| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Hiloti.gen: Firefox öffnet eigenständig Tabs u. Windows automat. Updates schlagen fehlWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.08.2010, 09:59
| #1 | ||||
| |  Nach Hiloti.gen: Firefox öffnet eigenständig Tabs u. Windows automat. Updates schlagen fehl Nach auffälligem Browserverhalten habe ich einen umfangreichen Scan durchgeführt mit Antivir, Safe Returner, Malwarebytes, HijackThis und Super Antispyware, ESET und Virustotal. Gefunden wurde u.a. Hiloti.gen und mit Malwarebytes beseitigt. Im übrigen habe ich nach den Hinweisen hier im Forum nochmal verschiedene Scans durchgeführt und auch CCleaner ausgeführt. Ferner habe ich Firefox 6.3.8 komplett (inkl. Profil) deinstalliert und neu aufgesetzt. Mir schien mein System jetzt eigentlich sauber. Trotzdem bleiben noch zwei Auffälligkeiten: 1. Windows Update funktioniert nicht mehr einwandfrei. Die Updateseite von Microsoft wird sowohl von FF als auch IE8 als "nicht erreichbar" gemeldet, ich vermute also, dass deshalb auch keine Updates mehr geladen werden. Das manuelle Updaten über das Sicherheitscenter "Updatesvon Windows Update-Seite laden" schlägt fehl. 2. FF versucht (in Abständen von vielleicht 20 bis 30 Minuten) irgendwelche Adressen anzusteuern - gelegentlich geht dabei ein neuer Tab auf, Phänomen wurde ja hier im Forum schon mehrfach diskutiert. Die im Forum vorgeschlagenen Schritte habe ich nun nochmal alle durchgeführt, bin aber jetzt mit meinem Latein am Ende und hoffe auf Eure Unterstützung. Letzter Hinweis: Die von RSIT angelegte log.txt habe ich unmittelbar vor meinem Posten hier nochmal bei Hijackthis.de auf Problemeinträge gecheckt, der meldet nun erstmals "Fred.exe" als gefährlich. Der Ordner und die Datei wurden wohl zeitgleich mit dem RSIT-Scan angelegt - von RSIT? Ein Check der Datei mit Antivir und über Virustotal hat keinen Virus gemeldet. Hier nun meine Logfiles: --- LOG.TXT --- RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Fred at 2010-08-23 09:46:27 Microsoft Windows XP Professional Service Pack 3 System drive C: has 7 GB (34%) free of 20 GB Total RAM: 2047 MB (72% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:46:31, on 23.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe F:\Programme\Avira\AntiVir Desktop\sched.exe F:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe F:\Programme\Fritz!\IGDCTRL.EXE F:\Programme\Avira\AntiVir Desktop\avshadow.exe F:\Programme\Java\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE F:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\svchost.exe F:\Util\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\RUNDLL32.EXE F:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe F:\Creative\CTDetctu.exe C:\Programme\Vtune\TBPanel.exe C:\Programme\iPod\bin\iPodService.exe C:\Dokumente und Einstellungen\Fred\Desktop\RSIT.exe C:\Programme\trend micro\Fred.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programme\Java\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [Automatisch EPSON Stylus DX4800 Series auf KALAHARI] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P51 "Automatisch EPSON Stylus DX4800 Series auf KALAHARI" /O19 "\\KALAHARI\Drucker4" /M "Stylus DX4800" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [avgnt] "F:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 9\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector U] "F:\Creative\CTDetctu.exe" /R O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU" O4 - HKCU\..\Run: [TBPanel] C:\Programme\Vtune\TBPanel.exe /A O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Util\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MSOffice\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://F:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MSOffice\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A20E1B00-DA0F-4A9B-AD4E-E192654D4710}: NameServer = 192.168.122.252,192.168.122.253 O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - F:\Util\SUPER_AntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - F:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9d3f571814d6) (gupdate1c9d3f571814d6) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: haFNxn - Unknown owner - F:\Util\PC Wizard 2010\Data\pcwizntl.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - F:\Programme\Fritz!\IGDCTRL.