Hallo zusammen,

irgendwie scheint ja der Agent im Augenblick recht aktiv zu sein.

Mich hats auch erwischt. In der A0101468.sys

Anbei der OSAM - Log:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:31:29 on 03.04.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "BDEADMIN.CPL" C:\WINDOWS\system32\BDEADMIN.CPL File exists
|||||| "Firebird2Control.cpl" "IBPhoenix" C:\WINDOWS\system32\Firebird2Control.cpl File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"Avira AntiVir Personal" "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "mlcfg32.cpl" "Microsoft Corporation" E:\MICROS~1\Office12\MLCFG32.CPL File exists
|||||| "NokiaConnectionManager" "Nokia" D:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "%USB\vid_054c&pid_0154.DeviceDesc%" (ovt519) "OmniVision Technologies, Inc." C:\WINDOWS\System32\Drivers\ov519vid.sys File exists
|||||| "ACEDRV07" (ACEDRV07) "Protect Software GmbH" C:\WINDOWS\system32\drivers\ACEDRV07.sys File exists
|||||| "AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) "Cisco Systems, Inc." C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists
|||||| "anhgg0mu" (anhgg0mu) "Microsoft Corporation" C:\WINDOWS\system32\drivers\anhgg0mu.sys Hidden registry entry, rootkit activity | File signed by Microsoft
|||||| "Aspi32" (Aspi32) "Adaptec" C:\WINDOWS\system32\drivers\Aspi32.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
"avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
"avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
|||||| "Bluetooth Audio Service" (BlueletAudio) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\blueletaudio.sys File exists
|||||| "Bluetooth HID Enumerator" (BTHidEnum) C:\WINDOWS\System32\DRIVERS\vbtenum.sys File found, but it contains no detailed information
|||||| "Bluetooth HID Manager Service" (BTHidMgr) "IVT Corporation" C:\WINDOWS\System32\Drivers\BTHidMgr.sys File exists
|||||| "Bluetooth Network Filter" (BTNetFilter) C:\WINDOWS\system32\drivers\BTNetFilter.sys File found, but it contains no detailed information
|||||| "Bluetooth PAN Network Adapter" (BT) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\btnetdrv.sys File exists
|||||| "Bluetooth USB For Bluetooth Service" (Btcsrusb) "IVT Corporation" C:\WINDOWS\System32\Drivers\btcusb.sys File exists
|||||| "Bluetooth VComm Manager Service" (VcommMgr) "IVT Corporation" C:\WINDOWS\System32\Drivers\VcommMgr.sys File exists
"Bluetooth-Bus-Enumerator" (btkrnl) C:\WINDOWS\System32\DRIVERS\btkrnl.sys File not found
|||||| "Card Reader Filter" (CardReaderFilter) "ICSI Technology Ltd." C:\WINDOWS\system32\Drivers\USBCRFT.SYS File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"Nokia USB Flashing Generic" (nmwcdnsuc) C:\WINDOWS\System32\drivers\nmwcdnsuc.sys File not found
"Nokia USB Flashing Phone Parent" (nmwcdnsu) C:\WINDOWS\System32\drivers\nmwcdnsu.sys File not found
|||||| "NTSIM" (NTSIM) "VIA Networking Technologies, Inc. " C:\WINDOWS\system32\ntsim.sys File exists
|||||| "PCANDIS5 NDIS Protocol Driver" (PCANDIS5) "Printing Communications Assoc., Inc. (PCAUSA)" C:\WINDOWS\system32\PCANDIS5.SYS File exists
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"pcif43hm" (pcif43hm) "Microsoft Corporation" C:\WINDOWS\system32\drivers\pcif43hm.sys File exists
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
"PLCMPR5 NDIS Protocol Driver" (PLCMPR5) C:\WINDOWS\system32\PLCMPR5.SYS File not found
|||||| "PLCNDIS5 NDIS Protocol Driver" (PLCNDIS5) "Intellon, Inc." C:\WINDOWS\system32\plcndis5.sys File exists
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\DRIVERS\PxHelp20.sys File exists
|||||| "Sinus 1054 data" (PRISM_A02) "Conexant Systems, Inc." C:\WINDOWS\System32\DRIVERS\PRISMA02.sys File exists
|||||| "sptd" (sptd) "Duplex Secure Ltd." C:\WINDOWS\System32\Drivers\sptd.sys File is exclusively opened, access blocked
"ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"upperdev" (upperdev) C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys File not found
|||||| "Virtual Serial port driver" (VComm) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\VComm.sys File exists
"w32n5223 Protocol Driver" (w32n5223) C:\PROGRA~1\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL File exists
|||||| {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "Eudora's Shell Extension" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" "Microsoft Corporation" E:\Microsoft Office\Office12\VISSHE.DLL File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" File not found | COM-object registry key not found
{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} "Eudora's Shell Extension" File not found | COM-object registry key not found
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
|||||| {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" "Microsoft Corporation" E:\Microsoft Office\Office12\VISSHE.DLL File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" E:\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" E:\MICROS~1\Office12\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" "Microsoft Corporation" D:\PROGRA~1\ACTIVE~1\Wcesview.dll File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" D:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" E:\MICROS~1\Office12\OLKFSTUB.DLL File exists
