: 2484 (1844) C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
size: 978944
MD5: 947625435C542A62B2703A61F9665B85
PID: 2508 (1844) C:\WINDOWS\system32\dla\tfswctrl.exe
size: 122941
MD5: 352FBF618066D0CEB7DC8ECABEB1A8D7
PID: 2536 (1844) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 8824078BDA1635639AAE125D24B85383
PID: 2572 (1844) C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
size: 262184
MD5: DD157E7C9508B918F541D1D86992A1D0
PID: 2656 (1844) C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
size: 968696
MD5: 71514E2C74D554F5902DC184046ECA3B
PID: 2664 ( 856) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 2684 (1844) C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
size: 290816
MD5: A6498E745702F2B9C1D1702C094CA2B5
PID: 2692 (1844) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
PID: 2720 (1844) C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 1415824
MD5: 70496EEE0DDBE485F658693826F44D38
PID: 3172 (2484) C:\Programme\TOSHIBA\ConfigFree\CFWAN.exe
size: 65536
MD5: 5CEB29F079DA3A6407A2B76EF69DCDEA
PID: 1216 (1844) C:\Programme\Mozilla Firefox\firefox.exe
size: 7620696
MD5: 6D05E232DDE95D48FBF0D879559CD3CA
PID: 2928 (1844) C:\Programme\internet explorer\iexplore.exe
size: 622080
MD5: 5334D4461AA92A7B008755FE6D13C5F2
PID: 1904 (1844) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 16.01.2007 13:39:21

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://home.microsoft.com/search/search.asp.
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip •

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip •

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip •

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F168607-6B37-4E3D-9802-FFEFEB80C061}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F168607-6B37-4E3D-9802-FFEFEB80C061}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A9670B7D-B7AA-43AA-8189-A4A17A25EE2E}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A9670B7D-B7AA-43AA-8189-A4A17A25EE2E}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E666F87E-9E14-4E3B-B2A0-06FA4991830D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E666F87E-9E14-4E3B-B2A0-06FA4991830D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{93FCCE95-E69C-46FC-80EC-A69571EA0FB9}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{93FCCE95-E69C-46FC-80EC-A69571EA0FB9}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B427C78C-75B6-4988-A4C6-FAD78890D28F}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B427C78C-75B6-4988-A4C6-FAD78890D28F}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{090E735B-598B-46FB-B25E-9D9B79C31CBF}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{090E735B-598B-46FB-B25E-9D9B79C31CBF}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0C142F7-C9BD-4654-8A71-03741B8F26B1}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B0C142F7-C9BD-4654-8A71-03741B8F26B1}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D997AB2-5CEA-41FF-9E50-44C037F79808}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D997AB2-5CEA-41FF-9E50-44C037F79808}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
7-Zip 4.27 beta (7-Zip)
uninstall cmd: "C:\Programme\7-Zip\Uninstall.exe"

(AddressBook)

Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
uninstall cmd: C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
publisher: Avira GmbH
help link: http://www.avira.de/de/technischer_support

ATI Display Driver 8.162-050803a2-025751C-Toshiba (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean

AVI Splitter (AVI Splitter_is1)
install location: C:\Programme\avisplit\
uninstall cmd: "C:\Programme\avisplit\unins000.exe"

(Branding)

Canon i965 (CANONBJ_Deinstall_CNMCP5n.DLL)
uninstall cmd: C:\WINDOWS\system32\CNMCP5n.exe "-PRINTERNAMECanon i965" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i965 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i965 Installer\Inst2\cnmi0407.dll"

(Connection Manager)

CSS Tab Designer v2.0 (CSS Tab Designer_is1)
install location: C:\Programme\CSS Tab Designer 2\
uninstall cmd: "C:\Programme\CSS Tab Designer 2\unins000.exe"
publisher: OverZone Software
help link: http://www.highdots.com/support.php

(DirectAnimation)

(DirectDrawEx)

(dlatray.exe)
uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

KZBV – DPF – Version 1.5.2/13.3.2006 (DPF_is1)
install location: C:\Programme\KZBV\DPF\
uninstall cmd: "C:\Programme\KZBV\DPF\unins000.exe"
publisher: KZBV
help link: http://www.kzbv.de

DVD Decrypter (Remove Only) (DVD Decrypter)
uninstall cmd: "C:\Programme\DVD Decrypter\uninstall.exe"