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Programme\Java\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 10300 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - F:\Programme\Java\bin\jp2ssv.dll [2010-08-20 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - F:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-20 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992] "EPSON Stylus DX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304] "Automatisch EPSON Stylus DX4800 Series auf KALAHARI"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304] "AppleSyncNotifier"=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-07-13 47904] "avgnt"=F:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2010-03-17 421888] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] "iTunesHelper"=F:\Programme\iTunes\iTunesHelper.exe [2010-07-21 141608] "SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552] "Adobe Reader Speed Launcher"=F:\Adobe\Reader 9\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Creative Detector U"=F:\Creative\CTDetctu.exe [2006-10-02 188416] "EPSON Stylus DX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE [2005-02-02 98304] "TBPanel"=C:\Programme\Vtune\TBPanel.exe [2009-10-05 2158592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] [] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart AutorunsDisabled Logitech Desktop Messenger.lnk - F:\Util\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart AutorunsDisabled [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] F:\Util\SUPER_AntiSpyware\SASWINLO.DLL [2009-09-04 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=F:\Util\SUPER_AntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\FS9\fs9.exe"="E:\FS9\fs9.exe:*:Enabled:Microsoft Flight Simulator" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "F:\Programme\ICQLite\ICQLite.exe"="F:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "G:\Anno1701\Anno1701.exe"="G:\Anno1701\Anno1701.exe:*:Enabled:Anno 1701" "F:\Util\Caplio\RGateLXP.exe"="F:\Util\Caplio\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC" "G:\AoE2\age2_x1\AGE2_X1.ICD"="G:\AoE2\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion" "G:\Anno1701\Anno1701AddOn.exe"="G:\Anno1701\Anno1701AddOn.exe:*:Disabled:Anno 1701" "F:\Util\eMule\emule.exe"="F:\Util\eMule\emule.exe:*:Enabled:eMule" "F:\Mozilla Firefox\firefox.exe"="F:\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "F:\Programme\Skype\Phone\Skype.exe"="F:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " "F:\Util\Sony Ericsson Update Service\Update Service.exe"="F:\Util\Sony Ericsson Update Service\Update Service.exe:*:Enabled:Update Service" "H:\fsetup.exe"="H:\fsetup.exe:*:Enabled:AVM FSetup Application" "F:\Programme\Fritz!\FBOXUPD.EXE"="F:\Programme\Fritz!\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update" "F:\Programme\Fritz!\WebwaIgd.exe"="F:\Programme\Fritz!\WebwaIgd.exe:*:Enabled:WebWatch UPnP Helper" "G:\Anno1404\tools\Anno4Web.exe"="G:\Anno1404\tools\Anno4Web.exe:*:Disabled:Anno4Web" "G:\Anno1404\tools\ToolOne.exe"="G:\Anno1404\tools\ToolOne.exe:*:Enabled:ToolOne" "G:\Anno1404\tools\WorldEditor2.exe"="G:\Anno1404\tools\WorldEditor2.exe:*:Enabled:WorldEditor2" "G:\Anno1404\Addon.exe"="G:\Anno1404\Addon.exe:*:Enabled:ANNO 1404 - Venedig" "G:\Anno1404\tools\AddonWeb.exe"="G:\Anno1404\tools\AddonWeb.exe:*:Enabled:ANNO 1404 - Venedig Web" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer" "F:\Programme\iTunes\iTunes.exe"="F:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======File associations====== .js - open - "F:\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2010-08-23 09:46:27 ----D---- C:\rsit 2010-08-23 09:46:27 ----D---- C:\Programme\trend micro 2010-08-22 23:29:21 ----D---- C:\Programme\ESET 2010-08-22 23:14:47 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-08-22 14:44:09 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SafeReturner 2010-08-21 20:05:53 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com 2010-08-21 20:05:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2010-08-21 18:05:58 ----D---- C:\WINDOWS\system32\Adobe 2010-08-21 13:18:37 ----HDC---- C:\WINDOWS\ie8 2010-08-20 18:08:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun 2010-08-20 18:08:29 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-07-25 20:41:20 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 2010-07-25 20:41:08 ----D---- C:\Programme\Gemeinsame Dateien\Adobe AIR ======List of files/folders modified in the last 1 months====== 2010-08-23 09:46:29 ----D---- C:\WINDOWS\Prefetch 2010-08-23 09:46:27 ----RD---- C:\Programme 2010-08-23 09:45:03 ----D---- C:\WINDOWS 2010-08-23 09:30:03 ----D---- C:\WINDOWS\Temp 2010-08-23 09:29:42 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-23 09:29:33 ----SD---- C:\WINDOWS\Tasks 2010-08-22 23:35:11 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Qyohyf 2010-08-22 22:51:50 ----D---- C:\WINDOWS\system32 2010-08-22 20:32:11 ----D---- C:\WINDOWS\system32\NtmsData 2010-08-22 20:30:15 ----D---- C:\WINDOWS\Registration 2010-08-22 18:22:13 ----SHD---- C:\WINDOWS\Installer 2010-08-22 17:29:45 ----D---- C:\WINDOWS\Minidump 2010-08-22 17:29:45 ----D---- C:\WINDOWS\Debug 2010-08-22 17:07:50 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla 2010-08-22 16:58:55 ----SHD---- C:\System Volume Information 2010-08-22 16:58:55 ----D---- C:\WINDOWS\system32\Restore 2010-08-22 14:29:06 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Eqafid 2010-08-22 14:11:58 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$ 2010-08-22 14:11:58 ----D---- C:\WINDOWS\system32\drivers 2010-08-22 13:38:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2010-08-22 12:07:18 ----RD---- C:\WINDOWS\Web 2010-08-22 00:03:11 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2010-08-21 17:57:29 ----D---- C:\WINDOWS\system32\Macromed 2010-08-21 17:57:24 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia 2010-08-21 13:20:38 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-08-21 13:20:38 ----HD---- C:\WINDOWS\inf 2010-08-21 13:20:38 ----D---- C:\WINDOWS\system32\de-de 2010-08-21 13:20:38 ----D---- C:\WINDOWS\Media 2010-08-21 13:20:38 ----D---- C:\WINDOWS\Help 2010-08-21 13:20:38 ----D---- C:\Programme\Internet Explorer 2010-08-21 12:48:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2010-08-21 12:47:44 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-08-21 11:55:31 ----D---- C:\Programme\Java 2010-08-20 22:45:36 ----D---- C:\WINDOWS\network diagnostic 2010-08-20 18:14:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-08-20 18:08:40 ----D---- C:\Programme\Gemeinsame Dateien\Java 2010-08-20 18:08:20 ----A---- C:\WINDOWS\system32\javaws.exe 2010-08-20 18:08:20 ----A---- C:\WINDOWS\system32\javaw.exe 2010-08-20 18:08:19 ----A---- C:\WINDOWS\system32\java.exe 2010-08-20 15:14:36 ----SHD---- C:\RECYCLER 2010-08-15 19:00:24 ----D---- C:\WINDOWS\system32\inetsrv 2010-08-13 09:49:48 ----D---- C:\WINDOWS\Microsoft.NET 2010-08-13 09:49:45 ----RSD---- C:\WINDOWS\assembly 2010-08-12 00:44:47 ----D---- C:\WINDOWS\WinSxS 2010-08-11 09:32:05 ----HD---- C:\Programme\InstallShield Installation Information 2010-07-31 15:56:29 ----RSD---- C:\WINDOWS\Fonts 2010-07-26 23:10:09 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe 2010-07-25 20:41:10 ----D---- C:\Programme\Adobe 2010-07-25 20:41:08 ----D---- C:\Programme\Gemeinsame Dateien ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-03-16 99840] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352] R1 avgio;avgio; \??\F:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 SASDIFSV;SASDIFSV; \??\F:\Util\SUPER_AntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\F:\Util\SUPER_AntiSpyware\SASKUTIL.SYS [] R2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys [] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-24 281760] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R2 irda;IrDA-Protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-12-24 25888] R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256] R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber; C:\WINDOWS\system32\DRIVERS\avmdsloe.sys [2006-09-12 45952] R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber; C:\WINDOWS\system32\DRIVERS\avmndsl.sys [2006-09-12 39440] R3 AVMWAN;AVM NDIS WAN CAPI-Treiber; C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 37568] R3 GcKernel;Microsoft SideWinder Value Add - Filtertreiber; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HIDSwvd;Microsoft SideWinder-Minitreiber für virtuelles HID-Gerät; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928] R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688] R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-11 51582] R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-08-21 57248] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 SWUSBFLT;Microsoft