Rechner noch verseucht?
 

Hallo, zusammen!

Vor einigen Tagen stellte ich einen starken Befall auf meinem Rechner fest.
Es gab mehrere verdächtige Dateien, u. a. Trojaner.
Mit Hilfe dieses Forums habe ich nun den Rechner einer "Kur" unterzogen.

Ich würde mich freuen, wenn die Experten unter euch mir Feedback zu den folgenden Logfiles geben könnten. Die Logs geben den Zustand nach durchgeführter Reinigung wieder. Was fällt euch noch auf? Wie könnte ich noch weiter auf Befall prüfen? Würdet ihr die ergebnisse als "gesund" bezeichnen?

Vielen Dank schonmal für euer alle kostbare Zeit :)


Molto

Und hier die Logs ...



Logfile of HijackThis v1.97.7
Scan saved at 20:36:59, on 15.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Electronic Arts\EADM\Core.exe
C:\WINDOWS\explorer.exe
c:\programme\a-squared free\a2service.exe
C:\Programme\a-squared Anti-Malware\a2service.exe
C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Programme\HijackThis 1.97\HijackThis.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [SpybotDeletingC3321] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9570] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingC496] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2971
Windows 5.1.2600 Service Pack 2

17.10.2009 10:55:02
mbam-log-2009-10-17 (10-55-02).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 888422
Laufzeit: 5 hour(s), 1 minute(s), 15 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Logfile of random's system information tool 1.06 (written by random/random)
Run by [Name] at 2009-10-17 01:30:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (5%) free of 24 GB
Total RAM: 3455 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:30:40, on 17.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\a-squared Anti-Malware\a2service.exe
c:\programme\a-squared free\a2service.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Electronic Arts\EADM\Core.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Dokumente und Einstellungen\[Name]\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Trend Micro\HijackThis\[Name].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [SpybotDeletingC3321] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9570] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingC496] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programme\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programme\a-squared free\a2service.exe
O23 - Service: ABBYY FineReader 9.0-Lizenzierungsdienst (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\04_DVD\01_Cut\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7704 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\New Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-11-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-11-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2004-12-07 84480]
"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-20 266497]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2007-06-29 286720]
"a-squared"=C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe [2009-10-01 3278480]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2004-08-04 137216]
"SpybotDeletingC3321"=cmd.exe /c del C:\WINDOWS\system32\lowsec\local.ds []
"SpybotDeletingA9570"=command.com /c del C:\WINDOWS\system32\lowsec\user.ds []
"SpybotDeletingC496"=cmd.exe /c del C:\WINDOWS\system32\lowsec\user.ds []
"SpybotSnD"=C:\Programme\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Programme\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Programme\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2004-03-25 1732608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-01 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BayReminder]
D:\01_Office\03_Internet\BayWatcher Pro\bayreminder.exe /a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Programme\Softwin\BitDefender8\bdmcon.exe [2005-06-20 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
C:\Programme\Softwin\BitDefender8\bdnagent.exe [2005-05-09 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\01_Office\02_Burning Tools\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\02_Audio\Programme\Medienplayer\iTunes\iTunesHelper.exe [2006-02-23 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-09-11 339240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-07 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2008-11-04 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-04-22 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Programme\Save\Save.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-11-25 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-11-25 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ATI CATALYST System Tray.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [2005-01-20 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
D:\01_OFF~1\01_MIC~1\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^[Name]^Startmenü^Programme^Autostart^CodeMeter Control Center.lnk]
C:\PROGRA~1\CODEME~1\Runtime\bin\CODEME~2.EXE [2007-03-23 4984832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-10-17 01:30:07 ----D---- C:\rsit
2009-10-16 16:55:06 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Malwarebytes
2009-10-16 16:53:34 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-10-16 16:53:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-10-15 20:37:41 ----D---- C:\Programme\Trend Micro
2009-10-15 20:23:06 ----D---- C:\Programme\a-squared Anti-Malware
2009-09-30 20:48:00 ----D---- C:\WINDOWS\9384D0FFFE2242BAB40AD4F8F6B11072.TMP
2009-09-25 19:51:23 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\dvdisaster
2009-09-25 19:50:44 ----D---- C:\Programme\dvdisaster
2009-09-20 16:18:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks
2009-09-18 14:05:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead
2009-09-17 21:28:16 ----D---- C:\Programme\Sybex
2009-09-17 17:49:02 ----A---- C:\WINDOWS\system32\zlib1.dll
2009-09-17 17:44:38 ----A---- C:\WINDOWS\system32\libcurl.dll
2009-09-14 18:25:56 ----D---- C:\Programme\Gemeinsame Dateien\Adobe AIR
2009-09-10 14:31:22 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\GetRightToGo
2009-09-09 12:58:34 ----A---- C:\WINDOWS\wininit.ini
2009-09-09 12:07:17 ----D---- C:\Programme\Safer Networking
2009-09-03 23:28:36 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Download Manager
2009-08-06 22:07:59 ----D---- C:\tempo
2009-07-28 13:04:46 ----D---- C:\Programme\The Way To Everest Book

======List of files/folders modified in the last 3 months======

2009-10-17 01:30:19 ----D---- C:\WINDOWS\system32\drivers
2009-10-17 01:29:41 ----D---- C:\WINDOWS\Temp
2009-10-17 01:19:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-10-17 01:19:27 ----D---- C:\WINDOWS
2009-10-17 01:16:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-17 01:15:16 ----D---- C:\WINDOWS\system32
2009-10-16 16:59:02 ----D---- C:\WINDOWS\Minidump
2009-10-16 16:59:02 ----D---- C:\WINDOWS\Debug
2009-10-16 16:54:55 ----D---- C:\WINDOWS\Prefetch
2009-10-16 16:53:34 ----D---- C:\Programme
2009-10-16 16:48:17 ----D---- C:\Programme\CCleaner
2009-10-16 16:21:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-16 16:16:48 ----D---- C:\Programme\AntiVir PersonalEdition Classic
2009-10-16 16:15:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-10-16 09:14:42 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-15 20:35:16 ----D---- C:\Programme\HijackThis 1.97
2009-10-15 20:18:07 ----SHD---- C:\WINDOWS\Installer
2009-10-15 19:38:18 ----D---- C:\Programme\a-squared Free
2009-10-15 13:48:50 ----D---- C:\Programme\Rapidown
2009-10-15 00:27:29 ----D---- C:\Programme\Spybot - Search & Destroy
2009-10-13 23:49:12 ----A---- C:\WINDOWS\win.ini
2009-10-13 12:48:59 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Adobe
2009-10-13 12:48:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-10-12 00:10:58 ----A---- C:\WINDOWS\cdplayer.ini
2009-10-10 10:23:38 ----D---- C:\temp
2009-10-10 09:11:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-04 14:48:23 ----D---- C:\Programme\Mozilla Firefox
2009-10-02 16:33:50 ----A---- C:\WINDOWS\demdata.txt
2009-10-02 11:18:18 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\SiteClasses
2009-10-01 22:23:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-01 22:22:51 ----HD---- C:\WINDOWS\inf
2009-10-01 22:19:04 ----D---- C:\WINDOWS\system
2009-09-30 20:43:18 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Mozilla
2009-09-22 09:21:46 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-09-20 16:18:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-20 16:18:51 ----D---- C:\Programme\PPMate
2009-09-19 11:40:38 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Vso
2009-09-18 16:46:26 ----D---- C:\Programme\AllToAVI
2009-09-14 18:25:57 ----HD---- C:\Config.Msi
2009-09-14 18:25:56 ----D---- C:\Programme\Gemeinsame Dateien
2009-09-09 12:58:30 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EmailNotifier
2009-09-09 12:20:34 ----SH---- C:\boot.ini
2009-09-09 11:05:21 ----D---- C:\Programme\Spyware Doctor
2009-09-03 10:16:10 ----D---- C:\DiskTemp
2009-09-01 21:14:29 ----SD---- C:\WINDOWS\Tasks
2009-08-08 15:33:15 ----A---- C:\index.ini
2009-08-07 09:19:35 ----RSD---- C:\WINDOWS\Fonts
2009-08-06 19:31:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD Shrink
2009-08-04 10:54:03 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-04 10:53:29 ----ASD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2001-02-01 25244]
R1 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2003-07-29 28518]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R2 ACEDRV06;ACEDRV06; \??\C:\WINDOWS\system32\drivers\ACEDRV06.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2003-10-29 9735]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-02-26 97216]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2007-01-30 29312]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-01-01 47360]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 S3U10Scanner;600 CU Still Image Device Service; C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 15104]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-01-26 13824]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 PDIDRV;PDIDRV; C:\WINDOWS\system32\drivers\PDIDRV.sys []
S2 digi96;RME Digi Audio Device; C:\WINDOWS\system32\DRIVERS\digi96.sys [2006-03-28 48768]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ao7fxiwx;ao7fxiwx; C:\WINDOWS\system32\drivers\ao7fxiwx.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 bco_1394;bco_1394; C:\WINDOWS\System32\Drivers\bco_1394.sys [2005-04-22 103168]
S3 bco_avs;bco_avs; C:\WINDOWS\System32\Drivers\bco_avs.sys [2005-04-22 24576]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ews88mt;EWS88 WDM Audio; C:\WINDOWS\system32\drivers\ews88wdm.sys [2006-02-15 85824]
S3 ffSaffire_1394;ffSaffire_1394; C:\WINDOWS\System32\Drivers\ffSaffire_1394.sys [2005-09-29 112128]
S3 ffSaffire_avs;ffSaffire_avs; C:\WINDOWS\System32\Drivers\ffSaffire_avs.sys [2005-09-29 27136]
S3 fireface;Service for Fireface (WDM); C:\WINDOWS\system32\drivers\fireface.sys [2008-06-05 82048]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-05-23 39376]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-05-23 53840]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-05-23 57424]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-05-23 83024]
S3 iLokDrvr;Usb Driver; C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2009-05-30 52008]
S3 KCIRNET;KC Technology Device Driver; C:\WINDOWS\system32\DRIVERS\kcirnet.sys [2002-09-06 24876]
S3 L6PODLV;PODxt Live Service; C:\WINDOWS\System32\Drivers\L6PODLV.sys [2007-01-30 609408]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\D:\02_Audio\Programme\Editoren\Samplitude v9\mxasio.sys []
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 Paproxna;Paproxna; C:\WINDOWS\system32\drivers\Paproxna.sys []
S3 RTCore32;RTCore32; \??\C:\Programme\RightMark Memory Analyzer\RTCore32.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040]
S3 StMp3Rec;Treiber für Player-Wiederherstellungsgerät; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-11-25 71376]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Swmsvcsn;Swmsvcsn; C:\WINDOWS\system32\drivers\Swmsvcsn.sys []
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2007-10-24 23288]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 YMIDUSB;Yamaha Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2008-08-27 18048]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 95360]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Programme\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
R2 a2free;a-squared Free Service; c:\programme\a-squared free\a2service.exe [2009-10-15 1858144]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 bdss;BitDefender Scan Server; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe [2005-01-24 69632]
R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [2007-08-23 2007040]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2003-07-18 61440]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-11-04 152984]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 XCOMM;BitDefender Communicator; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe [2005-06-02 69632]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0-Lizenzierungsdienst; D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe -service []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-15 68096]
S3 AdobeVersionCue;AdobeVersionCue; C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe [2004-03-25 61440]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\04_DVD\01_Cut\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPodService;iPodService; C:\Programme\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 sdAuxService;Spyware Doctor Auxiliary Service; C:\Programme\Spyware Doctor\svcntaux.exe [2007-06-27 708424]
S3 sdCoreService;Spyware Doctor Service; C:\Programme\Spyware Doctor\swdsvc.exe [2007-06-15 1309264]
S3 ServiceLayer;ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

:hallo:

hast Du vl noch Logfiles von der "Kur" damit ich sehen kann was am Rechner los war ?
Macht der Rechner noch macken.

Hallo, Larusso!

Danke für den Willkommensgruß. :-)

Im Moment macht der Rechner keine Zicken.
Keinerlei Anzeichen für irgendwelche Reste, wenn ich Spybot, etc. trauen kann ...
Hier ein Log von vor der Säuberung:



Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2971
Windows 5.1.2600 Service Pack 2

17.10.2009 01:14:52
mbam-log-2009-10-17 (01-14-45).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 890299
Laufzeit: 5 hour(s), 7 minute(s), 35 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 13
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\bypass_1_hour_limit_arabic.mynshandler (Spyware.AdaEbook) -> No action taken.
HKEY_CLASSES_ROOT\multiple.mynshandler (Spyware.AdaEbook) -> No action taken.
HKEY_CLASSES_ROOT\premium.mynshandler (Spyware.AdaEbook) -> No action taken.
HKEY_CLASSES_ROOT\solving the waiting 1 hour in rapidshare.mynshandler (Spyware.AdaEbook) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Plate (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.

Infizierte Dateien:
C:\Programme\ALCATech\BPM-Studio Profi\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Programme\SpinAudio\RoomVerb M2\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Programme\Steinberg\VstPlugins\GRMToolsSpectralTransformVSTv1.6.52\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
C:\Programme\Steinberg\VstPlugins\Voxengo Analogflux Suite\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
D:\02_Audio\Programme\Format-Wandlung\CXxtract Samplit v1.0.8\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.
D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\01_Insert\Pitch\Audio Damage Discord v1.5\disuninstall\UNWISE.EXE (Malware.Packer.Morphine) -> No action taken.

Man sollte es doch nicht alleine machen :D

Was spricht gegen ein formatieren?

Gegen ein Formatieren spricht, dass der Rechner voll ist mit Hunderten von kleinen Helferprogrammen, die alle neu installiert werden müssten. Der Zeitaufwand wäre derart immens ...

Auch lassen sich in Outlook Express zwar alle Konten exportieren, nicht aber die Nachrichten-Regeln ... auch das nervt gewaltig.

Wenn's noch irgendwie geht, würd' ich's deshalb gern noch solange mit 'nem Helfer-Tools-Flammenwerfer versuchen, bis eine OS-Neugeburt unumgänglich ist. :-D

Gibt's denn Hoffnung für dieses System?!?

schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"

• Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
• Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
• Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
• Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren

schritt 2

• alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter
  (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
• Vista-User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:
  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?
  Unbedingt auf "No" klicken.
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in Deiner nächsten Antwort
Gmer Logfile

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-19 16:43:02
Windows 5.1.2600 Service Pack 2
Running: ylrzil7o.exe; Driver: C:\DOKUME~1\[Name]\LOKALE~1\Temp\pwtdypob.sys


---- System - GMER 1.0.15 ----

SSDT spch.sys ZwCreateKey [0xB9EA80E0]
SSDT spch.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spch.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spch.sys ZwOpenKey [0xB9EA80C0]
SSDT spch.sys ZwQueryKey [0xB9EC7108]
SSDT spch.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spch.sys ZwSetValueKey [0xB9EC719A]

INT 0x62 ? 8AFFCBF8
INT 0x63 ? 8AFFCBF8
INT 0x73 ? 8AFFCBF8
INT 0x73 ? 8AFFCBF8
INT 0x82 ? 8AFFCBF8
INT 0x83 ? 8AE6EBF8
INT 0x84 ? 8AE6EBF8
INT 0x94 ? 8AE6EBF8
INT 0xA4 ? 8AE6EBF8
INT 0xB4 ? 8AE6EBF8