DVD Shrink 3.2 (DVD Shrink_is1)
install location: C:\Programme\DVD Shrink\
uninstall cmd: "C:\Programme\DVD Shrink\unins000.exe"
publisher: DVD Shrink
help link: http://www.dvdshrink.org

(DXM_Runtime)

FileZilla (remove only) (FileZilla)
uninstall cmd: "C:\Programme\FileZilla\uninstall.exe"

(Fontcore)

Free Download Manager 2.1 (Free Download Manager_is1)
install location: C:\Programme\Free Download Manager\
uninstall cmd: "C:\Programme\Free Download Manager\unins000.exe"
publisher: FreeDownloadManager.ORG
help link: http://www.freedownloadmanager.org/

GSpot Codec Information Appliance (GSpot)
uninstall cmd: C:\Programme\GSpot\Uninstall.exe

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\DOKUME~1\awvm\LOKALE~1\Temp\7zOA.tmp\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

ICQ 5.1 (ICQLite)
uninstall cmd: C:\Programme\ICQLite\ICQLiteUninstall.EXE

(ICW)

Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs)
install date: 20061102
uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
publisher: Microsoft Corporation

(IE40)

(IE4Data)

(IE5BAKEX)

Windows Internet Explorer 7 20061027.150806 (ie7)
install date: 20061102
uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://www.microsoft.com/ie

(IEData)

(InstallShield Uninstall Information)

(InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F})

TOSHIBA Accessibility 1.36.0.10C (InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50})
version: 19136512
version (major): 1
version (minor): 36
estimated size: 137
install date: 20050914
install source: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\_is2\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1031
publisher: TOSHIBA

TOSHIBA Supervisorkennwort 1.36.0.1C (InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE})
version: 19136512
version (major): 1
version (minor): 36
estimated size: 72
install date: 20050914
install source: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\_is2\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1031
publisher: TOSHIBA

TOSHIBA Hardware Setup 1.36.0.6C (InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3})
version: 19136512
version (major): 1
version (minor): 36
estimated size: 420
install date: 20050914
install source: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\_is2\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1031
publisher: TOSHIBA

(InstallShield_{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0})

(InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F})

TOSHIBA Hotkey-Dienstprogramm 1.36.0.7C (InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF})
version: 19136512
version (major): 1
version (minor): 36
estimated size: 871
install date: 20050914
install source: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\_is2\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1031
publisher: TOSHIBA

Age of Empires III 1.00.0000 (InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97})
version: 16777216
version (major): 1
estimated size: 2183049
install date: 20061025
install location: C:\Programme\Microsoft Games\Age of Empires III\
install source: E:\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
publisher: Microsoft Game Studios
help link: http://www.microsoft.com/games/age3/support.asp

Touchpad EIN/AUS-Utility 1.36.0.4C (InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F})
version: 19136512
version (major): 1
version (minor): 36
estimated size: 175
install date: 20050914
install source: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\_is2\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1031
publisher: TOSHIBA

QuickTime 7.1 (InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31})
version: 117506048
version (major): 7
version (minor): 1
estimated size: 71343
install date: 20060527
install location: C:\Programme\QuickTime\
install source: C:\DOKUME~1\awvm\LOKALE~1\Temp\_is12F\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1031
publisher: Apple Computer, Inc.
contact: AppleCare Support
help link: http://www.apple.com/de/support
help telephone: 01805 009 433

Texas Instruments PCIxx21/x515 drivers. 1.23.0000 (InstallShield_{E18E644D-4FC1-4E7F-87B7-A0288A14A322})
version: 18284544
version (major): 1
version (minor): 23
estimated size: 836
install date: 20050914
install source: C:\TOOLSCD\CardBus Driver\
uninstall cmd: C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E18E644D-4FC1-4E7F-87B7-A0288A14A322} /l1031
publisher: Texas Instruments Inc.
comments: TI PCIxx21/PCIx515 Software components
contact:
help link:
help telephone:

(InstallShield_{FCE19796-1ADF-42DF-81D8-3563867FC2C2})

InterActual Player (InterActual Player)
uninstall cmd: C:\Program Files\InterActual\InterActual Player\inuninst.exe

Windows XP-Hotfix - KB873333 20050114.005213 (KB873333)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873333

Windows XP-Hotfix - KB873339 20041117.092459 (KB873339)
uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=873339