SideWinder VIA-Filtertreiber; C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 3968] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480] S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS [] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 FDLUBASE;AVM FRITZ!Card DSL SL USB (WinXP/2000); C:\WINDOWS\system32\DRIVERS\fdlubase.sys [2006-09-12 704128] S3 fxusbase;AVM ISDN-Connector FRITZ!X USB; C:\WINDOWS\system32\DRIVERS\fxusbase.sys [2001-08-17 454912] S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-01 13352] S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-08-01 21672] S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040] S3 LGDDCDevice;LGDDCDevice; \??\F:\Util\LG-Monitor\bin\I2CDriver.sys [] S3 LGII2CDevice;LGII2CDevice; \??\F:\Util\LG-Monitor\bin\PII2CDriver.sys [] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 83496] S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016] S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 109992] S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976] S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 24872] S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 100008] S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 105896] S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] S4 NETFWDSL;AVM FRITZ!web DSL PPP; C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [] S4 NTACCESS;NTACCESS; \??\H:\NTACCESS.sys [] S4 SetupNTGLM7X;SetupNTGLM7X; \??\H:\NTGLM7X.sys [] S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; F:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; F:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-20 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Bonjour Service;Dienst "Bonjour"; C:\Programme\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 IGDCTRL;AVM IGD CTRL Service; F:\Programme\Fritz!\IGDCTRL.EXE [2007-09-04 87344] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; F:\Programme\Java\bin\jqs.exe [2010-08-20 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-07-21 540968] S2 gupdate1c9d3f571814d6;Google Update Service (gupdate1c9d3f571814d6); C:\Programme\Google\Update\GoogleUpdate.exe [2009-05-13 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-07 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 de_serv;AVM FRITZ!web Routing Service; C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-26 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 haFNxn;haFNxn; F:\Util\PC Wizard 2010\Data\pcwizntl.exe [2010-03-27 53248] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe [2007-12-19 68096] S3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe [] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- --- INFO.TXT --- [QUOTE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-23 09:46:33
======Uninstall list======
-->"C:\Programme\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0007
-->"C:\Programme\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0007
-->"C:\Programme\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0007
-->"C:\Programme\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0007
-->"C:\Programme\Creative Installation Information\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\Setup.exe" /remove /l0x0007
-->"C:\Programme\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0007
-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x7
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x7 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActiveSky Version 6.5 and ActiveSky Graphics-->MsiExec.exe /X{0F0D371F-C111-4279-963A-04139A5E49DB}
Ad-Aware SE Personal-->F:\Util\Ad-Aware\UNWISE.EXE F:\Util\Ad-Aware\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\dba14d7ef3aa07282d2b5a7a98d902a\Setup.exe
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}
Adobe ExtendScript Toolkit 2-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Video Encoder-->MsiExec.exe /I{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0407-1E257A25E34D}
Adobe Photoshop CS3-->MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
aerosoft's - German Aiports 1 - Version 3.1 Update - FS2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BD3D8367-4726-473F-A46D-8E717EF42908}\Setup.exe" -uninst
aerosoft's - German Airports 1 - FS2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{327E8086-4211-4F7D-8731-720FEA0367B4}\setup.exe" -uninst