---- Kernel code sections - GMER 1.0.15 ----

? spch.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B8C9E62C 5 Bytes JMP 8AE6E1D8
.text a2vvbb7c.SYS AC4A6386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a2vvbb7c.SYS AC4A63AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a2vvbb7c.SYS AC4A63C4 3 Bytes [00, 50, 02] {ADD [EAX+0x2], DL}
.text a2vvbb7c.SYS AC4A63C9 1 Byte [26]
.text a2vvbb7c.SYS AC4A63C9 11 Bytes [26, 00, 00, 00, 32, 02, 00, ...] {ADD ES:[EAX], AL; ADD [EDX], DH; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wscntfy.exe[1368] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B60001
.text C:\WINDOWS\system32\nvraidservice.exe[1432] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00DB0001
.text C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe[1512] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00900001
.text C:\WINDOWS\Explorer.EXE[1528] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A90001
.text C:\Dokumente und Einstellungen\[Name]\Desktop\RETTUNG\GMER v1.0.15.15163\ylrzil7o.exe[3120] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 7170003D
.text C:\Programme\a-squared Anti-Malware\a2service.exe[3148] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes CALL 7170003D
.text C:\Programme\a-squared Anti-Malware\a2service.exe[3148] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 0045495D C:\Programme\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!KfAcquireSpinLock] E0835200
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!READ_PORT_UCHAR] E857503F
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!KeGetCurrentIrql] 0000EB44
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!KfRaiseIrql] 026B938D
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!KfLowerIrql] C6830000
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!HalGetInterruptVector] 0008B908
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!HalTranslateBusAddress] FA8B0000
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!KeStallExecutionProcessor] 758BA5F3
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!KfReleaseSpinLock] 064E8A08
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 883FE180
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!READ_PORT_USHORT] 0002688B
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 06468A00
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[HAL.dll!WRITE_PORT_UCHAR] 8306E8C0
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[WMILIB.SYS!WmiSystemControl] 02698388
IAT \SystemRoot\System32\Drivers\a2vvbb7c.SYS[WMILIB.SYS!WmiCompleteRequest] 19750000
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spch.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B0681F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{29473F36-CFD2-4277-8AEF-36E17B8CA20B} 8A0B51F8
Device \Driver\usbohci \Device\USBPDO-0 8ACC51F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B06A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B06A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B06A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B06A1F8
Device \Driver\usbehci \Device\USBPDO-1 8AE981F8
Device \Driver\usbuhci \Device\USBPDO-2 8ADE01F8
Device \Driver\usbuhci \Device\USBPDO-3 8ADE01F8
Device \Driver\PCI_PNP3684 \Device\00000060 spch.sys
Device \Driver\usbehci \Device\USBPDO-4 8AE981F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AFFD1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AFFD1F8
Device \Driver\Cdrom \Device\CdRom0 8AE791F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8AFFD1F8
Device \Driver\Cdrom \Device\CdRom1 8AE791F8
Device \Driver\sptd \Device\1622238684 spch.sys
Device \Driver\Ftdisk \Device\HarddiskVolume4 8AFFD1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A0B51F8
Device \Driver\nvatabus \Device\00000084 8AFFC1F8
Device \Driver\NetBT \Device\NetbiosSmb 8A0B51F8
Device \Driver\USBSTOR \Device\00000092 8AB7A500
Device \Driver\USBSTOR \Device\00000093 8AB7A500
Device \Driver\nvatabus \Device\00000086 8AFFC1F8
Device \Driver\nvatabus \Device\00000088 8AFFC1F8
Device \Driver\usbohci \Device\USBFDO-0 8ACC51F8
Device \Driver\nvatabus \Device\NvAta0 8AFFC1F8
Device \Driver\usbehci \Device\USBFDO-1 8AE981F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A09C1F8
Device \Driver\nvatabus \Device\NvAta1 8AFFC1F8
Device \Driver\usbuhci \Device\USBFDO-2 8ADE01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A09C1F8
Device \Driver\nvatabus \Device\NvAta2 8AFFC1F8
Device \Driver\usbuhci \Device\USBFDO-3 8ADE01F8
Device \Driver\usbehci \Device\USBFDO-4 8AE981F8
Device \Driver\Ftdisk \Device\FtControl 8AFFD1F8
Device \Driver\a2vvbb7c \Device\Scsi\a2vvbb7c1 8AA72300
Device \Driver\VOBID \Device\Scsi\VOBID1 8B0691F8
Device \Driver\a2vvbb7c \Device\Scsi\a2vvbb7c1Port4Path0Target0Lun0 8AA72300
Device \FileSystem\Fastfat \Fat 8AD10500
Device \FileSystem\Fastfat \Fat A04591F9

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8ABC7500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1D 0x3F 0x75 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x2E 0x3D 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x85 0x52 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1D 0x3F 0x75 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0x2E 0x3D 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x85 0x52 0x25 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{68686EA2-27B0-4174-D1B3-286CD23917D0}@ Description
Reg HKLM\SOFTWARE\Classes\CLSID\{68686EA2-27B0-4174-D1B3-286CD23917D0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{68686EA2-27B0-4174-D1B3-286CD23917D0}\InprocServer32@ C:\WINDOWS\system32\cnvfat.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{68686EA2-27B0-4174-D1B3-286CD23917D0}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}\InProcServer32@ C:\WINDOWS\system32\ACTXPRXY.DLL
Reg HKLM\SOFTWARE\Classes\Interface\{1CFF0050-6FDD-11D0-9328-00A0C90DCAA9}@ IActiveScriptParseProcedureOld32
Reg HKLM\SOFTWARE\Classes\Interface\{1CFF0050-6FDD-11D0-9328-00A0C90DCAA9}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{3050F3EE-98B5-11CF-BB82-00AA00BDCE0B}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{539698A0-CDCA-11CF-A5EB-00AA0047A063}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{63CDBCB0-C1B1-11D0-9336-00A0C90DCAA9}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{AA5B6A80-B834-11D0-932F-00A0C90DCAA9}@ IActiveScriptParseProcedure32
Reg HKLM\SOFTWARE\Classes\Interface\{AA5B6A80-B834-11D0-932F-00A0C90DCAA9}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{BB1A2AE1-A4F9-11CF-8F20-00805F2CD064}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{BB1A2AE2-A4F9-11CF-8F20-00805F2CD064}@ IActiveScriptParse32
Reg HKLM\SOFTWARE\Classes\Interface\{BB1A2AE2-A4F9-11CF-8F20-00805F2CD064}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{D10F6761-83E9-11CF-8F20-00805F2CD064}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{DB01A1E3-A42B-11CF-8F20-00805F2CD064}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}
Reg HKLM\SOFTWARE\Classes\Interface\{EAE1BA61-A4ED-11CF-8F20-00805F2CD064}\ProxyStubClsid32@ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9}

---- EOF - GMER 1.0.15 ----

schritt 1

HijackThis aktualisieren und in eigenen Ordner installieren

Falls sich nicht die aktuelle Version 2.02 von HijackThis auf Deinem Rechner in einem eigenen Ordner befindet, deinstalliere oder lösche die alte Version von HijackThis und lade HijackThis Version 2.02 von Housecall herunter. Starte den Installer mit einem Doppelklick auf die Datei HTJInstall. Das folgende Fenster mit Install bestätigen, damit das Programm in einen eigenen Ordner installiert wird (nicht auf dem Desktop, sondern in den vorgegebenen Pfad). HJT muss in einem eigenen Ordner laufen, damit evtl. falsch gefixte Einträge wiederhergestellt werden können. Schließe alle Programme und Fenster. Erstelle und poste mir ein HJT-Logfile in Code-Tags, indem Du die Hijackthis.exe startest und auf "Do a system scan and save a logfile" klickst.


schritt 2

F-Secure Onlinescanner

• Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
• Bitte den Internet Explorer unbedingt mit Rechtsklick auf das Icon und als Administrator starten.
• Einen Haken bei "I have read and accepted the license terms".
• Den Button "Install" drücken.
• IE-User müssen die Installation des ActiveX Elements erlauben und auf "Installieren" klicken.
• Firefox-User müssen die Installation des Firefox Addons erlauben und anschließend den Firefox neu starten.
• Den Button "Start" drücken.
• "Full Scan" einstellen und den Button "Start" drücken.
• Die Signaturen werden heruntergeladen.
• Der Scan beginnt automatisch.
• Scanende (Finish).
• Bei Funden benutze => Automatische Bereinigung (Automatically)
• und klicke auf den Button "Next".
• Bericht anzeigen, indem Du auf den Button "Full report" klickst.
• Menü => Datei => Seite speichern unter
• Dateityp auf Textdatei umstellen und
• auf dem Desktop als f-secure.txtspeichern.
• Log hier posten.

Deinstallation

• Firefox:
  Addon über Extras => F-Secure deinstallieren.
• Internet Explorer:
  mit HJT folgenden Eintrag fixen:
  O16 - DPF: {BDBDE413-7B1C-4V68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3)

Bitte poste in Deiner nächsten Antwort
Logfile von Eset/Nod32
Neue HJT Logfile

Online Scanner - Scanning Report - Monday, October 19, 2009 19:17:36Scanning
Report
Monday, October 19, 2009 18:01:51 - 19:17:36
Computer name: STUDIO
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ F:\ G:\



2 malware found
Trojan.Generic.2193121 (spyware)
System (Disinfected)
TrackingCookie.Zanox (spyware)
System (Disinfected)



Statistics
Scanned:
Files: 80621
System: 8281
Not scanned: 6
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM



Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT
CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics



Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third
parties that F-Secure World Wide Web pages have a link to. Unless you have
clearly stated otherwise, by submitting material to any of our servers, for
example by E-mail or via our F-Secure's CGI E-mail, you agree that the
material you make available may be published in the F-Secure World Wide Pages
or hard-copy publications. You will reach F-Secure public web site by clicking
on underlined links. While doing this, your access will be logged to our
private access statistics with your domain name. This information will not be
given to any third party. You agree not to take action against us in relation
to material that you submit. Unless you have clearly stated otherwise, by
submitting material you warrant that F-Secure may incorporate any concepts
described in it in the F-Secure products/publications without liability.

schritt 1

Berichte in Spybot S&D anzeigen lassen

Spybot starten => im Menü Modus => erweiterter Modus einstellen => links auf Werkzeuge klicken => Berichte anzeigen => Bericht anzeigen => Bericht kopieren und hier einfügen. Ältere Berichte kannst Du über "Frühere Berichte ansehen" anzeigen lassen.


schritt 2

Starte bitte Malwarebytes und wähle als Scan-Methode Quick-Scan.


Bitte poste in Deiner nächsten Antwort
Logfile von Spybot
Logfile von Malwarebytes

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2006-06-20 unins000.exe (51.41.0.0)
2009-09-09 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-10-08 Includes\Adware.sbi
2009-10-13 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-10-14 Includes\Dialer.sbi
2009-10-13 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-10-13 Includes\HijackersC.sbi
2009-09-29 Includes\Keyloggers.sbi
2009-10-06 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-10-13 Includes\Malware.sbi
2009-10-14 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-10-13 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-10-13 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-10-13 Includes\Spyware.sbi
2009-10-13 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-10-06 Includes\Trojans.sbi
2009-10-14 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Windows Media Player 6.4: Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Sicherheitsupdate für Windows Media Player 9 (KB917734)
/ Windows XP: Sicherheitsupdate für Windows XP (KB923689)
/ Windows XP: Sicherheitsupdate für Windows XP (KB941569)
/ Windows XP / SP3: Windows XP-Hotfix - KB873339
/ Windows XP / SP3: Windows XP-Hotfix - KB885835
/ Windows XP / SP3: Windows XP-Hotfix - KB885836
/ Windows XP / SP3: Windows XP-Hotfix - KB885884
/ Windows XP / SP3: Windows XP-Hotfix - KB886185
/ Windows XP / SP3: Windows XP-Hotfix - KB888302
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB890046)
/ Windows XP / SP3: Windows XP-Hotfix - KB890859
/ Windows XP / SP3: Windows XP-Hotfix - KB891781
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update für Windows XP (KB894391)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896358)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896423)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896424)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896428)
/ Windows XP / SP3: Update für Windows XP (KB898461)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899587)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899589)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899591)
/ Windows XP / SP3: Update für Windows XP (KB900485)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB900725)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901017)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901214)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB902400)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB904706)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB905414)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB905749)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB908519)
/ Windows XP / SP3: Update für Windows XP (KB908531)
/ Windows XP / SP3: Update für Windows XP (KB910437)
/ Windows XP / SP3: Update für Windows XP (KB911280)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911562)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911567)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911927)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB912919)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB913580)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB914388)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB914389)
/ Windows XP / SP3: Update für Windows XP (KB916595)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917159)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917344)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917422)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917953)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918118)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918439)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918899)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB919007)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920213)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920214)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920670)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920683)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920685)
/ Windows XP / SP3: Update für Windows XP (KB920872)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB921398)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB921883)
/ Windows XP / SP3: Update für Windows XP (KB922582)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB922616)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB922760)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB922819)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923191)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923414)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923694)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923980)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924191)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924270)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924496)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924667)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB925454)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB925486)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB926255)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB926436)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB927779)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB927802)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB928090)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB928255)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB928843)
/ Windows XP / SP3: Update für Windows XP (KB929338)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB929969)
/ Windows XP / SP3: Update für Windows XP (KB931836)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB944338-v2)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB938464)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB950762)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB950974)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951066)
/ Windows XP / SP4: Update für Windows XP (KB951072-v2)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951376-v2)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951698)
/ Windows XP / SP4: Hotfix für Windows XP (KB952287)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB952954)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB954211)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB955069)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956390)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956391)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956803)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956841)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB957095)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB957097)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB958644)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0

[...]

[...]

--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, a-squared
command: "C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
file: C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe
size: 3278480
MD5: DC9568B11158249B7A15DF0A3A7B92C2

Located: HK_LM:Run, avgnt
command: "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, Malwarebytes Anti-Malware (reboot)
command: "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
size: 1312080
MD5: C5FCC0B761069FABD59E41B7C3280DDF

Located: HK_LM:Run, NVRaidService
command: C:\WINDOWS\system32\nvraidservice.exe
file: C:\WINDOWS\system32\nvraidservice.exe
size: 84480
MD5: 48264A915E7356E2B06D9ABAF74DEE93

Located: HK_LM:RunOnce, SpybotDeletingA9570
command: command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
file: command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, SpybotDeletingC3321
command: cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
file: C:\WINDOWS\system32\cmd.exe
size: 401408
MD5: 283433A9DD6C0877DBE0E55A6908EA80

Located: HK_LM:RunOnce, SpybotDeletingC496
command: cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
file: C:\WINDOWS\system32\cmd.exe
size: 401408
MD5: 283433A9DD6C0877DBE0E55A6908EA80

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89

Located: HK_LM:RunOnce, WIAWizardMenu
command: RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
file: C:\WINDOWS\system32\sti_ci.dll
size: 137216
MD5: BF70EA5D04AE5579D85D9D2AC119EBE4

Located: HK_LM:Run, ATICCC (DISABLED)
command: "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
file: C:\Programme\ATI Technologies\ATI.ACE\cli.exe
size: 32768
MD5: C7980E02A2A2F53CD6903668F38F347B

Located: HK_LM:Run, BDNewsAgent (DISABLED)
command: "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
file: c:\progra~1\softwin\bitdef~1\bdnagent.exe
size: 8192
MD5: 641E3F9E3BD0856EB6C8F88F318DF4D4

Located: HK_LM:Run, DNS7reminder (DISABLED)
command: "D:\01_Office\06_Büro\Nuance Dragon Naturally Speaking v10\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance\NaturallySpeaking10\Ereg.ini
file: D:\01_Office\06_Büro\Nuance Dragon Naturally Speaking v10\Ereg\Ereg.exe
size: 259624
MD5: 32E0D290A7709D494A45CC25CCCBD5FC

Located: HK_LM:Run, FirefaceMixTray (DISABLED)
command: firefacemix.exe
file: C:\WINDOWS\system32\firefacemix.exe
size: 306176
MD5: 49D1D419CD0C9322C15CF332190A4450

Located: HK_LM:Run, FirefaceTray (DISABLED)
command: fireface.exe
file: C:\WINDOWS\system32\fireface.exe
size: 74240
MD5: DAEED205765F03DDF12EEFC229FD9E1A

Located: HK_LM:Run, FreePDF Assistant (DISABLED)
command: C:\Programme\FreePDF_XP\fpassist.exe
file: C:\Programme\FreePDF_XP\fpassist.exe
size: 310272
MD5: 4F77C879D2A5491CBD2A8F40E5B2341B

Located: HK_LM:Run, HP Software Update (DISABLED)
command: C:\Programme\HP\HP Software Update\HPWuSchd2.exe
file: C:\Programme\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 926A397334FE426A6C7657096FE681DB

Located: HK_LM:Run, Inst (DISABLED)
command: C:\WINDOWS\System\Inst.exe install
file: C:\WINDOWS\System\Inst.exe
size: 20480
MD5: 0F8273724074DC928ACB65A6259AACB3

Located: HK_LM:Run, ISUSPM Startup (DISABLED)
command: C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: A379B75A6FFE4DFD3184F35F0141CE91

Located: HK_LM:Run, ISUSScheduler (DISABLED)
command: "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
file: C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
size: 81920
MD5: D2AEADFD998706B4216315B2BD3FA79E

Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, MMReminderService (DISABLED)
command: D:\01_Office\06_Büro\03_Planung\MindManager v6\MMReminderService.exe
file: D:\01_Office\06_Büro\03_Planung\MindManager v6\MMReminderService.exe
size: 28672
MD5: 7661EAD571CBA5DA6CF422ED26B6C3E7

Located: HK_LM:Run, NWEReboot (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, pdfSaver3 (DISABLED)
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, PinnacleDriverCheck (DISABLED)
command: C:\WINDOWS\system32\PSDrvCheck.exe
file: C:\WINDOWS\system32\PSDrvCheck.exe
size: 406016
MD5: 60D67B9D07FA29B01466C664CDEEC334

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Programme\QuickTime\qttask.exe" -atboottime
file: C:\Programme\QuickTime\qttask.exe
size: 286720
MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0

Located: HK_LM:Run, RMETray (DISABLED)
command: digi96.exe
file: C:\WINDOWS\system32\digi96.exe
size: 86016
MD5: CA427DD4A3C31E15885AC88F66321F61

Located: HK_LM:Run, ScanSoft OmniPage 16-reminder (DISABLED)
command: "D:\01_Office\10_OCR\OmniPage16\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
file: D:\01_Office\10_OCR\OmniPage16\Ereg\Ereg.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, SSBkgdUpdate (DISABLED)
command: "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
file: C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
size: 210472
MD5: 846965AE55A2662B1576C0F392DD1D6E

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
file: C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
size: 185896
MD5: 89D583FC41D48328128A974C25AFAEB7