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" e:\Programme\WinRAR\rarext.dll File found, but it contains no detailed information
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" "CANON INC." C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll File exists
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Canon Easy-WebPrint EX" "CANON INC." C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll File exists
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Programme\ICQ6Toolbar\ICQToolBar.dll File exists
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_03"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll File exists
|||||| {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll File exists
|||||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll File exists
|||| {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host"
hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab "Oberon Media, Inc." C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Programme\ICQ6Toolbar\ICQToolBar.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} "ClsidExtension" "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll File exists
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" "Microsoft Corporation" D:\PROGRA~1\ACTIVE~1\INetRepl.dll File exists
|||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" "Microsoft Corporation" D:\PROGRA~1\ACTIVE~1\INetRepl.dll File exists
|||| "ICQ6" "ICQ, LLC." e:\Programme\ICQ6.5\ICQ.exe File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" E:\MICROS~1\Office12\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" "CANON INC." C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll File exists
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" "ICQ" C:\Programme\ICQ6Toolbar\ICQToolBar.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" "CANON INC." C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists
|||| {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} "PDF-XChange Viewer IE-Plugin" "Tracker Software Products Ltd." C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll File exists
|||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_03\bin\ssv.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
"Sinus 1054 data WLAN Manager.lnk" "TECOM" C:\Programme\DT\Sinus 1054 data\Wifiusb.exe Shortcut exists | File exists
"T-Com WLAN Manager.lnk" C:\Programme\T-COM\Sinus 154 data II\TS154USB.exe Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\JH\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "ICQ6.5.lnk" "ICQ, LLC." E:\Programme\ICQ6.5\ICQ.exe Shortcut exists | File exists
|||| "Microsoft Office Outlook 2007.lnk" "Microsoft Corporation" E:\Microsoft Office\Office12\OUTLOOK.EXE Shortcut exists | File exists
"Mozilla Firefox.lnk" "Mozilla Corporation" E:\Programme\Firefox\firefox.exe Shortcut exists | File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "CanonMyPrinter" "CANON INC." C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon File exists
|||| "CanonSolutionMenu" "CANON INC." C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "EPSON V6 2KMonitor" "SEIKO EPSON CORPORATION" C:\WINDOWS\system32\EBPMON24.DLL File exists
|||||| "PDFCreator" C:\WINDOWS\system32\pdfcmnnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
"Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
"Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "BlueSoleil Hid Service" (BlueSoleil Hid Service) C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe File found, but it contains no detailed information
|||||| "Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) C:\Programme\Canon\IJPLM\IJPLMSVC.EXE File exists
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) e:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe File exists
"CyberLink Task Scheduler (CTS)" (CLSched) e:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe File exists
|||||| "Firebird Guardian - DefaultInstance" (FirebirdGuardianDefaultInstance) "Firebird Project" C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe File exists
|||||| "Firebird Server - DefaultInstance" (FirebirdServerDefaultInstance) "Firebird Project" C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe File exists
|| "getPlus(R) Helper" (getPlusHelper) "NOS Microsystems Ltd." C:\Programme\NOS\bin\getPlus_Helper.dll File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "ICQ Service" (ICQ Service) C:\Programme\ICQ6Toolbar\ICQ Service.exe File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe File exists
"Machine Debug Manager" (MDM) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Ralink Registry Writer" (RalinkRegistryWriter) "Ralink Technology, Corp." C:\Programme\RALINK\Common\RalinkRegistryWriter.exe File exists
"ServiceLayer" (ServiceLayer) "Nokia" C:\Programme\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
|||||| "X10 Device Network Service" (x10nets) "X10" C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Schon mal vielen Dank für die Hilfe