Sicherheitsupdate für Windows XP (KB883939) 1 (KB883939)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=883939

(KB884016)

Windows XP-Hotfix - KB884018 20040812.132033 (KB884018)
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=884018

(KB884267)

Windows XP-Hotfix - KB885250 20050118.202711 (KB885250)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885250

(KB885353)

Windows XP-Hotfix - KB885835 20041027.181713 (KB885835)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885835

Windows XP-Hotfix - KB885836 20041028.173203 (KB885836)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885836

Windows XP-Hotfix - KB885855 20040930.104104 (KB885855)
uninstall cmd: C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=885855

Windows XP-Hotfix - KB886185 20041021.090540 (KB886185)
uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=886185

(KB886612)

(KB887078)

Windows XP-Hotfix - KB887472 20041014.162858 (KB887472)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887472

(KB887626)

Windows XP-Hotfix - KB887742 20041103.095002 (KB887742)
uninstall cmd: C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=887742

Windows XP-Hotfix - KB888113 20041116.131036 (KB888113)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888113

Windows XP-Hotfix - KB888302 20041207.111426 (KB888302)
uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=888302

(KB888656)

Windows XP-Hotfix - KB889673 20041116.085848 (KB889673)
uninstall cmd: C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=889673

(KB889858)

Sicherheitsupdate für Windows XP (KB890046) 1 (KB890046)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890046

Windows XP-Hotfix - KB890047 20041221.124506 (KB890047)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890047

Windows XP-Hotfix - KB890175 20041201.233338 (KB890175)
uninstall cmd: C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890175

Windows XP-Hotfix - KB890859 1 (KB890859)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890859

Windows XP-Hotfix - KB890923 1 (KB890923)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=890923

(KB891122)

Windows XP-Hotfix - KB891781 20050110.165439 (KB891781)
uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=891781

(KB892313)

Windows XP-Hotfix - KB893056 20050126.164313 (KB893056)
uninstall cmd: C:\WINDOWS\$NtUninstallKB893056$\spuninst\spuninst.exe
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893056

Sicherheitsupdate für Windows XP (KB893066) 2 (KB893066)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893066

Windows XP-Hotfix - KB893086 1 (KB893086)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893086

(KB893240)

(KB893241)

Sicherheitsupdate für Windows XP (KB893756) 1 (KB893756)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=893756

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=42467

Update für Windows XP (KB894391) 1 (KB894391)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894391

Hotfix für Windows XP (KB894871) 1 (KB894871)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB894871$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=894871

(KB895181)

Windows XP-Hotfix - KB895200 1 (KB895200)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB895200$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=895200

(KB895316)

(KB895572)

Sicherheitsupdate für Windows XP (KB896358) 1 (KB896358)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896358

Sicherheitsupdate für Windows XP (KB896422) 1 (KB896422)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896422

Sicherheitsupdate für Windows XP (KB896423) 1 (KB896423)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896423

Sicherheitsupdate für Windows XP (KB896424) 1 (KB896424)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896424

Sicherheitsupdate für Windows XP (KB896428) 1 (KB896428)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=896428

(KB897586)

Sicherheitsupdate für Step by Step Interactive Training (KB898458) 20050502.101010 (KB898458)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/898458

Update für Windows XP (KB898461) 1 (KB898461)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=898461

(KB898549)

Sicherheitsupdate für Windows XP (KB899587) 1 (KB899587)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899587

Sicherheitsupdate für Windows XP (KB899591) 1 (KB899591)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=899591

(KB900399)

Update für Windows XP (KB900485) 2 (KB900485)
install date: 20060426
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900485

Sicherheitsupdate für Windows XP (KB900725) 1 (KB900725)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=900725

Sicherheitsupdate für Windows XP (KB901017) 1 (KB901017)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901017

Sicherheitsupdate für Windows XP (KB901190) 1 (KB901190)
install date: 20060620
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901190

Sicherheitsupdate für Windows XP (KB901214) 1 (KB901214)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=901214

(KB902344)

Sicherheitsupdate für Windows XP (KB902400) 1 (KB902400)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=902400

Sicherheitsupdate für Windows XP (KB903235) 1 (KB903235)
install date: 20050912
uninstall cmd: "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=903235

Sicherheitsupdate für Windows XP (KB904706) 2 (KB904706)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904706

Update für Windows XP (KB904942) 2 (KB904942)
install date: 20061102
uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=904942