Located: HK_LM:Run, WindowsServicesStartup (DISABLED)
command: C:\DOKUME~1\[Name]\LOKALE~1\Temp\svchost.exe 1
file: C:\DOKUME~1\[Name]\LOKALE~1\Temp\svchost.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:RunOnce, WIAWizardMenu (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
file: C:\WINDOWS\system32\sti_ci.dll
size: 137216
MD5: BF70EA5D04AE5579D85D9D2AC119EBE4

Located: HK_CU:Run, ATICCC
where: .DEFAULT...
command: "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
file: C:\Programme\ATI Technologies\ATI.ACE\cli.exe
size: 32768
MD5: C7980E02A2A2F53CD6903668F38F347B

Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: HK_CU:Run, EA Core
where: S-1-5-21-1229272821-602609370-839522115-1003...
command: "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
file: C:\Programme\Electronic Arts\EADM\Core.exe
size: 3342336
MD5: 13BB437592082C824588C17D5409B083

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1229272821-602609370-839522115-1003...
command: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, OpAgent (DISABLED)
where: S-1-5-21-1229272821-602609370-839522115-1003...
command: "OpAgent.exe" /agent
file: OpAgent.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, pdfSaver3 (DISABLED)
where: S-1-5-21-1229272821-602609370-839522115-1003...
command: "C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
file: C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
size: 380928
MD5: 55C0EA353D6C7A526B7BBCE969D2CE41

Located: HK_CU:Run, THReminderVoll (DISABLED)
where: S-1-5-21-1229272821-602609370-839522115-1003...
command: E:\temp\01 - Downloads\02_Office-Tools\Desktop Reminder 2.5\Desktop Reminder.exe
file: E:\temp\01 - Downloads\02_Office-Tools\Desktop Reminder 2.5\Desktop Reminder.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: S-1-5-21-1229272821-602609370-839522115-500...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: HK_CU:RunOnce, NeroHomeFirstStart (DISABLED)
where: S-1-5-21-1229272821-602609370-839522115-500...
command: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe
file: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe
size: 10752
MD5: B8FE84E986AA626B83E131A801FC43D3

Located: HK_CU:Run, ATICCC
where: S-1-5-18...
command: "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
file: C:\Programme\ATI Technologies\ATI.ACE\cli.exe
size: 32768
MD5: C7980E02A2A2F53CD6903668F38F347B

Located: HK_CU:Run, CTFMON.EXE (DISABLED)
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: Startup (deaktiviert), Adobe Gamma Loader.exe (DISABLED)
command: C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 110592
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA

Located: Startup (deaktiviert), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 110592
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA

Located: Startup (deaktiviert), Adobe Reader - Schnellstart (DISABLED)
command: C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (deaktiviert), Adobe Reader Synchronizer (DISABLED)
command: C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE
file: C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (deaktiviert), ATI CATALYST System Tray (DISABLED)
command: C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe SystemTray
file: C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe
size: 32768
MD5: C7980E02A2A2F53CD6903668F38F347B

Located: Startup (deaktiviert), Microsoft Office (DISABLED)
command: D:\01_OFF~1\01_MIC~1\Office\OSA9.EXE -b -l
file: D:\01_OFF~1\01_MIC~1\Office\OSA9.EXE
size: 65588
MD5: 9EF897496163C9B295CFCD37908B2DA1

Located: Startup (deaktiviert), CodeMeter Control Center (DISABLED)
command: C:\PROGRA~1\CODEME~1\Runtime\bin\CODEME~2.EXE
file: C:\PROGRA~1\CODEME~1\Runtime\bin\CODEME~2.EXE
size: 4984832
MD5: 8E3CC6836BB5F9C2CF930D961F3DB8F0

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27.02.2009 13:07:26
Date (last access): 19.10.2009 18:58:32
Date (last write): 27.02.2009 13:07:26
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 09.09.2009 12:11:44
Date (last access): 19.10.2009 21:53:46
Date (last write): 26.01.2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java(tm) Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In SSV Helper
Path: C:\Programme\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 04.11.2008 11:33:58
Date (last access): 19.10.2009 18:53:22
Date (last write): 04.11.2008 11:33:58
Filesize: 320920
Attributes: archive
MD5: DC090E320775F1B1FE896F6E1D393D7F
CRC32: 068B5AFC
Version: 6.0.100.33

{AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEToolbarHelper Class
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\
Long name: AcroIEFavClient.dll
Short name: ACROIE~1.DLL
Date (created): 15.05.2003 02:03:46
Date (last access): 19.10.2009 19:06:02
Date (last write): 15.05.2003 02:03:46
Filesize: 147456
Attributes: archive
MD5: 44BCFF08947790E74BD7CC7532D2B793
CRC32: 0C91890B

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Programme\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 04.11.2008 11:33:58
Date (last access): 19.10.2009 18:53:20
Date (last write): 04.11.2008 11:33:58
Filesize: 34816
Attributes: archive
MD5: 27771CDC5D464818C8F92356AE840A6F
CRC32: B0BC1BD4
Version: 6.0.100.33

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Programme\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 04.11.2008 11:33:58
Date (last access): 19.10.2009 18:53:18
Date (last write): 04.11.2008 11:33:58
Filesize: 73728
Attributes: archive
MD5: 8F206275452A3668097A7A26F62A7127
CRC32: 44B85557
Version: 6.0.100.33

[...]

[...]

--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: swdir.dll
Short name:
Date (created): 02.09.2008 15:22:56
Date (last access): 19.10.2009 18:10:30
Date (last write): 06.08.2008 16:30:48
Filesize: 202168
Attributes: archive
MD5: B8153BAD2E56C50B147867FA9DAEB095
CRC32: D52113FA
Version: 11.0.0.465

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 24.04.2007 11:32:06
Date (last access): 19.10.2009 18:11:12
Date (last write): 20.03.2008 18:06:36
Filesize: 1480232
Attributes: archive
MD5: E058C4821D48E0A67F6069CB50818D44
CRC32: 3513AE02
Version: 1.7.69.2

{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object)
DPF name:
CLSID name: CTVUAxCtrl Object
Installer: C:\WINDOWS\Downloaded Program Files\TVUAx.inf
Codebase: http://dl.tvunetworks.com/TVUAx.cab
description:
classification: Legitimate
known filename: TVUAx.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\TVUAx\
Long name: npTVUAx.dll

{4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
description:
classification: Legitimate
known filename: EPUWalcontrol.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 15.06.2006 18:33:54
Date (last access): 19.10.2009 18:12:00
Date (last write): 26.09.2008 19:08:16
Filesize: 3204368
Attributes: archive
MD5: A2B9047463F1297403DEC0DE4DF2298A
CRC32: 1F64400B
Version: 1.0.27.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 04.11.2008 11:33:58
Date (last access): 19.10.2009 18:12:42
Date (last write): 04.11.2008 11:33:58
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\j2re1.4.2\bin\
Long name: NPJPI142.dll
Short name:
Date (created): 20.07.2007 23:06:42
Date (last access): 19.10.2009 18:07:40
Date (last write): 20.07.2007 23:06:42
Filesize: 65636
Attributes: archive
MD5: 4ACFBF6AB1BBE79DBD665C186B3B5AFD
CRC32: BE89D675
Version: 1.4.2.0

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_04
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_04.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.5.0_04\bin\
Long name: NPJPI150_04.dll
Short name: NPJPI1~1.DLL
Date (created): 03.06.2005 03:52:58
Date (last access): 19.10.2009 18:10:24
Date (last write): 03.06.2005 04:09:54
Filesize: 69746
Attributes: archive
MD5: 8548FE98BD687F35AFD0AED9C2A2DEE3
CRC32: 4058FA1B
Version: 5.0.40.5

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02.03.2006 13:52:58
Date (last access): 19.10.2009 18:09:26
Date (last write): 10.11.2005 13:22:12
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12.10.2006 04:10:58
Date (last access): 19.10.2009 18:08:00
Date (last write): 12.10.2006 04:25:44
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 04.11.2008 11:33:58
Date (last access): 19.10.2009 21:53:48
Date (last write): 04.11.2008 11:33:58
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_10
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_10.dll
Short name: NPJPI1~1.DLL
Date (created): 04.11.2008 11:33:58
Date (last access): 19.10.2009 21:53:48
Date (last write): 04.11.2008 11:33:58
Filesize: 132504
Attributes: archive
MD5: 3CEF7A7DE0D5141E016A862B1D86B1CD
CRC32: CC232AC8
Version: 6.0.100.33

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 03.02.2009 04:07:18
Date (last access): 19.10.2009 17:54:20
Date (last write): 03.02.2009 04:07:18
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87



--- Process list ---
PID: 0 ( 0) [System]
PID: 676 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 756 ( 676) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 788 ( 676) \??\C:\WINDOWS\system32\winlogon.exe
size: 507392
PID: 832 ( 788) C:\WINDOWS\system32\services.exe
size: 108544
MD5: EDB6B81761BD60F32F740BBC40AFB676
PID: 844 ( 788) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 183805EB05BCA5A1E4AAAED4D2BE3690
PID: 1000 ( 832) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: B8DBF155EAE86B1468FEEA472E94AEFB
PID: 1012 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1076 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1112 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1164 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1260 ( 788) C:\WINDOWS\system32\Ati2evxx.exe
size: 598016
MD5: B8DBF155EAE86B1468FEEA472E94AEFB
PID: 1336 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1528 (1440) C:\WINDOWS\Explorer.EXE
size: 1035264
MD5: 22FE1BE02EADDE1632E478E4125639E0
PID: 1624 ( 832) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1772 ( 832) C:\Programme\AntiVir PersonalEdition Classic\sched.exe
size: 68865
MD5: D6C8942BEA3698A2E7559BD423BFA5D7
PID: 1784 ( 832) C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
size: 151297
MD5: 335A142923FE7F97E8C8388ACD067568
PID: 1880 ( 832) C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
size: 2007040
MD5: C602AF4675C1147747E5B5CAC32FBD05
PID: 1908 ( 832) C:\WINDOWS\system32\crypserv.exe
size: 61440
MD5: B3C447CE4A4DB5F11B1010F060F2A965
PID: 276 ( 832) C:\Programme\Java\jre6\bin\jqs.exe
size: 152984
MD5: 5FD5865DC1A2100F8D4CF000EE5409A3
PID: 296 ( 832) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 44CE5579514334B801EED77E8C618CD8
PID: 424 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 616 ( 832) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: C81B8635DEE0D3EF5F64B3DD643023A5
PID: 664 ( 832) C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
size: 69632
MD5: FE5C052FC82645F87139F6655B3C21E6
PID: 748 ( 832) C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
size: 69632
MD5: 4EF298F9218C61040A86ADE86AF3D9EB
PID: 1368 (1112) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 7D3E0BEB62799112F5C9FF717D72BF29
PID: 1432 (1528) C:\WINDOWS\system32\nvraidservice.exe
size: 84480
MD5: 48264A915E7356E2B06D9ABAF74DEE93
PID: 3148 ( 832) C:\Programme\a-squared Anti-Malware\a2service.exe
size: 1858144
MD5: 0ADFA052C927F2A214133E4DF2EF5AB0
PID: 2624 (1528) C:\Programme\Outlook Express\msimn.exe
size: 60416
MD5: 2BA53E3D0EC9F43A156D31C6F5829243
PID: 2512 (1528) C:\Programme\a-squared Anti-Malware\a2guard.exe
size: 3278480
MD5: DC9568B11158249B7A15DF0A3A7B92C2
PID: 3384 (1528) C:\Programme\Internet Explorer\IEXPLORE.EXE
size: 93184
MD5: B39A6AF04A431E317C85BF061719E705
PID: 1536 (1528) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 19.10.2009 21:53:46

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.de/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/keyword/%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Irda [IrDA]
GUID: {3972523D-2AF1-11D1-B655-00805F3642CC}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Infrared protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Irda [IrDA]

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C437F47-848E-49EE-8977-3164CF79E16D}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3C437F47-848E-49EE-8977-3164CF79E16D}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29473F36-CFD2-4277-8AEF-36E17B8CA20B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{29473F36-CFD2-4277-8AEF-36E17B8CA20B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F58CC77-5540-4919-96A6-8A5F6E2B93E3}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F58CC77-5540-4919-96A6-8A5F6E2B93E3}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F276EEB-64FD-4B29-96B7-DCCF449B2CE9}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F276EEB-64FD-4B29-96B7-DCCF449B2CE9}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9641C66C-7D7D-4311-A2E0-9E51FA57F85C}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9641C66C-7D7D-4311-A2E0-9E51FA57F85C}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2990
Windows 5.1.2600 Service Pack 2

19.10.2009 23:04:28
mbam-log-2009-10-19 (23-04-28).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 112938
Laufzeit: 34 minute(s), 6 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

=============================================

Während des Scans mit Malwarebytes zeigte mir AntiVir jedoch folgende Funde an:

AntiVir Guard: Achtung, Fund!

C:\Dokumente und Einstellungen\[Name]\...\cran.cvd
Enthält Erkennungsmuster des Trivial-28 [A]-Virus


AntiVir Guard: Achtung, Fund!

C:\Dokumente und Einstellungen\[Name]\...\cran.cvd
Enthält Erkennungsmuster des HTMLScriptvirus HTML/Silly.Gen

schritt 1

Während dieser Scans soll(en):

• alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
• nichts am Rechner getan werden,
• nach jedem Scan der Rechner neu gestartet werden.

Rootkitscan mit RootRepeal

• Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
• Entpacke die Datei auf Deinen Desktop.
• Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
• Klicke auf den Reiter Report und dann auf den Button Scan.
• Mache einen Haken bei den folgenden Elementen und klicke Ok.
  .
  Drivers
  Files
  Processes
  SSDT
  Stealth Objects
  Hidden Services
  Shadow SSDT
  .
• Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
• Wähle C:\ und klicke wieder Ok.
• Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
• Wenn der Suchlauf beendet ist, klicke auf Save Report.
• Speichere das Logfile als RootRepeal.txt auf dem Desktop.
• Kopiere den Inhalt hier in den Thread.

schritt 2

Rootkitsuche mit Avira AntiRootkit

Lade Avira AntiRootkit herunter, indem Du auf den Download-Button klickst. Speichere die Datei auf Deinem Desktop.

• Du solltest jetzt antivir_rootkit.zip auf Deinem Desktop finden.
• Entpacke das Archiv auf Deinen Desktop (antivir_rootkit.zip kannst Du jetzt manuell löschen).
• Doppelklick auf die avirarkd.exe => OK.
• Klicke auf Start scan.
• Wenn der Suchlauf beendet ist, klicke auf View report und kopiere das Log hier in den Thread.

schritt 3

Lade dir F-Secure Blacklight herunter

• Installiere es in C:\Programme\Blacklight
• Trenne dich von Netz(W-Lan nicht vergessen)
• Deaktiviere alle laufenden Virenscanner etc
• Schließe alle offenen Programme und starte es durch klick auf die fsbl.exe
• Klicke auf i accept the agreement-->Next-->Scan
• nach dem Scan klicke auf Close
• Die Logfile fsbl.xxx.log wird unter dem Blacklight Verzeichnis gespeichert
• Bitte posten

AntiVir Programme einschalten nicht vergessen bevor du ins Netz gehst


Bitte poste in Deiner nächsten Antwort
Logfile von Rootrepeal
Logfile von Avira Anti Rootkit
Logfile von F-secure

Der erste Schritt lässt sich bei mir nicht durchführen:
Beim Rootkitscan mit RootRepeal stürzt der Rechner jedesmal ab.

Zuerst zeigt ein Dauerleuchten der LED für CPU-Auslastung am Tower an, dass RootRepeal die CPU lahmlegt, dann folgt irgendwann der typische blue screen - auch ein Herabsetzen der Priorität im Task-Manager bringt keinen Unterschied. Sobald der Scan in RootRepeal gestartet wird, komme ich auch nicht mehr in den Task-Manager, weil die CPU durch das Tool komplett blockiert wird.

Kann ich auch RootRepeal weglassen und stattdessen sofort Schritte 2 und 3 des letzten Tipps durchführen?!?

Danke schonmal soweit ...


Gruß,

Molto

Muss ich mal mit dem Author reden. Kommt in letzter Zeit oft vor.

Ja bitte mit Schritt 2 und 3 fortfahren.

Oh!

Wenn ich die Avira AntiRootkit-Datei wie von Dir vorgegeben entpacke und die darin befindliche Datei avirarkd.exe auf dem Desktop zum Ausführen doppelklicke, kommt die Fehlermeldung

"Diese Anwendung konnte nicht gestartet werden, weil die Anwendungskonfiguration nicht korrekt ist. Zur Problembehebung sollten Sie die Anwendung neu installieren."

Was läuft hier falsch? / Was tun?
Ebenfalls weglassen und direkt mit Blacklight weitermachen?

Der PC macht mich fertig. :/

Rootkit mit AVZ Antiviral-Toolkit entfernen

AVZ Antiviral Toolkit ist ein russisches Projekt, welches auch in englisch verfügbar ist. Das Programm prüft auf Viren, Adware, Spyware, Dialer, verdächtige Software (Risktools), Hacktools und Rootkits. AVZ ist ein sehr mächtiges Tool, bitte nichts "auf eigene Faust" machen.