Bitte die Hilfeliste beachten und abarbeiten. Beim Scan mit Malwarebytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!


__________________

Frohe Ostern,

also,

letzte Woche hatte Avira9 TR/Agent.ruo.4 in der kbdqjmd.dll in system32 gefunden.

Nach Update auf Avira10 hat dieses TR/Agent.ruo.6 in C:\System Volume Information\...\A0101468.sys gefunden.

Heute morgen zeigt mir Avira einen DR/agent.13824 in L:\System Volume Information\...\A0087675.exe.

ccleaner wurde nach Anleitung ausgeführt.

MBAM-Log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3950

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03.04.2010 22:49:27
mbam-log-2010-04-03 (22-49-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 4109
Laufzeit: 1 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und hier der Log von Rsit:

info.txt logfile of random's system information tool 1.06 2010-04-04 09:19:52

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AFPL Ghostscript 8.54-->d:\Programme\gs\uninstgs.exe "d:\Programme\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts-->d:\Programme\gs\uninstgs.exe "d:\Programme\gs\fonts\uninstal.txt"
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Auslogics Disk Defrag-->"D:\Programme\Auslogics Disk Defrag\unins000.exe"
Auto Gordian Knot 2.55-->D:\Programme\AutoGK\uninst.exe
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"D:\Programme\AviSynth 2.5\Uninstall.exe"
BlueSoleil-->MsiExec.exe /X{843B6370-4102-4FE9-9519-C0206A0A27DF}
Canon Easy-WebPrint EX-->"C:\Programme\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Programme\Canon\Easy-WebPrint EX\uninst.ini
Canon Inkjet Printer/Scanner/Fax Extended Survey Program-->C:\Programme\Canon\IJPLM\SETUP.EXE -R
Canon iP4700 series Benutzerregistrierung-->C:\Programme\Canon\IJEREG\iP4700 series\UNINST.EXE
Canon iP4700 series Printer Driver-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series
Canon Utilities Easy-PhotoPrint EX-->D:\Programme\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities Solution Menu-->C:\Programme\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
CCleaner-->"D:\Programme\CCleaner\uninst.exe"
CD-LabelPrint-->"D:\Programme\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Creatix V.92 Data Fax Modem-->agrsmdel
DivX Codec-->d:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->d:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->d:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->d:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"D:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"d:\Programme\DVD Shrink\unins000.exe"
Enterprise Dynamics Studio 7.2.0 781-->C:\Programme\CyberLink\Shared Files\CLML_NTService\Uninstall.exe
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Firebird 2.1.3.18185 (Win32)-->"C:\Programme\Firebird\Firebird_2_1\unins000.exe"
FLV Player 2.0 (build 25)-->d:\Programme\FLV Player\uninst.exe
fotoalbum 3.66-->D:\Programme\fotoalbum\uninst.exe
fotokasten comfort-->"D:\Programme\fotokasten comfort\unins000.exe"
Free Audio CD Burner version 1.2-->"C:\Programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free Audio CD to MP3 Converter version 1.1-->"D:\Programme\DVDVideoSoft\Free Audio CD to MP3 Converter\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Generic USB CardReader 2.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9
Google Toolbar for Internet Explorer-->"C:\Programme\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->e:\Programme\IrfanView\iv_uninstall.exe
IsoBuster 1.7-->"d:\Programme\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
korAccount 3-->MsiExec.exe /I{71E25A6F-C205-44E3-B279-F49352D14898}
Logitech Eyetoy Webcam-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
Malwarebytes' Anti-Malware-->"D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MediaShow 3.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
MicroLink dLAN Konfigurations-Assistent-->C:\Programme\devolo\setup.exe /remove:dlanconf
MicroLink EasyClean-->C:\Programme\devolo\setup.exe /remove:easyclean
MicroLink EasyShare-->C:\Programme\devolo\setup.exe /remove:easyshare
MicroLink Informer-->C:\Programme\devolo\setup.exe /remove:dslmon
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Visio MUI (German) 2007-->MsiExec.exe /X{90120000-0054-0407-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.2pre)-->E:\Programme\Firefox\uninstall\helper.exe
MSI to redistribute MS VS2005 CRT libraries-->MsiExec.exe /I{A8D93648-9F7F-407D-915C-62044644C3DA}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
myphotobook 3.63-->d:\Programme\myphotobook\uninst.exe
NAVIGON Fresh 2.0.2-->d:\Programme\NAVIGON\NAVIGON Fresh\uninst.exe
Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_ger_web.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
PC Connectivity Solution-->MsiExec.exe /I{BEB79508-7D67-4A2F-9FB3-54C2B68E9532}
PDF Blender-->C:\Programme\PDF Blender\uninstall.exe
PDFCreator-->C:\Programme\PDFCreator\unins000.exe
PDF-XChange PDF Viewer Version 2.0.0.36-->"C:\Programme\Tracker Software\PDF-XChange Viewer\unins000.exe"
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
PowerCinema 4.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
PowerDirector-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
PureSync-->MsiExec.exe /X{11E223EE-2391-4BD4-B866-F1D8D5A9586C}
Ralink Wireless LAN-->C:\Programme\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe -runfromtemp -l0x0009 -removeonly
Ralink Wireless LAN-->C:\Programme\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe -runfromtemp -l0x0009 -removeonly
Roadkil's Unstoppable Copier Version 4.2-->"D:\Programme\UnstopableCopier\unins000.exe"
RT2500 USB Wireless LAN Card-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}\setup.exe" -l0x7 -removeonly
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sinus 1054 data-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BC09EF51-99D1-4044-ABCB-D14839E38D79}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"d:\Programme\Spybot - Search & Destroy\unins000.exe"
T-Sinus 154data-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F462C04-1A39-49A2-AA03-87A4EBF5D0DD}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VideoLAN VLC media player 0.8.1-->d:\Programme\VideoLAN\VLC\uninstall.exe
videon-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7
VobSub v2.23 (Remove Only)-->"D:\Programme\Gabest\VobSub\uninstall.exe"
W83L518D-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CD815603-AB71-4CFB-B3AC-522298037ACC}\Setup.exe" -l0x7
Winamp-->"D:\Programme\Winamp\UninstWA.exe"
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows-Treiberpaket - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->e:\Programme\WinRAR\uninstall.exe
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
xp-AntiSpy (nur entfernen)-->"C:\Programme\xp-AntiSpy\uninstall.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\Programme\XviD\xvid-uninstall.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: JULIA
Event Code: 4201
Message: Netzwerkadapter "MAC-Brückenminiport - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 114714
Source Name: Tcpip
Time Written: 20100314154955.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 4201
Message: Netzwerkadapter "MAC-Brückenminiport - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 114713
Source Name: Tcpip
Time Written: 20100314154955.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 4201
Message: Netzwerkadapter "MAC-Brückenminiport - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 114712
Source Name: Tcpip
Time Written: 20100314154852.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 4201
Message: Netzwerkadapter "MAC-Brückenminiport - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 114711
Source Name: Tcpip
Time Written: 20100314154852.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 4201
Message: Netzwerkadapter "MAC-Brückenminiport - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 114710
Source Name: Tcpip
Time Written: 20100314154749.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: JULIA
Event Code: 1
Message: 23/02/2010 12:36:24 (OviSuite) - INFO - AO Action: Id = 26 Oper = Assign Result = 0 Classname = CMessageCreateOperation Resource = Content = {883e1677-85f7-492a-9536-0ddf9bd22180} Queue = 7