aerosoft's - German Airports 2 - FS2002-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C95082FD-272B-4DFA-AE51-F3AFC6B88391}\setup.exe" -uninst
aerosoft's - German Airports 2 X - FS2004-->C:\Programme\InstallShield Installation Information\{0705EEB6-2F15-4D19-B37D-84C953E93D18}\Setup.exe -runfromtemp -l0x0007 -removeonly
aerosoft's - Mega Airport Frankfurt - FS2004-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D4E22434-1BCE-4C91-A1E4-FC352DFD4B3B}\setup.exe" -uninst
aerosoft's - U.S. Airports - FS2004-->"E:\FS9\aerosoft\Uninstall.exe" "uninstall_USAirports.ini" "E:\FS9"
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
ALDI Foto Manager Free Sued (D)-->F:\Programme\ALDI_Foto_Manager_Free\instslct.exe
ALDI Online Druck Service (Sued)-->C:\PROGRA~1\ALDION~1\ALDI_ODS\UNWISE.EXE C:\PROGRA~1\ALDION~1\ALDI_ODS\INSTALL.LOG
ALDI Sued Foto Service (D)-->F:\Programme\Aldi Foto\instslct.exe
ALShow-->F:\Util\ALShow\unins000.exe
ALTools Update-->C:\Programme\ESTsoft\ALUpdate\unins000.exe
ALZip-->F:\Util\ALZip\unins000.exe
Amazon MP3-Downloader 1.0.5-->F:\Util\Amazon MP3 Downloader\Uninstall.exe
ANNO 1404 - Venedig-->"C:\Programme\InstallShield Installation Information\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}\Setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1404 Entwickler-Tools-->"C:\Programme\InstallShield Installation Information\{A837BCE6-BCB1-4A44-8807-A678EAF06933}\setup.exe" -runfromtemp -l0x0007 -removeonly
ANNO 1404-->"C:\Programme\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
Anno 1701 - Der Fluch des Drachen-->"C:\Programme\InstallShield Installation Information\{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}\Setup.exe" -runfromtemp -l0x0007 -removeonly
Anno 1701-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -l0x7 -removeonly
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archer-->C:\WINDOWS\iun6002.exe "E:\FS9\Archer0204.ini"
Atmosphere Lite v6.0-->"F:\Util\Atmosphere Lite\unins000.exe"
Audacity 1.3.7 (Unicode)-->"F:\Util\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audio Recorder for Free-->F:\PROGRA~1\AUDIOR~1\UNWISE.EXE F:\PROGRA~1\AUDIOR~1\INSTALL.LOG
Avanquest update-->"C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0007 -removeonly
Avira AntiVir Personal - Free Antivirus-->F:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira UnErase Personal-->F:\Util\Avira UnErase\uninstall.exe
AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d
AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d
AVM FRITZ!DSL-->MsiExec.exe /X{2457326B-C110-40C3-89B0-889CC913871A}
AVS Media Player 3.1-->"F:\Programme\AVSMediaPlayer\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Programme\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bink and Smacker-->F:\Util\RADVideo\UNWISE.EXE F:\Util\RADVideo\INSTALL.LOG
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
BySoft FreeRAM 4.0-->F:\Util\BySoft FreeRAM\uninst.exe
Caplio Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7B27B170-2F40-4D39-A52F-BD4261B12D29}\setup.exe" -l0x7 anything
CCleaner-->"F:\Util\CCleaner\uninst.exe"
CDex extraction audio-->"F:\Util\CDex_170b2\uninstall.exe"
Cessna 421C - Golden Eagle 2.0-->C:\WINDOWS\iun6002.exe "E:\FS9\421CGoldenEagle12.ini"
Civ3 Conquests v1.22 Full-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}\Setup.exe"
Civilization III v1.21f-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}\Setup.exe"
Civilization III: Conquests-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F31BC49F-AB7B-4A53-A399-EB7331B585BC}\setup.exe" -l0x7
Civilization III-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
Cobian Backup 9-->F:\Programme\Cobian Backup\cbUninstall.exe
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x7 /remove
EditVoicepack-->MsiExec.exe /I{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}
Enviro! 3.2-->E:\Enviro!\unins000.exe
EPSON Attach To Email-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x7 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x7 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x7 UNINST
EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x7 -u
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Scan-->C:\Programme\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything
EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESDX4800_4200 Benutzerhandbuch-->C:\Programme\EPSON\TPMANUAL\ESDX4800_4200\USE_G\DOCUNINS.EXE