Bitte lade AVZ4 herunter und entpacke es auf den Desktop.
Dort sollte sich nun der Ordner avz4 befinden.

• Öffne den Ordner avz4 und starte die avz.exe durch Doppelklick.
• Aktualisiere die Signaturen:
  Im Menü => File => Database Update => Start-Button drücken => OK
• Im Menü => AVZPM
• Dort aud "Install extended monitoring driver" drücken
• AVZ wird nun einen Neustart verlangen, also neustarten.
• Setze Häkchen vor die Laufwerke, die gescannt werden sollen.
• Setze ein Häkchen rechts vor "Enable malware removal mode:"
• Setze ein Häkchen vor "Copy suspicious files to Quarantine".
  .
  http://image.hijackthis.eu/upload/avz.jpg
  .
• Drücke auf den Button "Start", um den Suchlauf zu starten.
• Geduld, der Suchlauf kann eine Weile dauern.
• Wenn der Suchlauf beendet ist (Scanning finished), drücke rechts auf auf das Diskettensymbol, um das Logfile als Text-Datei zu speichern.
• Poste das Logfile hier in den Thread.

Eine ausführliche und bebilderte Anleitung findest Du bei virus-protect.org.

> Der PC macht mich fertig. :/
[Zynikmodus an] Na, dann: Willkommen im Club. :-) [Zynikmodus aus]

Das Logfile sieht selbst für mich als Laien schon übel aus ...

- Trojan.Win32.Buzus.chfk
- Trojan.Kyjak
- Trojan.Win32.Obfuscated.gx

Aber sieh' besser selbst:



AVZ Antiviral Toolkit log; AVZ version is 4.32
Scanning started at 21.10.2009 11:52:41
Database loaded: signatures - 245798, NN profile(s) - 2, malware removal microprograms - 56, signature database released 20.10.2009 20:44
Heuristic microprograms loaded: 374
PVS microprograms loaded: 9
Digital signatures of system files loaded: 149422
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 2 ; AVZ is run with administrator rights
System Restore: Disabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=07B400)
Kernel ntkrnlpa.exe found in memory at address 804D7000
SDT = 80552400
KiST = 8050121C (284)
Function NtCreateKey (29) intercepted (80618F32->B9EA80E0), hook spfv.sys
Function NtEnumerateKey (47) intercepted (80619772->B9EC6CA2), hook spfv.sys
Function NtEnumerateValueKey (49) intercepted (806199DC->B9EC7030), hook spfv.sys
Function NtOpenKey (77) intercepted (8061A2C8->B9EA80C0), hook spfv.sys
Function NtQueryKey (A0) intercepted (8061A5EC->B9EC7108), hook spfv.sys
Function NtQueryValueKey (B1) intercepted (80616FEC->B9EC6F88), hook spfv.sys
Function NtSetValueKey (F7) intercepted (806175F2->B9EC719A), hook spfv.sys
Functions checked: 284, intercepted: 7, restored: 0
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Searching for masking processes and drivers - complete
Driver loaded successfully
1.5 Checking IRP handlers
\FileSystem\ntfs[IRP_MJ_CREATE] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_CLOSE] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_WRITE] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 8AFFB1F8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 8AFFB1F8 -> hook not defined
Checking - complete
2. Scanning RAM
Number of processes found: 33
Number of modules loaded: 308
Scanning RAM - complete
3. Scanning disks
C:\WINDOWS\Installer\2827b25.msi/{MS-OLE}/\49 >>> suspicion for Trojan.Win32.Buzus.chfk ( 00515340 08CD8ABD 001C13F0 001FD6D9 40960)
File quarantined succesfully (C:\WINDOWS\Installer\2827b25.msi)
C:\WINDOWS\Installer\2827c09.msi/{MS-OLE}/\123 >>> suspicion for Trojan.Win32.Buzus.chfk ( 004F362A 08CD8ABD 001C13F0 001FD6D9 40960)
File quarantined succesfully (C:\WINDOWS\Installer\2827c09.msi)
C:\WINDOWS\Installer\3890cd.msi/{MS-OLE}/\39 >>>>> Trojan.Kyjak
C:\WINDOWS\Installer\{3B94A56F-9FDA-46CC-A3B6-07613A84200B}\NewShortcut11_FE2DFC05CD1F4CCDB7A69854173E2F92.exe >>> suspicion for Trojan.Win32.Buzus.chfk ( 004F362A 08CD8ABD 001C13F0 001FD6D9 40960)
File quarantined succesfully (C:\WINDOWS\Installer\{3B94A56F-9FDA-46CC-A3B6-07613A84200B}\NewShortcut11_FE2DFC05CD1F4CCDB7A69854173E2F92.exe)
C:\WINDOWS\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\tdc.ocx >>> suspicion for Trojan.Win32.Obfuscated.gx ( 053750B3 01AEF965 0005F0DD 00218FA4 61440)
File quarantined succesfully (C:\WINDOWS\SoftwareDistribution\Download\95722b048b44feeb8b09afd7a4b3cf38\tdc.ocx)
Direct reading: C:\WINDOWS\system32\drivers\sptd.sys
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote-Registrierung)
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Alerter (Warndienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>>> Security: Internet Explorer allows ActiveX, not marked as safe
>>> Security: Internet Explorer allows unsigned ActiveX elements
>>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
Checking - complete
9. Troubleshooting wizard
>> Internet Explorer - ActiveX, not marked as safe, are allowed
>> Internet Explorer - unsigned ActiveX elements are allowed
>> Internet Explorer - automatic queries of ActiveX operating elements are allowed
>> Service termination timeout is out of admissible values
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 113727, extracted from archives: 74239, malicious software found 1, suspicions - 4
Scanning finished at 21.10.2009 12:04:40
Time of scanning: 00:12:00
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen
Also gehe wie hier beschrieben vor:

• Öffne diese Webseite: virustotal
• Klicke auf "Durchsuchen"
• Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
• "Senden der Datei"
• Warte, bis der Scandurchlauf aller Virenscanner beendet ist
• Auf "Filter" klicken
• dann auf "Ergebnisse"
• das Ergebnis (wie Du es bekommst )
  komplett markieren und hier rein kopieren

Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Blacklight findet nichts. :-)


10/21/09 19:40:21 [Info]: BlackLight Engine 2.2.1092 initialized
10/21/09 19:40:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/21/09 19:40:21 [Note]: 7019 4
10/21/09 19:40:21 [Note]: 7005 0
10/21/09 19:40:26 [Note]: 7006 0
10/21/09 19:40:26 [Note]: 7011 1972
10/21/09 19:40:26 [Note]: 7035 0
10/21/09 19:40:26 [Note]: 7026 0
10/21/09 19:40:26 [Note]: 7026 0
10/21/09 19:40:33 [Note]: FSRAW library version 1.7.1024
10/21/09 19:59:05 [Note]: 2000 1012
10/21/09 19:59:05 [Note]: 2000 1012
10/21/09 19:59:08 [Note]: 2000 1012
10/21/09 21:17:38 [Note]: 7007 0


Die Dateiüberprüfung führe ich dann jetzt mal durch ...

Auch VirusTotal findet nichts mehr.
Heißt das, dass der Rechner wieder "frisch" ist?!?


Datei 2827c09.msi empfangen 2009.10.21 19:23:45 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 0/41 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit ist zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.10.21 -
AhnLab-V3 5.0.0.2 2009.10.21 -
AntiVir 7.9.1.42 2009.10.21 -
Antiy-AVL 2.0.3.7 2009.10.21 -
Authentium 5.1.2.4 2009.10.21 -
Avast 4.8.1351.0 2009.10.21 -
AVG 8.5.0.420 2009.10.21 -
BitDefender 7.2 2009.10.21 -
CAT-QuickHeal 10.00 2009.10.21 -
ClamAV 0.94.1 2009.10.21 -
Comodo 2681 2009.10.21 -
DrWeb 5.0.0.12182 2009.10.21 -
eSafe 7.0.17.0 2009.10.21 -
eTrust-Vet 35.1.7077 2009.10.21 -
F-Prot 4.5.1.85 2009.10.21 -
F-Secure 9.0.15300.0 2009.10.20 -
Fortinet 3.120.0.0 2009.10.21 -
GData 19 2009.10.21 -
Ikarus T3.1.1.72.0 2009.10.21 -
Jiangmin 11.0.800 2009.10.21 -
K7AntiVirus 7.10.876 2009.10.21 -
Kaspersky 7.0.0.125 2009.10.21 -
McAfee 5778 2009.10.21 -
McAfee+Artemis 5778 2009.10.21 -
McAfee-GW-Edition 6.8.5 2009.10.21 -
Microsoft 1.5101 2009.10.21 -
NOD32 4530 2009.10.21 -
Norman 6.03.02 2009.10.21 -
nProtect 2009.1.8.0 2009.10.21 -
Panda 10.0.2.2 2009.10.21 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.21 -
Rising 21.52.24.00 2009.10.21 -
Sophos 4.46.0 2009.10.21 -
Sunbelt 3.2.1858.2 2009.10.21 -
Symantec 1.4.4.12 2009.10.21 -
TheHacker 6.5.0.2.049 2009.10.20 -
TrendMicro 8.950.0.1094 2009.10.21 -
VBA32 3.12.10.11 2009.10.20 -
ViRobot 2009.10.21.1999 2009.10.21 -
VirusBuster 4.6.5.0 2009.10.21 -
weitere Informationen
File size: 9271808 bytes
MD5...: 117d4303ed241a84c3e19f0bd8124a3c
SHA1..: 04c9fe58821863d5280ea786dbd330de18db9b63
SHA256: 3fa04035f730ba676a375d1437de9a1c9b5e7be274598f339ec29a010de56f30
ssdeep: 98304:4saGH5pYyPFqfvdICmjjk4/hQioDK5tM/wiIFH1ere:OGH5lqfvdpmjxJQ
ioDKr4WFH1z

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Microsoft Windows Installer (92.7%)
Windows SDK Setup Transform Script (6.3%)
Generic OLE2 / Multistream Compound File (0.8%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

noch nit ganz :)

RSIT erneut das System scannen lassen

• Schließe alle Fenster und Programme inkl. Browser.
• Lösche C:\rsit\info.txt manuell.
• Start => ausführen (bei Vista: im Feld "Suche starten")
• "%userprofile%\desktop\rsit.exe" /info (reinkopieren),
  damit die alten Logdateien von RSIT überschrieben werden.
• Bitte poste den Inhalt folgender Logs hier in den Thread:
  C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt).

Logfile of random's system information tool 1.06 (written by random/random)
Run by [Name] at 2009-10-21 22:56:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 73 MB (0%) free of 24 GB
Total RAM: 3455 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:54, on 21.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\Electronic Arts\EADM\Core.exe
C:\Programme\a-squared Anti-Malware\a2service.exe
C:\Dokumente und Einstellungen\[Name]\desktop\rsit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Trend Micro\HijackThis\[Name].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [SpybotDeletingC3321] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9570] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotDeletingC496] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programme\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programme\a-squared free\a2service.exe
O23 - Service: ABBYY FineReader 9.0-Lizenzierungsdienst (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\04_DVD\01_Cut\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7467 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\New Task.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-11-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-11-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2004-12-07 84480]
"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-20 266497]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"a-squared"=C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe [2009-10-01 3278480]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"DWQueuedReporting"=C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2004-08-04 137216]
"SpybotDeletingC3321"=cmd.exe /c del C:\WINDOWS\system32\lowsec\local.ds []
"SpybotDeletingA9570"=command.com /c del C:\WINDOWS\system32\lowsec\user.ds []
"SpybotDeletingC496"=cmd.exe /c del C:\WINDOWS\system32\lowsec\user.ds []
"SpybotSnD"=C:\Programme\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Programme\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Programme\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2004-03-25 1732608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-01 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BayReminder]
D:\01_Office\03_Internet\BayWatcher Pro\bayreminder.exe /a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Programme\Softwin\BitDefender8\bdmcon.exe [2005-06-20 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
C:\Programme\Softwin\BitDefender8\bdnagent.exe [2005-05-09 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\01_Office\02_Burning Tools\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\02_Audio\Programme\Medienplayer\iTunes\iTunesHelper.exe [2006-02-23 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-09-11 339240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-07 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2008-11-04 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-04-22 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Programme\Save\Save.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-11-25 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-11-25 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ATI CATALYST System Tray.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [2005-01-20 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
D:\01_OFF~1\01_MIC~1\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^[Name]^Startmenü^Programme^Autostart^CodeMeter Control Center.lnk]
C:\PROGRA~1\CODEME~1\Runtime\bin\CODEME~2.EXE [2007-03-23 4984832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[Fortsetzung]


======List of files/folders created in the last 1 months======

2009-10-21 11:42:32 ----D---- C:\WINDOWS\LastGood
2009-10-21 11:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-21 11:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-21 11:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-21 11:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-21 11:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-21 11:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-21 11:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-21 11:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-21 11:35:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-21 11:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-21 11:10:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-21 11:10:40 ----D---- C:\WINDOWS\system32\KB905474
2009-10-21 11:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-10-21 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-21 11:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-21 11:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-21 11:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-21 11:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-21 11:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-21 09:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-21 09:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-21 09:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-21 09:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-21 09:31:25 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-21 09:31:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-10-21 09:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-21 09:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-21 09:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-21 09:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-21 09:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-10-21 09:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-21 09:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-21 09:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-21 09:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-21 09:30:08 ----A---- C:\WINDOWS\imsins.BAK
2009-10-21 09:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-19 17:57:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
2009-10-17 01:30:07 ----D---- C:\rsit
2009-10-16 16:55:06 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Malwarebytes
2009-10-16 16:53:34 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-10-16 16:53:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-10-15 20:37:41 ----D---- C:\Programme\Trend Micro
2009-10-15 20:23:06 ----D---- C:\Programme\a-squared Anti-Malware
2009-09-30 20:48:00 ----D---- C:\WINDOWS\9384D0FFFE2242BAB40AD4F8F6B11072.TMP
2009-09-25 19:51:23 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\dvdisaster
2009-09-25 19:50:44 ----D---- C:\Programme\dvdisaster