Sicherheitsupdate für Windows XP (KB905414) 1 (KB905414)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905414

Sicherheitsupdate für Windows XP (KB905749) 1 (KB905749)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905749

Sicherheitsupdate für Windows XP (KB905915) 1 (KB905915)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=905915

(KB907658)

Sicherheitsupdate für Windows XP (KB908519) 1 (KB908519)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908519

Sicherheitsupdate für Windows XP (KB908531) 1 (KB908531)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=908531

Update für Windows XP (KB910437) 1 (KB910437)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=910437

Sicherheitsupdate für Windows XP (KB911280) 1 (KB911280)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911280

Sicherheitsupdate für Windows XP (KB911562) 1 (KB911562)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911562

Sicherheitsupdate für Windows Media Player (KB911564) (KB911564)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911564

Sicherheitsupdate für Windows Media Player 10 (KB911565) (KB911565)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=911565

Sicherheitsupdate für Windows XP (KB911567) 1 (KB911567)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911567

(KB911854)

Sicherheitsupdate für Windows XP (KB911927) 1 (KB911927)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=911927

Sicherheitsupdate für Windows XP (KB912812) 1 (KB912812)
install date: 20060413
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912812

Sicherheitsupdate für Windows XP (KB912919) 1 (KB912919)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=912919

Sicherheitsupdate für Windows XP (KB913446) 1 (KB913446)
install date: 20060401
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913446

Sicherheitsupdate für Windows XP (KB913580) 1 (KB913580)
install date: 20060512
uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=913580

Sicherheitsupdate für Windows XP (KB914388) 1 (KB914388)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914388

Sicherheitsupdate für Windows XP (KB914389) 1 (KB914389)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914389

Hotfix für Windows XP (KB914440) 12 (KB914440)
install date: 20061102
uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=914440

Hotfix for Windows XP (KB915865) 10 (KB915865)
install date: 20061102
uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=915865

Sicherheitsupdate für Windows XP (KB916281) 1 (KB916281)
install date: 20060616
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916281

Update für Windows XP (KB916595) 1 (KB916595)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=916595

Sicherheitsupdate für Windows XP (KB917159) 1 (KB917159)
install date: 20060712
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917159

Security Update für Microsoft .NET Framework 2.0 (KB917283) 1 (KB917283.T1_1ToU93_1)
uninstall cmd: C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
publisher: Microsoft Corporation
help link: http://support.microsoft.com/kb/917283

Sicherheitsupdate für Windows XP (KB917344) 1 (KB917344)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917344

Sicherheitsupdate für Windows XP (KB917422) 1 (KB917422)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917422

Sicherheitsupdate für Windows Media Player 10 (KB917734) (KB917734_WMP10)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com/?kbid=917734

Sicherheitsupdate für Windows XP (KB917953) 1 (KB917953)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=917953

Sicherheitsupdate für Windows XP (KB918439) 1 (KB918439)
install date: 20060617
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918439

Sicherheitsupdate für Windows XP (KB918899) 1 (KB918899)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=918899

Sicherheitsupdate für Windows XP (KB919007) 1 (KB919007)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=919007

Sicherheitsupdate für Windows XP (KB920213) 1 (KB920213)
install date: 20061114
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920213

Sicherheitsupdate für Windows XP (KB920214) 1 (KB920214)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920214

Sicherheitsupdate für Windows XP (KB920670) 1 (KB920670)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920670

Sicherheitsupdate für Windows XP (KB920683) 1 (KB920683)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920683

Sicherheitsupdate für Windows XP (KB920685) 1 (KB920685)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920685

Update für Windows XP (KB920872) 1 (KB920872)
install date: 20060914
uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: http://support.microsoft.com?kbid=920872

Sicherheitsupdate für Windows XP (KB921398) 1 (KB921398)
install date: 20060814
uninstall cmd: "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

#10 öffne das HijackThis -- Button "scan" -- vor diesen Eintrage Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

pc neustarten

damit ist der spybot aus dem Systemstart raus und es sollten keine meldungen mehr kommen.
dennoch kannst du ab und an mit dem proggie scannen
__________
MfG Sabina

rund um die PC-Sicherheit

#11 so. also nachdem jetzt längee zeit nix mehr aufgetaucht ist, bin ich zuversihltich ds de trojaner vorerst weg sind.
1000dank nochmals.