ESET Online Scanner v3-->C:\Programme\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Flight One ATR 72-500-->C:\WINDOWS\iun6002.exe "E:\FS9\ATR_72500.ini"
forteManager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x7 -removeonly
Free CD to MP3 Converter-->F:\Util\CDTOMP~1\UNWISE.EXE F:\Util\CDTOMP~1\INSTALL.LOG
FS2004 Splash Screen Randomizer-->E:\FS9\ssr uninstal.exe
Futuremark SystemInfo-->"C:\Programme\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Galactic Civilizations II-->G:\Stardock\GalCiv2\UNWISE.EXE G:\Stardock\GalCiv2\INSTALL.LOG
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"F:\Util\hijackthis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
IFSD Irish Scenery-->C:\WINDOWS\iun6002.exe "E:\FS9\Addon Scenery\ifsd_ireland\IFSD\installer\irunin.ini"
IrfanView (remove only)-->F:\Programme\IrfanView\iv_uninstall.exe
ISD Project - LIPZ and LIPV 2003-->MsiExec.exe /I{DFA94D6A-1446-4690-878D-23F3D5417711}
ISD PROJECT LIML2004-->E:\FS9\Uninstal.exe
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
KBWI2k5v2-->E:\FS9\Uninstall KBWI2k5v2.exe
K-Lite Codec Pack 5.8.3 (Full)-->"F:\Util\K-Lite Codec Pack\unins000.exe"
LFRD2004 St-Malo Dinard Pleurtuit-->E:\FS9\Uninstal.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x7 UNINSTALL
Logitech MouseWare 9.80 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x7 -l0007 UNINSTALL
Malwarebytes' Anti-Malware-->"F:\Util\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II: The Conquerors Expansion-->"G:\AoE2\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"G:\AoE2\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt-->"E:\FS9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Milano Malpensa-->MsiExec.exe /I{382C0492-0456-4B9D-A80A-1154F4DABC5F}
Mozilla Firefox (3.6.8)-->F:\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.38-->F:\Util\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{C4A230B7-518F-4224-A5A3-27F06CC57111}
myphotobook 3.5-->F:\Util\myphotobook\uninst.exe
myphotobook.de-->msiexec /qb /x {FD091935-4900-6218-88CC-CBA82ADBBB39}
myphotobook.de-->MsiExec.exe /I{FD091935-4900-6218-88CC-CBA82ADBBB39}
Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
nHancer-->MsiExec.exe /X{21ABDAE4-9C9E-446C-B82E-28B143156BE9}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
OpenOffice.org 3.2-->MsiExec.exe /I{8D1E61D1-1395-4E97-997F-D002DB3A5074}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7
PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x7
PC Wizard 2010.1.94-->"F:\Util\PC Wizard 2010\unins000.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
phase5-->"F:\Programme\phase5\uninstall.exe"
PIF DESIGNER-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x7 anything
PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QualityWings Ultimate 757 Collection FS9 1.1-->"E:\FS9\unins000.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RamBooster-->F:\Util\Rambooster\Uninst.exe /pid:{ADE3CACC-EC31-480C-83A0-587EE60CE8DF} /asd
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Recuva (remove only)-->"F:\Util\Recuva\uninst.exe"
Safe Returner version 1.27-->"F:\Util\Safe Returner\unins000.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
SimCity 4-->G:\SimCity4\EAUninstall.exe
SimPicShot 1.5-->"E:\Util\SimPicShot\unins000.exe"
Sony Ericsson PC Suite 4.010.00-->C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0007 -removeonly
Sqirlz Morph-->C:\WINDOWS\Sqirlz Morph Uninstaller.exe
StarOffice 8 Product Update 4-->MsiExec.exe /X{D3737623-7FB5-443C-BA4A-023F2D2BC5A4}
StarOffice 8-->MsiExec.exe /I{9FE15B75-8AD9-4A6F-A57A-7E7C03C4CBEB}
SUPERAntiSpyware-->"F:\Util\SUPER_AntiSpyware\Uninstall.exe"
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update Service-->F:\Util\Sony Ericsson Update Service\uninst.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vtune 7.6-->"C:\Programme\Vtune\unins000.exe"
Winamp-->"F:\Programme\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO v5.3-->F:\Util\WinISO53\UNWISE.EXE F:\Util\WinISO53\INSTALL.LOG
WinSnap-->F:\Programme\WinSnap\uninst.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wise Registry Cleaner 3 Free 3.52-->"F:\Util\Wise Registry Cleaner\unins000.exe"
======Security center information======
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: AntiVir Desktop
AV: Avira AntiVir PersonalEdition Classic
======System event log======
Computer Name: FRED-MIOMBO
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt".