======List of files/folders modified in the last 1 months======

2009-10-21 19:38:26 ----D---- C:\WINDOWS\Temp
2009-10-21 19:34:58 ----D---- C:\Programme\AntiVir PersonalEdition Classic
2009-10-21 19:34:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-10-21 15:14:31 ----D---- C:\WINDOWS\Prefetch
2009-10-21 12:33:40 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 11:43:14 ----HD---- C:\WINDOWS\inf
2009-10-21 11:42:32 ----D---- C:\WINDOWS
2009-10-21 11:42:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-21 11:40:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-21 11:40:21 ----HD---- C:\Config.Msi
2009-10-21 11:40:21 ----D---- C:\WINDOWS\system32\Setup
2009-10-21 11:40:21 ----D---- C:\WINDOWS\system32
2009-10-21 11:40:21 ----D---- C:\WINDOWS\AppPatch
2009-10-21 11:36:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-21 11:36:34 ----D---- C:\WINDOWS\WinSxS
2009-10-21 11:35:29 ----D---- C:\Programme\Outlook Express
2009-10-21 11:35:18 ----SHD---- C:\WINDOWS\Installer
2009-10-21 11:10:40 ----SD---- C:\WINDOWS\Tasks
2009-10-21 11:10:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-20 11:27:07 ----RSD---- C:\WINDOWS\assembly
2009-10-19 19:19:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-19 09:15:48 ----D---- C:\WINDOWS\Help
2009-10-18 19:20:07 ----D---- C:\WINDOWS\Minidump
2009-10-17 01:19:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-10-16 16:59:02 ----D---- C:\WINDOWS\Debug
2009-10-16 16:53:34 ----D---- C:\Programme
2009-10-16 16:48:17 ----D---- C:\Programme\CCleaner
2009-10-16 09:14:42 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-15 20:35:16 ----D---- C:\Programme\HijackThis 1.97
2009-10-15 19:38:18 ----D---- C:\Programme\a-squared Free
2009-10-15 13:48:50 ----D---- C:\Programme\Rapidown
2009-10-15 00:27:29 ----D---- C:\Programme\Spybot - Search & Destroy
2009-10-13 23:49:12 ----A---- C:\WINDOWS\win.ini
2009-10-13 12:48:59 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Adobe
2009-10-13 12:48:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-10-12 00:10:58 ----A---- C:\WINDOWS\cdplayer.ini
2009-10-10 10:23:38 ----D---- C:\temp
2009-10-10 09:11:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-04 14:48:23 ----D---- C:\Programme\Mozilla Firefox
2009-10-02 16:33:50 ----A---- C:\WINDOWS\demdata.txt
2009-10-02 11:18:18 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\SiteClasses
2009-10-01 22:19:04 ----D---- C:\WINDOWS\system
2009-09-30 20:43:18 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Mozilla
2009-09-22 09:21:46 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2001-02-01 25244]
R1 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2003-07-29 28518]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 uzmznzu5;AVZ-RK Kernel Driver; \??\C:\WINDOWS\system32\Drivers\uzmznzu5.sys []
R2 ACEDRV06;ACEDRV06; \??\C:\WINDOWS\system32\drivers\ACEDRV06.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2003-10-29 9735]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-02-26 97216]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2007-01-30 29312]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-01-01 47360]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-01-26 13824]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 PDIDRV;PDIDRV; C:\WINDOWS\system32\drivers\PDIDRV.sys []
S2 digi96;RME Digi Audio Device; C:\WINDOWS\system32\DRIVERS\digi96.sys [2006-03-28 48768]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 arftg22q;arftg22q; C:\WINDOWS\system32\drivers\arftg22q.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 bco_1394;bco_1394; C:\WINDOWS\System32\Drivers\bco_1394.sys [2005-04-22 103168]
S3 bco_avs;bco_avs; C:\WINDOWS\System32\Drivers\bco_avs.sys [2005-04-22 24576]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ews88mt;EWS88 WDM Audio; C:\WINDOWS\system32\drivers\ews88wdm.sys [2006-02-15 85824]
S3 ffSaffire_1394;ffSaffire_1394; C:\WINDOWS\System32\Drivers\ffSaffire_1394.sys [2005-09-29 112128]
S3 ffSaffire_avs;ffSaffire_avs; C:\WINDOWS\System32\Drivers\ffSaffire_avs.sys [2005-09-29 27136]
S3 fireface;Service for Fireface (WDM); C:\WINDOWS\system32\drivers\fireface.sys [2008-06-05 82048]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 IKFileFlt;File Filter Driver; C:\WINDOWS\system32\drivers\ikfileflt.sys [2007-05-23 39376]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-05-23 53840]
S3 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-05-23 57424]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-05-23 83024]
S3 iLokDrvr;Usb Driver; C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2009-05-30 52008]
S3 KCIRNET;KC Technology Device Driver; C:\WINDOWS\system32\DRIVERS\kcirnet.sys [2002-09-06 24876]
S3 L6PODLV;PODxt Live Service; C:\WINDOWS\System32\Drivers\L6PODLV.sys [2007-01-30 609408]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\D:\02_Audio\Programme\Editoren\Samplitude v9\mxasio.sys []
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 Paproxna;Paproxna; C:\WINDOWS\system32\drivers\Paproxna.sys []
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 RTCore32;RTCore32; \??\C:\Programme\RightMark Memory Analyzer\RTCore32.sys []
S3 S3U10Scanner;600 CU Still Image Device Service; C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 15104]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040]
S3 StMp3Rec;Treiber für Player-Wiederherstellungsgerät; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-11-25 71376]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Swmsvcsn;Swmsvcsn; C:\WINDOWS\system32\drivers\Swmsvcsn.sys []
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2007-10-24 23288]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 YMIDUSB;Yamaha Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2008-08-27 18048]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 95360]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 bdss;BitDefender Scan Server; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe [2005-01-24 69632]
R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [2007-08-23 2007040]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2003-07-18 61440]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-11-04 152984]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 XCOMM;BitDefender Communicator; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe [2005-06-02 69632]
R3 a2AntiMalware;a-squared Anti-Malware Service; C:\Programme\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0-Lizenzierungsdienst; D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe -service []
S2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S3 a2free;a-squared Free Service; c:\programme\a-squared free\a2service.exe [2009-10-15 1858144]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-15 68096]
S3 AdobeVersionCue;AdobeVersionCue; C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe [2004-03-25 61440]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\04_DVD\01_Cut\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPodService;iPodService; C:\Programme\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 sdAuxService;Spyware Doctor Auxiliary Service; C:\Programme\Spyware Doctor\svcntaux.exe [2007-06-27 708424]
S3 sdCoreService;Spyware Doctor Service; C:\Programme\Spyware Doctor\swdsvc.exe [2007-06-15 1309264]
S3 ServiceLayer;ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

einfo.txt logfile of random's system information tool 1.06 2009-10-21 22:56:56

======Uninstall list======

-->C:\Programme\Burning Tools\Nero 7 Premium\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Mühle 1.56-->"D:\05_Games\Brettspiele\3D Mühle v1.0\unins000.exe"
3D-Fahrschule-->"C:\Programme\Sybex\3D-Fahrschule 5\uninstall.exe"
6000 Sound Effects-->C:\WINDOWS\uninst.exe -f"D:\02_Audio\Programme\Sounds\6000 Sound Effects Library\DeIsL1.isu" -c"D:\02_Audio\Programme\Sounds\6000 Sound Effects Library\_ISREG32.DLL"
7-Zip 4.57-->"D:\01_Office\05_Zippers\7zip\7-Zip\Uninstall.exe"
Abalone 1.0-->C:\WINDOWS\uninst.exe -f"d:\05_games\brettspiele\Abalone v3\DeIsL1.isu"
Abalone-->rundll32 "C:\Programme\Random Software\uninstaller.dll",Uninstall Abalone
abramania - poker duell - freeware 1.0 -->C:\WINDOWS\uninstall\abramania - poker duell - freeware\setup.exe
AC3Filter (remove only)-->C:\Programme\AC3Filter\uninstall.exe
AceFTP 3 Freeware-->"D:\01_Office\03_Internet\AceFTP 3 Freeware\uninst-ftp.exe"
Acoustica Premium Edition 4.1-->"D:\02_Audio\Programme\Editoren\Acoustica Premium 4\unins000.exe"
Acoustic-X-->C:\WINDOWS\IsUninst.exe -fd:\02_audio\programme\akustik\Uninst.isu
Adapt-X Plug-in for Winamp/WMP 9 (remove only)-->"C:\Programme\Chronotron Inc\Adapt-X\uninst-adaptx.exe"
Addictive Drums-->C:\WINDOWS\unvise32.exe f:\03_vsti\XLN Audio\Addictive Drums\uninstal.log
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 6.0-->C:\WINDOWS\ISUN0407.EXE -f"d:\03_grafik\Adobe\Photoshop 6.0\Uninst.isu" -c"d:\03_grafik\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AFPL Ghostscript 8.53-->d:\01_office\06_büro\GhostScript\uninstgs.exe "d:\01_office\06_büro\GhostScript\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts-->d:\01_office\06_büro\GhostScript\uninstgs.exe "d:\01_office\06_büro\GhostScript\fonts\uninstal.txt"
Ahnenblatt 2.54-->"C:\Programme\Ahnenblatt\unins000.exe"
Alcatech BPM Studio Professional v4.9.1-->C:\PROGRA~1\ALCATech\BPM-ST~1\UNWISE.EXE C:\PROGRA~1\ALCATech\BPM-ST~1\INSTALL.LOG
AllToAVI v4 r5394-->C:\Programme\AllToAVI\uninst.exe
Antares Autotune VST RTAS TDM v5.08-->"C:\Programme\Antares Audio Technologies\unins001.exe"
Antares AVOX Bundle VST RTAS v1.1.3-->"C:\Programme\Antares Audio Technologies\unins000.exe"
Antares Harmony Engine VST RTAS v1.0-->"C:\Programme\Antares Audio Technologies\unins002.exe"
Antares Kantos v1.02 VST & RTAS-->D:\02_Audio\PlugIns\Effekte\ANTARE~1.02\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\ANTARE~1.02\INSTALL.LOG
Antares Tube 1.02 DirectX-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\01_INS~1\SATURA~1\ANTARE~1\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\01_INS~1\SATURA~1\ANTARE~1\INSTALL.LOG
Antress Modern Plugins v1.80-->C:\WINDOWS\system32\MODERN~1\UNWISE.EXE C:\WINDOWS\system32\MODERN~1\INSTALL.LOG
AnyDVD-->"D:\04_DVD\02_Authoring\Rip & Burn\AnyDVD\AnyDVD-uninst.exe" /D="D:\04_DVD\02_Authoring\Rip & Burn\AnyDVD"
Ares Tube 3.2-->"D:\01_Office\03_Internet\Ares Tube\unins000.exe"
AsfTools 3.1 (remove only)-->D:\04_DVD\02_Authoring\Rip & Burn\AsfTools 3.1\Uninst.exe
a-squared Anti-Malware 4.5-->"C:\Programme\a-squared Anti-Malware\unins000.exe"
a-squared Free 2.1-->"C:\Programme\a-squared Free\unins000.exe"
a-squared HiJackFree 2.1-->"C:\Programme\a-squared HiJackFree\unins000.exe"
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atmosphere Lite Plus v6.0-->"D:\02_Audio\Programme\Developing\Atmosphere Lite Plus\unins000.exe"
Atmosphere Lite v6.0-->"D:\02_Audio\Programme\Developing\Atmosphere Lite\unins000.exe"
Audacity 1.3.0-->"D:\02_Audio\Programme\Editoren\Audacity 1.3 Beta\unins000.exe"
Audio Damage Digitalis Discord VST v1.5-->C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\DISUNI~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\DISUNI~1\INSTALL.LOG
AudioEase Speakersphone VST RTAS v1.01-->"C:\Programme\Audio Ease\Speakerphone\Uninstall\unins000.exe"
Audiograbber 1.83 SE -->C:\WINDOWS\uninstall\Audiograbber\setup.exe
Auto Gordian Knot 2.40-->D:\04_DVD\02_Authoring\Rip & Burn\AutoGK\uninst.exe
Avex DVD & Video Converter Pack (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\Avex DVD & Video Converter Pack\bt-uninst.exe"
AVI2MPEG-->C:\Programme\AVI2MPEG\Setup.exe -U
Avira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"D:\04_DVD\02_Authoring\Rip & Burn\AviSynth 2.5\Uninstall.exe"
AVS DVD Player version 2.2-->"D:\04_DVD\03_Player\AVSDVDPlayer\unins000.exe"
AVS DVDtoGO 1.4.2-->"C:\Programme\AVS4YOU\AVSDVDtoGO\unins000.exe"
AVS Video Tools 5.3-->"D:\01_Office\03_Internet\VideoTools\unins000.exe"
AWicons Pro-->D:\03_Grafik\AWicons Pro\uninstall.exe D:\03_Grafik\AWicons Pro\uninstall.log
BillardGL 1.75-->D:\05_Games\Billiard\BillardGL 1.75\uninstall.exe
Bink and Smacker-->D:\04_DVD\02_AUT~1\RIP&BU~1\RADVideo\UNWISE.EXE D:\04_DVD\02_AUT~1\RIP&BU~1\RADVideo\INSTALL.LOG
bitRipper-->"D:\04_DVD\02_Authoring\Rip & Burn\bitRipper\uninstall.exe"
Book Wizard Producer-->"D:\02_Audio\Programme\Editoren\APH Book Wizard Producer beta\unins000.exe"
Book Wizard Reader-->"C:\Programme\aph\Book Wizard Reader\unins000.exe"
Brainworx BX Control VST RTAS v1.0-->"C:\Programme\Brainworx Music\Uninstall\unins000.exe"
BTR Design Rockster Plus Mastering Processor v1.19-->"D:\02_Audio\PlugIns\Effekte\BTR Design Rockster Plus v1.19\Uninstall\unins000.exe"
BySoft FreeRAM 4.0-->C:\Programme\BySoft FreeRAM\uninst.exe
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CD Bremse 1.48-->"C:\Programme\CD Bremse\unins000.exe"
CDCheck-->"C:\Programme\CDCheck\uninst.exe"
CDex extraction audio-->"D:\02_Audio\Programme\Format-Wandlung\CDex_170b2\uninstall.exe"
CDXtract 3.6 r4-->D:\02_Audio\PROGRA~1\FORMAT~1\CDXTRA~1.62\UNWISE.EXE D:\02_Audio\PROGRA~1\FORMAT~1\CDXTRA~1.62\INSTALL.LOG
CDXtract Samplit v1.0.8-->D:\02_Audio\PROGRA~1\FORMAT~1\CXXTRA~1.8\UNWISE.EXE D:\02_Audio\PROGRA~1\FORMAT~1\CXXTRA~1.8\INSTALL.LOG
Celtx (0.9.9.5)-->D:\04_DVD\04_Drehbuch\Celtx\uninstall\helper.exe
Chopper XP 2.7-->"C:\Programme\Chopper XP\unins000.exe"
Citavi 2.3.5.9-->C:\Programme\Verwaltung\Citavi v2.3.5.9\Deinstallieren.exe
CloneCD-->"D:\01_Office\02_Burning Tools\CloneCD\ccd-uninst.exe" /D="D:\01_Office\02_Burning Tools\CloneCD"
Color LaserJet 1600-->C:\Programme\Zenographics\{38212C60-05EE-4B6B-96AB-2B8360F22F08}\setup.exe -u "HPCLJKCInstaller.dll=CLJ1600.INF"
Cool Rm to Mp3 Wav converter 4.13-->C:\Programme\Cool Rm to Mp3 Wav converter\uninst.exe
Creation Master 07 Ultimate Version-->"D:\05_Games\Sport\FIFA 07\Patches\Creation Master 07\unins000.exe"
Creation Master 08 Release 1.01-->"C:\Programme\Fifa Master\Creation Master 08\unins000.exe"
CreationCentre06-->C:\WINDOWS\iun6002.exe "D:\05_Games\Sport\CreationCentre06\irunin.ini"
Cub Rummy 1.1-->"D:\05_Games\Brettspiele\Cub Rummy\unins000.exe"
DAISY-->"D:\02_Audio\Programme\Authoring\DAISY-Format\DAISY Book Generator v1.50\uninstall.exe"
DATA BECKER Handy Realtone Studio-->"D:\02_Audio\Programme\Sequenzer & Studios\Data Becker\Handy Realtone Studio\unins000.exe"
DATA BECKER Podcast Producer-->"D:\02_Audio\Programme\Sequenzer & Studios\Data Becker\unins000.exe"
db Audioware Sidechain Compressor v1.02 VST-->D:\02_Audio\PlugIns\Effekte\DBAUDI~1.02\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\DBAUDI~1.02\INSTALL.LOG
db Audioware Sidechain Gate v1.02 VST-->D:\02_Audio\PlugIns\Effekte\DBAUDI~2.02\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\DBAUDI~2.02\INSTALL.LOG
DB Master 08-->"C:\Programme\Fifa Master\DB Master 08\unins000.exe"
dBpowerAMP Mp4 & AAC Decode Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DelinvFile - 3.03-->"C:\Programme\PurgeIE\unins000.exe"
Der Schreibtrainer 3.7-->d:\01_office\06_büro\der schreibtrainer v3.7\Der Schreibtrainer\Uninstal.exe C:\Dokumente und Einstellungen\[Name]\Startmenü\Programme\Der Schreibtrainer
Die neue PC-Fahrschule 2009-->msiexec /qb /x {0805AE1C-D466-3264-0C8F-B05097BCD567}
Digitale Bibliothek 3-->c:\Digibib3\uninstall.exe
Digitale Bibliothek 4-->"C:\Programme\Digitale Bibliothek 4\uninstall.exe"
DIKO 2.20-->"D:\04_DVD\02_Authoring\Rip & Burn\DIKO v2.2\unins000.exe"
Dimension DXi Instrument-->"D:\02_Audio\PlugIns\Effekte\Cakewalk\SONAR 5 Producer Edition\Shared Dxi\Dimension\unins000.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DirectVobSub (remove only)-->"D:\04_DVD\03_Player\Zoom Player\DirectVobSub\uninstall.exe"
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DreamStation DXi2-->C:\WINDOWS\DSDXIRMV.EXE D:\02_AUDIO\PLUGINS\EFFEKTE\CAKEWALK\SONAR 5 PRODUCER EDITION\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD Decrypter (Remove Only)-->"D:\04_DVD\02_Authoring\Rip & Burn\DVD Decrypter\uninstall.exe"
DVD Genie (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\DVD Genie\uninst-dvdgenie.exe"
DVD Shrink 3.2 deutsch-->"D:\04_DVD\02_Authoring\Rip & Burn\DVD Shrink v3.2.0.16\unins000.exe"
DVDFab Gold 4.0.3.5 Beta-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDFab Gold 4\unins000.exe"
DVDFab HD Decrypter 4.0.3.5 Beta-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDFab HD Decrypter 4\unins000.exe"
DVDFab Platinum 4.0.5.0-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDFab Platinum 4+\unins000.exe"
dvdisaster-0.72-->"C:\Programme\dvdisaster\unins000.exe"
DVD-lab PRO 1.53-->"D:\04_DVD\02_Authoring\Creation\DVD-lab Pro v1.53\unins001.exe"
DVDToolbox (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDToolbox\uninstall.exe"
DVDx-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDx\unins000.exe"
EA Download Manager-->C:\Programme\Electronic Arts\EADM\Uninstall.exe
ECP Snow Patch '06-->D:\05_Games\Sport\FIFA 06\ECP Snow Patch '06\Uninstal.exe
Edirol Super Quartet v1.52 TALiO-->D:\02_Audio\PlugIns\INSTRU~1\EDIROL~1.52\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\EDIROL~1.52\INSTALL.LOG
ETF5.x-->C:\WINDOWS\st6unst.exe -n "D:\02_Audio\Programme\Akustik\ST6UNST.LOG"
Eurobuchführung-->C:\WINDOWS\AKDeInstall.exe "/D:\01_Office\06_Büro\ebf1\"
Exact Audio Copy 0.95b4-->D:\02_Audio\Programme\Format-Wandlung\Exact Audio Copy\uninst.exe
FabFilter Pro-C VST RTAS v1.0.1-->"C:\Programme\FabFilter\unins000.exe"
Fake Voice 1.0.8-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\01_Insert\Pitch\Fake Voice v1.0.8\unins000.exe"
FAT Master 08-->"D:\05_Games\Sport\FIFA 08\FAT Master 08\unins000.exe"
ffdshow (remove only)-->"C:\Programme\ffdshow\uninstall.exe"
Finale 2005-->C:\WINDOWS\unvise32.exe D:\02_Audio\Programme\Notation\Finale 2005\uninstal.log
Firebird SQL Server - MAGIX Edition (D)-->D:\04_DVD\01_Cut\Common\Database\uninstall.exe
FLAC Installer 1.1.3b (remove only)-->C:\Programme\FLAC\uninstall.exe
Flash Optimizer-->"D:\01_Office\03_Internet\Macromedia\Flash Optimizer\unins000.exe"
FLV to AVI Converter-->"D:\04_DVD\03_Player\FLV to AVI Converter\unins000.exe"
foobar2000 v0.9.3-->"E:\temp\01 - Downloads\05_Burning Tools\Foobar2000\uninstall.exe"
Free M4a to MP3 Converter 5.9-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe"
Free YouTube Download 2.2-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
Freez Screen Video Capture v1.2-->"C:\Programme\Smallvideosoft\Freez Screen Video Capture\unins000.exe"
GoldWave v5.19-->"D:\02_Audio\Programme\Format-Wandlung\GoldWave\unstall.exe" "GoldWave v5.19" "D:\02_Audio\Programme\Format-Wandlung\GoldWave\unstall.log"
GRM Tools Classic VST v1.6.52-->C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\INSTALL.LOG
GRM Tools Spectral Transform VST v1.6.52-->C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\INSTALL.LOG
GUI for dvdauthor 0.99-->D:\04_DVD\02_Authoring\Creation\GUI for dvdauthor\uninst.exe
GXTranscoder VideoFilter-->C:\WINDOWS\GXTranscoder VideoFilter Uninstaller.exe
GXTranscoder-->C:\WINDOWS\GXTranscoder Uninstaller.exe
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Programme\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Hypercube Transcoder v3.05-->C:\Programme\Hypercube Transcoder\uninstaller\uninstall.exe -remove
iLok Client Helper x32x64-->"C:\Programme\InstallShield Installation Information\{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}\setup.exe" -runfromtemp -l0x0409 -removeonly
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
IRXpress USB IrDA-->"C:\Programme\IRXpress\IRXpress USB IrDA\IsStub32.exe" -f"C:\Programme\IRXpress\IRXpress USB IrDA\DeIsL1.isu" -c"C:\Programme\IRXpress\IRXpress USB IrDA\_ISREG32.DLL"
IsoBuster 2.2-->"D:\01_Office\02_Burning Tools\IsoBuster\Uninst\unins000.exe"
iTunes-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1031
iZotope Ozone 3-->"D:\02_Audio\PlugIns\Effekte\iZotope\Ozone 3\unins000.exe"
iZotope RX-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\04_Tools\Restoration\iZotope RX Advanced v.1.04\unins000.exe"
Jazz and Big Band KP2-->F:\03_VSTi\GARRIT~1\JAZZAN~1\UNWISE.EXE F:\03_VSTi\GARRIT~1\JAZZAN~1\INSTALL.LOG
Jumper 1.1-->D:\05_Games\BRETTS~1\JUMPER~1.1\UNWISE.EXE D:\05_Games\BRETTS~1\JUMPER~1.1\INSTALL.LOG
Kit Raptor 2GK FIFA 08 Version 1.5-->C:\Programme\EA Sports\FIFA 08\KitRaptor\uninstall-kitraptor.exe
KRISTAL Audio Engine-->D:\02_Audio\Programme\Sequenzer & Studios\Kreatives.org\KRISTAL Audio Engine\Uninstall.exe
LameFE 2.21 (remove only)-->"D:\02_Audio\Programme\Format-Wandlung\LameFE 2.21\uninst.exe"
Lexicon PSP 42 VST DX v1.0-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\FX\03_Send\Reverb\PSPLEX~1\LEXICO~1\Log\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\FX\03_Send\Reverb\PSPLEX~1\LEXICO~1\Log\INSTALL.LOG
Line 6 Drivers 3.2.9.2 (Remove Only)-->C:\Programme\Line6\Tools\Driver Archive\All Drivers\3.2.9.2\Uninstall.exe
Line 6 Edit (remove only)-->"D:\02_Audio\Programme\Editoren\Line 6\Line 6 Edit\Uninstall.exe"
Line 6 Monkey 1.13 (Remove Only)-->C:\Programme\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.15 (Remove Only)-->C:\Programme\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.16 (Remove Only)-->C:\Programme\Line6\Tools\Line 6 Monkey\Uninstall.exe
LinPlug SaxLab-->D:\02_Audio\PlugIns\Instrumente\LinPlug SaxLab v1.4\UninstalSaxLab.exe
LiquidControl 2.2b1-->"C:\Programme\Focusrite LiquidControl\unins000.exe"
Mackie Traktion VST Plugins Unlocked RePatch v2.1.0.6-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\08_BUN~1\MACKIE\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\08_BUN~1\MACKIE\INSTALL.LOG
Magic ISO Maker v5.4 (build 0251)-->D:\01_OFF~1\02_BUR~1\MagicISO\UNWISE.EXE D:\01_OFF~1\02_BUR~1\MagicISO\INSTALL.LOG
MAGIX Foto Manager 2006 (D)-->D:\04_DVD\01_Cut\Foto_Manager_2006\instslct.exe
MAGIX music maker 2006 deLuxe-->D:\02_Audio\Programme\Sequenzer & Studios\MAGIX\MusicMaker 2006 deLuxe\instslct.exe
MAGIX Music Manager 2006 (D)-->D:\04_DVD\01_Cut\Music_Manager_2006\instslct.exe
MAGIX music studio 2006 deLuxe (D)-->D:\02_Audio\Programme\Sequenzer & Studios\MAGIX\MusicStudio 2006 deLuxe\instslct.exe
MAGIX Online Druck Service (D)-->D:\04_DVD\01_Cut\Online_Druck_Service\instslct.exe
MAGIX Video deLuxe 2005 2006-->D:\04_DVD\01_Cut\MAGIX Video deLuxe 2005-2006\instslct.exe
MAGIX Video deluxe 2006 2007 (D)-->D:\04_DVD\01_Cut\MAGIX Video deLuxe 2006-2007\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins001.exe"
Meda RM2MP3 Converter 1.3-->"C:\Programme\Meda RM2MP3 Converter\unins000.exe"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
MixMeister BPM Analyzer 1.0-->"D:\02_Audio\Programme\Format-Wandlung\MixMeister BPM Analyzer\unins000.exe"
MKVtoolnix 2.2.0-->C:\Programme\MKVtoolnix\uninst.exe
Monkey's Audio-->"D:\02_Audio\Programme\Format-Wandlung\Monkey's Audio\unins000.exe"
Monofilter v3.2-->"D:\02_Audio\PlugIns\Effekte\NuGen Audio Monofilter VST v3.2\unins000.exe"
Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MP3-ID3Tag-Renamer 3.3 (deutsch)-->"D:\01_Office\02_Burning Tools\MIR\unins000.exe"
Mp3tag v2.42-->D:\01_Office\02_Burning Tools\Mp3tag\Mp3tagUninstall.EXE
MSGloss2TWB-->C:\WINDOWS\st6unst.exe -n "c:\Programme\TRADOS\ST6UNST.LOG"
MultiRenamer-->"D:\01_Office\02_Burning Tools\MultiRenamer\unins000.exe"
Mustek 600 CU v2.0a-->C:\WINDOWS\TWAIN_32\600CU\UNINST.EXE
N Schach 3 beta-->"D:\05_Games\Brettspiele\N Schach 3beta\unins000.exe"
Native Instruments Bandstand-->D:\02_Audio\PlugIns\INSTRU~1\NIBAND~1\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\NIBAND~1\INSTALL.LOG
Native Instruments Battery 2-->D:\02_Audio\PlugIns\Sampler\NIBATT~1