Record Number: 11316
Source Name: OviSuite
Time Written: 20100223123624.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 1
Message: 23/02/2010 12:36:17 (OviSuite) - INFO - AO Action: Id = 22 Oper = Finish Result = 0 Classname = CAODynSwUpdate Resource = CAODynSwUpdate Content = {645dc909-b71d-4cd2-b515-8643dfb21601} Queue = 8

Record Number: 11315
Source Name: OviSuite
Time Written: 20100223123617.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 1
Message: 23/02/2010 12:36:10 (OviSuite) - INFO - AO Action: Id = 23 Oper = Start Result = 0 Classname = CAO_ReadNewMessages Resource = 353933011739096 Content = {883e1677-85f7-492a-9536-0ddf9bd22180} Queue = 5

Record Number: 11314
Source Name: OviSuite
Time Written: 20100223123610.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 1
Message: 23/02/2010 12:36:10 (OviSuite) - INFO - AO Action: Id = 19 Oper = Finish Result = 0 Classname = CAO_PhotosSync Resource = 353933011739096 Content = {692b4aa2-a34f-456e-bee5-13aa2a54ee7e} Queue = 5

Record Number: 11313
Source Name: OviSuite
Time Written: 20100223123610.000000+060
Event Type: Informationen
User:

Computer Name: JULIA
Event Code: 1
Message: 23/02/2010 12:36:02 (OviSuite) - INFO - AO Action: Id = 25 Oper = Finish Result = 0 Classname = CContactContentObjectsOperation Resource = 8000000000000001 Content = {41803f8d-ddf7-4bac-9fc4-e54d248305d5} Queue = 3

Record Number: 11312
Source Name: OviSuite
Time Written: 20100223123602.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"T-Sinus1054data_dir"=C:\Programme\DT\Sinus 1054 data\

-----------------EOF-----------------


Ich hoffe, ich habe diesmal alles richtig gemacht.....

Hab ich noch irgendwas vergessen oder falsch gemacht???

Hallo nochmal,

ich wäre sehr erfreut, wenn mir jm bescheid geben würde, was ich machen muss bzw. mir es jemand sagt, falls ich was falsch gemacht habe oder etwas fehlt.

Für jegliche Hilfe bin ich dankbar.

Herzlichen Dank,

dass man auch mal gesagt bekommt, was man falsch macht oder was fehlt, damit einem mal geholfen wird.