Record Number: 136110
Source Name: Service Control Manager
Time Written: 20100810202641.000000+120
Event Type: Informationen
User:
Computer Name: FRED-MIOMBO
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet.
Record Number: 136109
Source Name: Service Control Manager
Time Written: 20100810202641.000000+120
Event Type: Informationen
User: FRED-MIOMBO\Fred
Computer Name: FRED-MIOMBO
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Beendet".
Record Number: 136108
Source Name: Service Control Manager
Time Written: 20100810202529.000000+120
Event Type: Informationen
User:
Computer Name: FRED-MIOMBO
Event Code: 7036
Message: Dienst "WMI-Leistungsadapter" befindet sich jetzt im Status "Ausgeführt".
Record Number: 136107
Source Name: Service Control Manager
Time Written: 20100810202529.000000+120
Event Type: Informationen
User:
Computer Name: FRED-MIOMBO
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "WMI-Leistungsadapter" gesendet.
Record Number: 136106
Source Name: Service Control Manager
Time Written: 20100810202529.000000+120
Event Type: Informationen
User: FRED-MIOMBO\Fred
=====Application event log=====
Computer Name: FRED-MIOMBO
Event Code: 1904
Message:
Record Number: 24968
Source Name: HHCTRL
Time Written: 20100411203857.000000+120
Event Type: Informationen
User:
Computer Name: FRED-MIOMBO
Event Code: 1904
Message:
Record Number: 24967
Source Name: HHCTRL
Time Written: 20100411203857.000000+120
Event Type: Informationen
User:
Computer Name: FRED-MIOMBO
Event Code: 1904
Message:
Record Number: 24966
Source Name: HHCTRL
Time Written: 20100411203857.000000+120
Event Type: Informationen
User:
Computer Name: FRED-MIOMBO
Event Code: 1904
Message:
Record Number: 24965
Source Name: HHCTRL
Time Written: 20100411203857.000000+120
Event Type: Informationen
User:
Computer Name: FRED-MIOMBO
Event Code: 1904
Message:
Record Number: 24964
Source Name: HHCTRL
Time Written: 20100411203857.000000+120
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Programme\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\QuickTime\QTSystem;F:\Util\ALZip;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
--- Und hier noch das jüngste Malwarebytes-Logfile: --- Zitat:
Zitat:
Zitat:
Zitat:
Hoffe, dass ich alles regelkonform gepostet habe und danke schonmal! Geändert von hopper (23.08.2010 um 10:08 Uhr) |
| Themen zu Nach Hiloti.gen: Firefox öffnet eigenständig Tabs u. Windows automat. Updates schlagen fehl |
| acedrv05.sys, addon.exe, antivir, antivir guard, avgntflt.sys, avira, bho, bonjour, desktop, excel, firefox, firefox.exe, flash player, fontcache, fritz!, funktioniert nicht mehr, google, hijack, hijackthis, hkus\s-1-5-18, indesign, install.exe, installation, mozilla, msiexec, msiexec.exe, neuer tab, plug-in, realtek, registry, registry cleaner, scan, security, security update, skype.exe, software, starten, super, system, updates, virus, windows, windows internet, windows internet explorer, windows xp |
Baum-Darstellung