[...]

[...]

\UNWISE.EXE D:\02_Audio\PlugIns\Sampler\NIBATT~1\INSTALL.LOG
Native Instruments Guitar Combos-->D:\02_Audio\PlugIns\Effekte\NIGUIT~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\NIGUIT~1\INSTALL.LOG
Native Instruments Guitar Rig 2-->D:\02_Audio\PlugIns\Effekte\NIGUIT~2\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\NIGUIT~2\INSTALL.LOG
Native Instruments Intakt-->D:\02_Audio\PlugIns\Sampler\NIINTA~1\UNWISE.EXE D:\02_Audio\PlugIns\Sampler\NIINTA~1\INSTALL.LOG
Native Instruments Kontakt 2-->D:\02_Audio\PlugIns\Sampler\NIKONT~1\UNWISE.EXE D:\02_Audio\PlugIns\Sampler\NIKONT~1\INSTALL.LOG
Native Instruments Kontakt 3-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Native Instruments Xpress Keyboards-->D:\02_Audio\PlugIns\INSTRU~1\NIEXPR~1\XPRESS~1\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\NIEXPR~1\XPRESS~1\INSTALL.LOG
Nomad Factory SC-226-->D:\02_Audio\PlugIns\Effekte\NOMADF~1\UNINST~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\NOMADF~1\UNINST~1\INSTALL.LOG
NomadFactory Analog Mastering Tools VST RTAS v1.0-->"C:\Programme\Nomad Factory\Uninstall\unins002.exe"
NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3-->"C:\Programme\Nomad Factory\Blue Tubes Analog TrackBox\Uninstall\unins000.exe"
NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.1-->"C:\Programme\Nomad Factory\Uninstall\unins000.exe"
NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2-->"C:\Programme\Nomad Factory\Blue Tubes Dynamics Pack\Uninstall\unins000.exe"
NomadFactory Blue Tubes Effects Pack VST RTAS v3.2-->"C:\Programme\Nomad Factory\Blue Tubes Effects Pack\Uninstall\unins000.exe"
NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2-->"C:\Programme\Nomad Factory\Blue Tubes Equalizers Pack\Uninstall\unins000.exe"
NomadFactory BlueVerb DRV-2080 VST RTAS v1.4-->"C:\Programme\Nomad Factory\BlueVerb DRV-2080\Uninstall\unins000.exe"
NomadFactory Essential Studio Suite VST RTAS v1.5-->"C:\Programme\Nomad Factory\Essential Studio Suite\Uninstall\unins000.exe"
NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3-->"C:\Programme\Nomad Factory\Limiting Amplifier LM-662\Uninstall\unins000.exe"
NomadFactory Liquid Bundle VST RTAS v2.4-->"C:\Programme\Nomad Factory\Liquid Bundle\Uninstall\unins000.exe"
NomadFactory Program Equalizer EQP-4 VST RTAS v1.3-->"C:\Programme\Nomad Factory\Program Equalizer EQP-4\Uninstall\unins000.exe"
NomadFactory Retrology M-Tone EQ VST RTAS v1.0-->"C:\Programme\Nomad Factory\Uninstall\unins001.exe"
NomadFactory Rock Amp Legends VST RTAS v1.5-->"C:\Programme\Nomad Factory\Rock Amp Legends\Uninstall\unins000.exe"
Norton PartitionMagic 8.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
OE Duplicate Remover-->"D:\01_Office\06_Büro\06_MS Office-Tools\Duplicate Email Remover\OE Duplicate Remover\unins000.exe"
Open Video Converter version 3.1-->"D:\04_DVD\02_Authoring\Rip & Burn\OpenVideoConverter v3.0.0\OpenVideoConverter\unins000.exe"
Orbit Downloader-->"D:\01_Office\03_Internet\Orbitdownloader\unins000.exe"
PaqRat-->"C:\Programme\Insanely Great Things\PaqRat\uninst.exe"
PDF-XChange 3.0-->"C:\Programme\Tracker Software\PDF-XChange 3\unins000.exe"
PODxt Drivers 3.0.0.4 (Remove Only)-->C:\Programme\Line6\Tools\Driver Archive\PODxt\3.0.0.4\Uninstall.exe
Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Powerbullet Presenter-->D:\01_Office\03_Internet\Powerbullet\unins000.exe
PPLive 1.3.20-->C:\Programme\PPLive\uninst.exe
PPMate Network TV 2.3.2.0-->C:\Programme\PPMate\uninst.exe
Pro Evolution Soccer 2008-->C:\Programme\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0407
Proxy Finder-->D:\01_Office\03_Internet\Proxy Finder v1.1\uninstal.exe
PSP 84 v1.0-->D:\02_Audio\PlugIns\Effekte\PSPLEX~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\PSPLEX~1\INSTALL.LOG
PSP Audioware Xenon v1.0-->"C:\Programme\PSPaudioware\PSP Xenon iLok\Uninstall\unins000.exe"
PSP MasterComp 1.5.4-->"D:\02_Audio\PlugIns\Effekte\PSP MasterComp v1.5.4\uninstall.exe" "/U:D:\02_Audio\PlugIns\Effekte\PSP MasterComp v1.5.4\irunin.xml"
PSP MixPack 1.8 Demo-->C:\WINDOWS\iun6002.exe "D:\02_Audio\PlugIns\Effekte\PSP MixPack\PSP MixPack 1.8\irunin.ini"
PSP VintageMeter 1.0-->C:\WINDOWS\iun506.exe D:\02_Audio\PlugIns\Effekte\PSP VintageMeter\irunin.ini
Quattro 1.01-->D:\05_Games\BRETTS~1\Quattro\UNWISE.EXE D:\05_Games\BRETTS~1\Quattro\INSTALL.LOG
Quick MPEG Splitter v2.0-->"C:\Programme\Quick MPEG Splitter\unins000.exe"
Rapidown 5.9 SE - http://www.rapidown.com-->C:\Programme\Rapidown\rapidown.exe rapcmd.uninstall
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 3.0.4-->"D:\02_Audio\Programme\Sequenzer & Studios\Propellerhead\Reason\Uninstall Reason\unins000.exe"
ReCycle Demo 2.1-->"D:\02_Audio\Programme\Format-Wandlung\ReCycle Demo\unins000.exe"
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Replay Media Catcher 3.02-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Replicant VST plug-in-->C:\WINDOWS\Replicant VST plug-in Uninstaller.exe
River Past Audio Converter Pro-->C:\WINDOWS\Audio Converter Pro Uninstaller.exe
RM Converter 3.28-->"D:\01_Office\03_Internet\RM Converter\unins000.exe"
Rm to Mp3 Wav Convertor 2.15-->"C:\Programme\Rm to Mp3 Wav Convertor\unins000.exe"
RME DIGI32, DIGI96 and Hammerfall Series-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\digi96.inf
RME DIGICheck-->C:\WINDOWS\uninst.exe -fC:\Programme\RME\DIGICheck\DeIsL1.isu
RME Fireface-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\fireface.inf
Roger Nichols Digital DETAILER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins000.exe"
Roger Nichols Digital DYNAM-IZER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins001.exe"
Roger Nichols Digital FINIS VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins002.exe"
Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins003.exe"
Roger Nichols Digital InspectorXL VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins004.exe"
Roger Nichols Digital UNIQUEL-IZER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins005.exe"
Roger.Nichols.Digital.SPL-IZER.VST.RTAS v1.01-->"C:\Programme\Roger Nichols Digital, Inc\SPL-IZER\Uninstall\unins000.exe"
RoomEQWizard-->"D:\02_Audio\Programme\Akustik\RoomEQWizard\Uninstall.exe" "D:\02_Audio\Programme\Akustik\RoomEQWizard"
SampleTank 2 Free-->D:\02_Audio\PlugIns\INSTRU~1\IKMULT~1\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\IKMULT~1\INSTALL.LOG
SampleTank 2 LE-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
Samplitude 10 Pro 10.0.0.0 (D)-->D:\02_Audio\Programme\Editoren\Samplitude v10 Pro\instslct.exe
Samplitude 9 professional (D)-->D:\02_Audio\Programme\Editoren\Samplitude v9\instslct.exe
Samplitude V8 professional-->D:\02_Audio\Programme\Editoren\Samplitude V8\instslct.exe
Schreibmaschinenkurs 3.2-->C:\WINDOWS\unin0407.exe -f"d:\01_office\06_büro\Schreibmaschinenkurs v3.2\DeIsL1.isu" -c"d:\01_office\06_büro\Schreibmaschinenkurs v3.2\_ISREG32.DLL"
ShrinkTo5 GUI-->D:\04_DVD\02_Authoring\Rip & Burn\ShrinkTo5\uninstall.exe
ShrinkTo5Basic-->D:\04_DVD\02_Authoring\Rip & Burn\ShrinkTo5Basic\uninstall.exe
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)--

[...]

>"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonalksis Plug-Ins for Windows 2.04-->"C:\WINDOWS\unins000.exe"
SONAR 5 Producer Edition-->D:\02_Audio\PROGRA~1\SEQUEN~1\Cakewalk\SONAR5~1\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\Cakewalk\SONAR5~1\INSTALL.LOG
Soneus Premium Edition 1.0-->"D:\02_Audio\Programme\Sequenzer & Studios\Acon\Soneus Premium\unins000.exe"
Sonik Synth 2 Free-->D:\02_Audio\PlugIns\INSTRU~1\IKMULT~2\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\IKMULT~2\INSTALL.LOG
Sonnox Oxford Inflator Native VST v1.5.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford Inflator Native VST\unins000.exe"
Sonnox Oxford Limiter Native VST v1.1.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford Limiter Native VST\unins000.exe"
Sonnox Oxford R3 Dynamics Native VST v1.3.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford R3 Dynamics Native VST\unins000.exe"
Sonnox Oxford R3 EQ Native VST v1.6.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford R3 EQ Native VST\unins000.exe"
Sonnox Oxford TransMod Native VST v1.3.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford TransMod Native VST\unins000.exe"
SopCast 3.0.3-->D:\01_Office\03_Internet\SopCast\uninst.exe
Sound Master 07 Release 1.01-->"D:\05_Games\Sport\FIFA 07\Sound Master 07\unins000.exe"
Sound Master 08 Release 1.02-->"C:\Programme\Fifa Master\Sound Master 08\unins000.exe"
Soundbytes BagPipes VST v1.0-->"D:\02_Audio\PlugIns\Instrumente\Soundbytes BagPipes v1.0\BagPipes\Uninstall\unins000.exe"
SoundFonts.it GS-201 Tape Echo v1.0 VST-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\03_Send\Reverb\SOUNDF~1.0\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\03_Send\Reverb\SOUNDF~1.0\INSTALL.LOG
Sounds für Video- und Foto Shows DELUXE-->C:\WINDOWS\IsUn0407.exe -f"d:\02_audio\programme\sequenzer & studios\data becker\Sounds für Video- und Foto Shows DELUXE\soundbrowser2.isu"
SpinAudio Roomverb M2 DX VST v2.3 Build 200-->C:\PROGRA~1\SPINAU~1\ROOMVE~1\UNWISE.EXE C:\PROGRA~1\SPINAU~1\ROOMVE~1\INSTALL.LOG
Spybot - Search & Destroy 1.4-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0-->C:\Programme\Spyware Doctor\unins000.exe
SpywareBlaster v3.5.1-->"C:\Programme\SpywareBlaster\unins000.exe"
SSL LMC-1 v1.0-->D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\01_Insert\Dynamics\SSL LMC-1\Solid State Logic\Remove LMC-1.exe
SSL X-ISM v1.1-->D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\05_Mix & Mastering\SSL X-ISM\Solid State Logic\Remove X-ISM.exe
Startup Manager 1.5-->"C:\Programme\Startup Manager\unins000.exe"
Steinberg Cubase SX 3-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\install.log"
Steinberg Groove Agent 2-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\Groove Agent 2\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\Groove Agent 2\INSTALL.LOG"
Steinberg Groove Agent 3-->"D:\02_Audio\PlugIns\Instrumente\Steinberg Groove Agent\Groove Agent 3\uninstall.exe"
Steinberg HALion String Edition 2-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\HALion String Edition 2\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\HALion String Edition 2\Install.log"
Steinberg HALion Symphonic Orchestra-->"D:\02_Audio\PlugIns\Instrumente\Uninstall.exe" "D:\02_Audio\PlugIns\Instrumente\Install.log"
Steinberg The Grand 2-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\The Grand 2\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\The Grand 2\Install.log"
Steinberg Virtual Bassist 1.0.0-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\Virtual Bassist\unins000.exe"
Steinberg Virtual Guitarist 2-->"E:\03_Virtual Instruments\Virtual Guitarist 2\unins000.exe"
Steinberg Xphraze-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\Xphraze\UNINST~1.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\Xphraze\INSTALL.LOG
Streambox Vcr Suite 2-->D:\01_Office\03_Internet\StreamboxVcrSuite2\unins000.exe
Subtitle Workshop 2.51-->"D:\04_DVD\02_Authoring\Creation\Subtitle Workshop\uninstall.exe"
SUPER © Version 2007.bld.21 (Jan 4, 2007)-->D:\04_DVD\02_AUT~1\RIP&BU~1\SUPER\Setup.exe /remove /q0
SWF & FLV Toolbox 3.5 (build 3.5.14.202)-->"D:\04_DVD\03_Player\SWF & FLV Toolbox\unins000.exe"
Syncrosoft Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SysExporter-->C:\WINDOWS\zipinst.exe /uninst "D:\01_Office\06_Büro\SysExporter\uninst1~.nsu"
TC Bundle v2.0-->C:\WINDOWS\UNWISE.EXE C:\audio\TC\Bundle\INSTALL.LOG
TC Native Essentials v1.02-->C:\WINDOWS\UNWISE.EXE C:\audio\tcnative\TC-ESS~1\install.log
The Way To Everest Book 1.2-->"C:\Programme\The Way To Everest Book\unins000.exe"
Timeworks Millenium Pack-->D:\02_Audio\PlugIns\Effekte\TIMEWO~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\TIMEWO~1\INSTALL.LOG
timeworks Reverb 4080L-->C:\WINDOWS\IsUninst.exe -fd:\02_audio\plugins\effekte\Timeworks\Uninst.isu
Timeworks ReverbX-->D:\02_Audio\PlugIns\Effekte\TIMEWO~1\ReverbX\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\TIMEWO~1\ReverbX\INSTALL.LOG
TMPGEnc Plus 2.5-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C489B6E0-56CB-4B0F-B2E6-FF4C3D9FAE4F}
TPS_module (remove only)-->"D:\02_Audio\PlugIns\Instrumente\TPS Brass Section Module\uninst.exe"
TreeSize Free V1.78-->"D:\01_Office\04_Viewers\TreeSize\unins000.exe"
TrojanHunter 4.7-->"C:\Programme\TrojanHunter 4.7\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.0.0-->C:\Programme\TVUPlayer\uninst.exe
UniDB Version 4.0-->D:\05_Games\Sport\UniDB\unins000.exe
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Programme\Unlocker\uninst.exe
Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URL Snooper v2.13.04-->"D:\01_Office\03_Internet\URLSnooper2\unins000.exe"
URS Classic Console Strip Pro VST RTAS v1.0-->"C:\Programme\URS Plugins\Uninstall\unins000.exe"
Variax Workbench (remove only)-->"D:\02_Audio\Programme\Editoren\Line 6\Variax Workbench\Uninstall.exe"
Video Fixer 3.23-->C:\Programme\videofixer\unins000.exe
Vidomi (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\Vidomi\uninst-Vidomi.exe"
VSO CopyToDVD 3-->"D:\04_DVD\02_Authoring\Creation\CopyToDVD v3.0.56\unins000.exe"
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Tools 4.1-->c:\PROGRAMME\WINDOWS MEDIA PLAYER\Tools\_insttoo.exe /U
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

=====HijackThis Backups=====

O20 - Winlogon Notify: mssoapr32 - mssoapr32.dll (file missing) [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [2009-10-16]
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM') [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotDeletingC496] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds" [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotDeletingA9570] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds" [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotDeletingC3321] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds" [2009-10-16]
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') [2009-10-16]
O23 - Service: ABBYY FineReader 9.0-Lizenzierungsdienst (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe (file missing) [2009-10-16]
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab [2009-10-19]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition (disabled)
AV: Avira AntiVir PersonalEdition Classic
AV: a-squared Anti-Malware (disabled)

======System event log======

Computer Name: STUDIO
Event Code: 4201
Message: Netzwerkadapter "NVIDIA...Controller - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 107974
Source Name: Tcpip
Time Written: 20090923013751.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 4201
Message: Netzwerkadapter "NVIDIA...Controller - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 107973
Source Name: Tcpip
Time Written: 20090923012117.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 4201
Message: Netzwerkadapter "NVIDIA...Controller - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 107972
Source Name: Tcpip
Time Written: 20090923010457.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 4201
Message: Netzwerkadapter "NVIDIA...Controller - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 107971
Source Name: Tcpip
Time Written: 20090923004822.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 4201
Message: Netzwerkadapter "NVIDIA...Controller - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde über das Netzwerk im normalen Zustand gestartet.

Record Number: 107970
Source Name: Tcpip
Time Written: 20090923002749.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: STUDIO
Event Code: 1004
Message: Erkennung von Produkt "{00000407-78E1-11D2-B60F-006097C998E7}", Funktion "ThesaurusFiles_ENG" und Komponente "{CC29EB43-7BC2-11D1-A921-00A0C91E2AA2}" fehlgeschlagen. Die Ressource "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSTH3AM.LEX" ist nicht vorhanden.

Record Number: 9243
Source Name: MsiInstaller
Time Written: 20090406090339.000000+120
Event Type: Warnung
User: STUDIO\[Name]

Computer Name: STUDIO
Event Code: 1004
Message: Erkennung von Produkt "{00000407-78E1-11D2-B60F-006097C998E7}", Funktion "ThesaurusFiles_ENG" und Komponente "{CC29EB43-7BC2-11D1-A921-00A0C91E2AA2}" fehlgeschlagen. Die Ressource "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSTH3AM.LEX" ist nicht vorhanden.

Record Number: 9242
Source Name: MsiInstaller
Time Written: 20090406090339.000000+120
Event Type: Warnung
User: STUDIO\[Name]

Computer Name: STUDIO
Event Code: 1004
Message: Erkennung von Produkt "{00000407-78E1-11D2-B60F-006097C998E7}", Funktion "ThesaurusFiles_ENG" und Komponente "{CC29EB43-7BC2-11D1-A921-00A0C91E2AA2}" fehlgeschlagen. Die Ressource "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSTH3AM.LEX" ist nicht vorhanden.

Record Number: 9241
Source Name: MsiInstaller
Time Written: 20090406090338.000000+120
Event Type: Warnung
User: STUDIO\[Name]

Computer Name: STUDIO
Event Code: 1004
Message: Erkennung von Produkt "{00000407-78E1-11D2-B60F-006097C998E7}", Funktion "ThesaurusFiles_ENG" und Komponente "{CC29EB43-7BC2-11D1-A921-00A0C91E2AA2}" fehlgeschlagen. Die Ressource "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSTH3AM.LEX" ist nicht vorhanden.

Record Number: 9240
Source Name: MsiInstaller
Time Written: 20090406090338.000000+120
Event Type: Warnung
User: STUDIO\[Name]

Computer Name: STUDIO
Event Code: 1004
Message: Erkennung von Produkt "{00000407-78E1-11D2-B60F-006097C998E7}", Funktion "ThesaurusFiles_ENG" und Komponente "{CC29EB43-7BC2-11D1-A921-00A0C91E2AA2}" fehlgeschlagen. Die Ressource "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSTH3AM.LEX" ist nicht vorhanden.

Record Number: 9239
Source Name: MsiInstaller
Time Written: 20090406090338.000000+120
Event Type: Warnung
User: STUDIO\[Name]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\iZotope\Runtimes;C:\Programme\QuickTime\QTSystem\;C:\Programme\Haufe\iDesk\iDeskService\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_09\lib\ext\QTJava.zip

-----------------EOF-----------------

So ist nichts mehr zu finden. Jetzt räumen wir mal den PC auf :)

schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten.


schritt 2

Deinstalliere bitte

schritt 2

Dateien mit OTM verschieben

Bitte erstelle eine Sicherung Deiner Registry (falls noch nicht gemacht) nach dieser Anleitung.

Falls noch nicht vorhanden, lade Dir OTM von OldTimer herunter.

• Speichere das Programm auf Deinem Desktop.
• Sollte Dein Anti-Virus-Programm "Alarm" schlagen, bitte ignorieren und/oder OTM auf die Liste der Ausnahmen setzen.
• Doppelklick auf die OTM.exe, um das Programm auszuführen.
• Vista-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
• Einen Haken setzen bei "Unregister Dll's and Ocx's"
• Kopiere den Inhalt der folgenden Codebox komplett in die OTM-Box mit dem gelben Titel
  (Paste Instructions for Items to be Moved)
  
  Code:

  ---

  :processes
explorer.exe
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BayReminder]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
:files
C:\WINDOWS\system32\lowsec\user.ds
C:\WINDOWS\tasks\New Task.job
:commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

  ---

• Den roten Moveit! Button anklicken.
• Bitte alles aus dem Ergebnisfenster (Results) herauskopieren oder
• den Inhalt der Datei C:\_OTM\MovedFiles\<datum_nr.>.log kopieren
  und das Ergebnis in Deine nächste Antwort posten.
• Die Dateien und/oder Ordner werden nach C:\_OTM\MovedFiles\ verschoben.
• Schließe OTM

Sollte eine Datei oder ein Ordner nicht verschoben werden können, wirst Du eventuell aufgefordert, den PC neuzustarten damit der Prozess abgeschlossen werden kann. Sollte dies der Fall sein, bestätige das mit Ja.

An alle Mitleser: Dieses Skript wurde ausschließlich für diesen User in dieser Situation erstellt. Das Anwenden auf anderen Rechner kann schwerwiegende Probleme verursachen.


schritt 4

AVZ4 Antiviral-Toolkit deinstallieren

• Öffne den Ordner avz4 und starte die avz.exe durch Doppelklick.
• Im Menü => File => Standard Scripts => Nr.6 wählen (Delete all AVZ drivers and registry keys)
  und auf den Button "Execute selected scripts" drücken und mit Yes bestätigen => OK
• Programmfenster schließen.
• Den Ordner avz4 vom Desktop löschen und den Papierkorb leeren.

schritt 5

RSIT erneut das System scannen lassen

• Schließe alle Fenster und Programme inkl. Browser.
• Lösche C:\rsit\info.txt manuell.
• Start => ausführen (bei Vista: im Feld "Suche starten")
• "%userprofile%\desktop\rsit.exe" /info (reinkopieren),
  damit die alten Logdateien von RSIT überschrieben werden.
• Bitte poste den Inhalt folgender Logs hier in den Thread:
  C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt).

Bin jetzt bei Schritt 2 Deines letzten Posts.

Welches a-squared soll ich deinstallieren? Alle?
Also, installiert sind
- a-squared Anti-Malware 4.5 (läuft noch als try version)
- a-squared Free 2.1
- a-squared HiJack Free 2.1 (fand ich immer ganz hilfreich für einen schnellen Überblick)

Könntest Du für einen Laien kurz umreißen, welche Probleme mit Unlocker entstehen können? :-) (Ich frage nur, weil ich es ganz hilfreich fand)


Molto

Mit Unlocker kann man Sachen löschen, die man eventuell nicht löschen sollte ;)

Und Malwarebytes ist "angenehmer" als a-squared
kannst alle 3 weg machen :)

So, nach dem Wochenende geht's nun dem Endspurt entgegen ...
Hier die Logfiles:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BayReminder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave\ deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\lowsec\user.ds not found.
C:\WINDOWS\tasks\New Task.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2093 bytes
->Temporary Internet Files folder emptied: 1295429 bytes

User: All Users

User: Benutzername

User: [Name]
File delete failed. C:\Dokumente und Einstellungen\[Name]\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\GPAJCPYB\VisBoard-19W-Touchscreen-19-Zoll-mit-Stifteingabe-neuw_W0QQitemZ120479824820QQcmdZViewItemQQptZDE_Elektronik_Computer_Computer_Monitore_Flachbildschirme[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\[Name]\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\C33FECXX\19-Zol-Touchscreen-Kit-fuer-PC-Bildschirm-USB-Anschluss_W0QQitemZ270471493485QQcmdZViewItemQQptZDE_Elektronik_Computer_Computer_Monitore_Flachbildschirme[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\[Name]\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\C33FECXX\_W0QQ_dispZCategoryQc2Qb0ComputerQc2Qb1Q51ueryQc2Qb0Q28touchQ20screenQ2cQ20touchscreenQ29Qc2Qb1BildschirmgrQc3Qb6Qc3Q9feQc2 Qb019Q20Q5AollQc2Qb1QQ_fromZR9QQ_ipgZQQ_qryZAQ5[1].htm scheduled to be deleted on reboot.
->Temp folder emptied: 390995438 bytes
->Temporary Internet Files folder emptied: 20462495 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29977760 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\9384D0FFFE2242BAB40AD4F8F6B11072.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
File delete failed. C:\WINDOWS\S4AD1F3AB.tmp scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 2216084 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
Windows Temp folder emptied: 3548534 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 427,82 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10222009_181744

Files moved on Reboot...
File C:\Dokumente und Einstellungen\[Name]\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\GPAJCPYB\VisBoard-19W-Touchscreen-19-Zoll-mit-Stifteingabe-neuw_W0QQitemZ120479824820QQcmdZViewItemQQptZDE_Elektronik_Computer_Computer_Monitore_Flachbildschirme[1].htm not found!
File C:\Dokumente und Einstellungen\[Name]\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\C33FECXX\19-Zol-Touchscreen-Kit-fuer-PC-Bildschirm-USB-Anschluss_W0QQitemZ270471493485QQcmdZViewItemQQptZDE_Elektronik_Computer_Computer_Monitore_Flachbildschirme[1].htm not found!
File C:\Dokumente und Einstellungen\[Name]\Lokale Einstellungen\Temp\Temporary Internet Files\Content.IE5\C33FECXX\_W0QQ_dispZCategoryQc2Qb0ComputerQc2Qb1Q51ueryQc2Qb0Q28touchQ20screenQ2cQ20touchscreenQ29Qc2Qb1BildschirmgrQc3Qb6Qc3Q9feQc2 Qb019Q20Q5AollQc2Qb1QQ_fromZR9QQ_ipgZQQ_qryZAQ5[1].htm not found!
File move failed. C:\WINDOWS\S4AD1F3AB.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Logfile of random's system information tool 1.06 (written by random/random)
Run by [Name] at 2009-10-22 18:30:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (5%) free of 24 GB
Total RAM: 3455 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:27, on 22.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Programme\Electronic Arts\EADM\Core.exe
C:\Programme\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Dokumente und Einstellungen\[Name]\desktop\rsit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Trend Micro\HijackThis\[Name].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programme\a-squared Anti-Malware\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\programme\a-squared free\a2service.exe
O23 - Service: ABBYY FineReader 9.0-Lizenzierungsdienst (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\04_DVD\01_Cut\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6939 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2008-11-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2008-11-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2004-12-07 84480]
"avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-20 266497]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"a-squared"=C:\PROGRAMME\A-SQUARED ANTI-MALWARE\a2guard.exe [2009-10-01 3278480]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"DWQueuedReporting"=C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2004-08-04 137216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Programme\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Programme\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2004-03-25 1732608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-02-01 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Programme\Softwin\BitDefender8\bdmcon.exe [2005-06-20 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
C:\Programme\Softwin\BitDefender8\bdnagent.exe [2005-05-09 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\01_Office\02_Burning Tools\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\02_Audio\Programme\Medienplayer\iTunes\iTunesHelper.exe [2006-02-23 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe [2008-09-11 339240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-04-07 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-04-11 1409024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2008-11-04 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-04-22 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-11-25 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-11-25 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ATI CATALYST System Tray.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [2005-01-20 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
D:\01_OFF~1\01_MIC~1\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^[Name]^Startmenü^Programme^Autostart^CodeMeter Control Center.lnk]
C:\PROGRA~1\CODEME~1\Runtime\bin\CODEME~2.EXE [2007-03-23 4984832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[...]

[...]

======List of files/folders created in the last 1 months======

2009-10-22 18:17:44 ----D---- C:\_OTM
2009-10-22 18:14:32 ----D---- C:\WINDOWS\ERDNT
2009-10-22 18:13:40 ----D---- C:\Programme\ERUNT
2009-10-22 13:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-22 13:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-22 13:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-22 13:16:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-22 13:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-22 13:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-22 13:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-10-22 13:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-21 11:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-21 11:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-21 11:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-21 11:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-21 11:36:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-21 11:36:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-21 11:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-21 11:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-21 11:35:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-21 11:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-21 11:10:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-21 11:10:40 ----D---- C:\WINDOWS\system32\KB905474
2009-10-21 11:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-10-21 11:09:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-21 11:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-21 11:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-21 11:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-21 11:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-21 11:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-21 09:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-21 09:32:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-21 09:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-21 09:31:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-21 09:31:25 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-21 09:31:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-10-21 09:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-21 09:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-21 09:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-21 09:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-21 09:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-10-21 09:30:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-21 09:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-21 09:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-21 09:30:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-21 09:30:08 ----A---- C:\WINDOWS\imsins.BAK
2009-10-21 09:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-19 17:57:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
2009-10-17 01:30:07 ----D---- C:\rsit
2009-10-16 16:55:06 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Malwarebytes
2009-10-16 16:53:34 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-10-16 16:53:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-10-15 20:37:41 ----D---- C:\Programme\Trend Micro
2009-10-15 20:23:06 ----D---- C:\Programme\a-squared Anti-Malware
2009-09-25 19:51:23 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\dvdisaster
2009-09-25 19:50:44 ----D---- C:\Programme\dvdisaster

======List of files/folders modified in the last 1 months======

2009-10-22 18:27:59 ----D---- C:\WINDOWS\system32\drivers
2009-10-22 18:24:15 ----D---- C:\WINDOWS\Temp
2009-10-22 18:18:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-22 18:18:33 ----D---- C:\WINDOWS\system32
2009-10-22 18:18:33 ----D---- C:\WINDOWS
2009-10-22 18:17:44 ----SD---- C:\WINDOWS\Tasks
2009-10-22 18:13:40 ----D---- C:\Programme
2009-10-22 18:12:22 ----D---- C:\Programme\a-squared Free
2009-10-22 18:10:32 ----SHD---- C:\WINDOWS\Installer
2009-10-22 18:10:32 ----HD---- C:\Config.Msi
2009-10-22 18:10:27 ----D---- C:\Programme\Gemeinsame Dateien
2009-10-22 17:49:39 ----D---- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2009-10-22 17:49:39 ----D---- C:\Programme\fun communications GmbH
2009-10-22 17:49:15 ----D---- C:\Programme\Gemeinsame Dateien\BDElster
2009-10-22 17:44:29 ----D---- C:\Programme\Common Files
2009-10-22 17:36:31 ----D---- C:\Programme\Unlocker
2009-10-22 17:36:15 ----D---- C:\Programme\TrojanHunter 4.7
2009-10-22 17:34:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-22 17:30:29 ----D---- C:\WINDOWS\system32\wbem
2009-10-22 17:26:35 ----D---- C:\Programme\AntiVir PersonalEdition Classic
2009-10-22 17:26:35 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-10-22 13:19:35 ----HD---- C:\WINDOWS\inf
2009-10-22 13:19:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-22 13:19:09 ----D---- C:\Programme\Internet Explorer
2009-10-22 13:16:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-22 11:56:55 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-22 11:56:15 ----D---- C:\WINDOWS\Prefetch
2009-10-21 11:40:21 ----D---- C:\WINDOWS\system32\Setup
2009-10-21 11:40:21 ----D---- C:\WINDOWS\AppPatch
2009-10-21 11:36:34 ----D---- C:\WINDOWS\WinSxS
2009-10-21 11:35:29 ----D---- C:\Programme\Outlook Express
2009-10-21 11:10:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-20 11:27:07 ----RSD---- C:\WINDOWS\assembly
2009-10-19 19:19:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-19 09:15:48 ----D---- C:\WINDOWS\Help
2009-10-18 19:20:07 ----D---- C:\WINDOWS\Minidump
2009-10-17 01:19:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-10-16 16:59:02 ----D---- C:\WINDOWS\Debug
2009-10-16 16:48:17 ----D---- C:\Programme\CCleaner
2009-10-15 20:35:16 ----D---- C:\Programme\HijackThis 1.97
2009-10-15 13:48:50 ----D---- C:\Programme\Rapidown
2009-10-15 00:27:29 ----D---- C:\Programme\Spybot - Search & Destroy
2009-10-13 23:49:12 ----A---- C:\WINDOWS\win.ini
2009-10-13 12:48:59 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Adobe
2009-10-13 12:48:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-10-12 00:10:58 ----A---- C:\WINDOWS\cdplayer.ini
2009-10-10 10:23:38 ----D---- C:\temp
2009-10-04 14:48:23 ----D---- C:\Programme\Mozilla Firefox
2009-10-02 16:33:50 ----A---- C:\WINDOWS\demdata.txt
2009-10-02 11:18:18 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\SiteClasses
2009-10-01 22:19:04 ----D---- C:\WINDOWS\system
2009-09-30 20:43:18 ----D---- C:\Dokumente und Einstellungen\[Name]\Anwendungsdaten\Mozilla
2009-09-25 07:55:13 ----A---- C:\WINDOWS\system32\wininet.dll
2009-09-25 07:55:13 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-09-25 07:55:12 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-09-25 07:55:12 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-09-25 07:55:11 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-09-25 07:55:11 ----A---- C:\WINDOWS\system32\mstime.dll
2009-09-25 07:55:10 ----A---- C:\WINDOWS\system32\msrating.dll
2009-09-25 07:55:10 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-09-25 07:55:10 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-09-25 07:55:09 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-09-25 07:55:09 ----A---- C:\WINDOWS\system32\inseng.dll
2009-09-25 07:55:09 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-09-25 07:55:09 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-09-25 07:55:09 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-09-25 07:55:08 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-09-25 07:55:08 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-09-25 07:55:08 ----A---- C:\WINDOWS\system32\danim.dll
2009-09-25 07:55:08 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-09-25 07:55:08 ----A---- C:\WINDOWS\system32\browseui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2001-02-01 25244]
R1 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2003-07-29 28518]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R2 ACEDRV06;ACEDRV06; \??\C:\WINDOWS\system32\drivers\ACEDRV06.sys []
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2003-10-29 9735]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-02-26 97216]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2007-01-30 29312]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-01-01 47360]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys [2009-01-26 13824]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 PDIDRV;PDIDRV; C:\WINDOWS\system32\drivers\PDIDRV.sys []
S2 digi96;RME Digi Audio Device; C:\WINDOWS\system32\DRIVERS\digi96.sys [2006-03-28 48768]
S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []
S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 azxoqxee;azxoqxee; C:\WINDOWS\system32\drivers\azxoqxee.sys []
S3 bco_1394;bco_1394; C:\WINDOWS\System32\Drivers\bco_1394.sys [2005-04-22 103168]
S3 bco_avs;bco_avs; C:\WINDOWS\System32\Drivers\bco_avs.sys [2005-04-22 24576]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ews88mt;EWS88 WDM Audio; C:\WINDOWS\system32\drivers\ews88wdm.sys [2006-02-15 85824]
S3 ffSaffire_1394;ffSaffire_1394; C:\WINDOWS\System32\Drivers\ffSaffire_1394.sys [2005-09-29 112128]
S3 ffSaffire_avs;ffSaffire_avs; C:\WINDOWS\System32\Drivers\ffSaffire_avs.sys [2005-09-29 27136]
S3 fireface;Service for Fireface (WDM); C:\WINDOWS\system32\drivers\fireface.sys [2008-06-05 82048]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 iLokDrvr;Usb Driver; C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2009-05-30 52008]
S3 KCIRNET;KC Technology Device Driver; C:\WINDOWS\system32\DRIVERS\kcirnet.sys [2002-09-06 24876]
S3 L6PODLV;PODxt Live Service; C:\WINDOWS\System32\Drivers\L6PODLV.sys [2007-01-30 609408]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\D:\02_Audio\Programme\Editoren\Samplitude v9\mxasio.sys []
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 Paproxna;Paproxna; C:\WINDOWS\system32\drivers\Paproxna.sys []
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 RTCore32;RTCore32; \??\C:\Programme\RightMark Memory Analyzer\RTCore32.sys []
S3 S3U10Scanner;600 CU Still Image Device Service; C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 15104]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040]
S3 StMp3Rec;Treiber für Player-Wiederherstellungsgerät; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2005-11-25 71376]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Swmsvcsn;Swmsvcsn; C:\WINDOWS\system32\drivers\Swmsvcsn.sys []
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2007-10-24 23288]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 YMIDUSB;Yamaha Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2008-08-27 18048]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 95360]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 bdss;BitDefender Scan Server; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe [2005-01-24 69632]
R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [2007-08-23 2007040]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2003-07-18 61440]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-11-04 152984]
R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 XCOMM;BitDefender Communicator; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe [2005-06-02 69632]
R3 a2AntiMalware;a-squared Anti-Malware Service; C:\Programme\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0-Lizenzierungsdienst; D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe -service []
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S3 a2free;a-squared Free Service; c:\programme\a-squared free\a2service.exe [2009-10-15 1858144]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-11-15 68096]
S3 AdobeVersionCue;AdobeVersionCue; C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe [2004-03-25 61440]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\04_DVD\01_Cut\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPodService;iPodService; C:\Programme\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Programme\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 ServiceLayer;ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [2006-04-12 176640]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-22 18:30:30

======Uninstall list======

-->C:\Programme\Burning Tools\Nero 7 Premium\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Mühle 1.56-->"D:\05_Games\Brettspiele\3D Mühle v1.0\unins000.exe"
7-Zip 4.57-->"D:\01_Office\05_Zippers\7zip\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Programme\AC3Filter\uninstall.exe
AceFTP 3 Freeware-->"D:\01_Office\03_Internet\AceFTP 3 Freeware\uninst-ftp.exe"
Acoustica Premium Edition 4.1-->"D:\02_Audio\Programme\Editoren\Acoustica Premium 4\unins000.exe"
Acoustic-X-->C:\WINDOWS\IsUninst.exe -fd:\02_audio\programme\akustik\Uninst.isu
Adapt-X Plug-in for Winamp/WMP 9 (remove only)-->"C:\Programme\Chronotron Inc\Adapt-X\uninst-adaptx.exe"
Addictive Drums-->C:\WINDOWS\unvise32.exe f:\03_vsti\XLN Audio\Addictive Drums\uninstal.log
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 6.0-->C:\WINDOWS\ISUN0407.EXE -f"d:\03_grafik\Adobe\Photoshop 6.0\Uninst.isu" -c"d:\03_grafik\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AFPL Ghostscript 8.53-->d:\01_office\06_büro\GhostScript\uninstgs.exe "d:\01_office\06_büro\GhostScript\gs8.53\uninstal.txt"
AFPL Ghostscript Fonts-->d:\01_office\06_büro\GhostScript\uninstgs.exe "d:\01_office\06_büro\GhostScript\fonts\uninstal.txt"
Ahnenblatt 2.54-->"C:\Programme\Ahnenblatt\unins000.exe"
Alcatech BPM Studio Professional v4.9.1-->C:\PROGRA~1\ALCATech\BPM-ST~1\UNWISE.EXE C:\PROGRA~1\ALCATech\BPM-ST~1\INSTALL.LOG
AllToAVI v4 r5394-->C:\Programme\AllToAVI\uninst.exe
Antares Autotune VST RTAS TDM v5.08-->"C:\Programme\Antares Audio Technologies\unins001.exe"
Antares AVOX Bundle VST RTAS v1.1.3-->"C:\Programme\Antares Audio Technologies\unins000.exe"
Antares Harmony Engine VST RTAS v1.0-->"C:\Programme\Antares Audio Technologies\unins002.exe"
Antares Kantos v1.02 VST & RTAS-->D:\02_Audio\PlugIns\Effekte\ANTARE~1.02\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\ANTARE~1.02\INSTALL.LOG
Antares Tube 1.02 DirectX-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\01_INS~1\SATURA~1\ANTARE~1\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\01_INS~1\SATURA~1\ANTARE~1\INSTALL.LOG
Antress Modern Plugins v1.80-->C:\WINDOWS\system32\MODERN~1\UNWISE.EXE C:\WINDOWS\system32\MODERN~1\INSTALL.LOG
AnyDVD-->"D:\04_DVD\02_Authoring\Rip & Burn\AnyDVD\AnyDVD-uninst.exe" /D="D:\04_DVD\02_Authoring\Rip & Burn\AnyDVD"
Ares Tube 3.2-->"D:\01_Office\03_Internet\Ares Tube\unins000.exe"
AsfTools 3.1 (remove only)-->D:\04_DVD\02_Authoring\Rip & Burn\AsfTools 3.1\Uninst.exe
a-squared Anti-Malware 4.5-->"C:\Programme\a-squared Anti-Malware\unins000.exe"
a-squared Free 2.1-->"C:\Programme\a-squared Free\unins000.exe"
a-squared HiJackFree 2.1-->"C:\Programme\a-squared HiJackFree\unins000.exe"
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atmosphere Lite Plus v6.0-->"D:\02_Audio\Programme\Developing\Atmosphere Lite Plus\unins000.exe"
Atmosphere Lite v6.0-->"D:\02_Audio\Programme\Developing\Atmosphere Lite\unins000.exe"
Audacity 1.3.0-->"D:\02_Audio\Programme\Editoren\Audacity 1.3 Beta\unins000.exe"
Audio Damage Digitalis Discord VST v1.5-->C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\DISUNI~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\DISUNI~1\INSTALL.LOG
AudioEase Speakersphone VST RTAS v1.01-->"C:\Programme\Audio Ease\Speakerphone\Uninstall\unins000.exe"
Audiograbber 1.83 SE -->C:\WINDOWS\uninstall\Audiograbber\setup.exe
Auto Gordian Knot 2.40-->D:\04_DVD\02_Authoring\Rip & Burn\AutoGK\uninst.exe
Avex DVD & Video Converter Pack (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\Avex DVD & Video Converter Pack\bt-uninst.exe"
AVI2MPEG-->C:\Programme\AVI2MPEG\Setup.exe -U
Avira AntiVir Personal - Free Antivirus-->C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"D:\04_DVD\02_Authoring\Rip & Burn\AviSynth 2.5\Uninstall.exe"
AVS DVD Player version 2.2-->"D:\04_DVD\03_Player\AVSDVDPlayer\unins000.exe"
AVS DVDtoGO 1.4.2-->"C:\Programme\AVS4YOU\AVSDVDtoGO\unins000.exe"
AVS Video Tools 5.3-->"D:\01_Office\03_Internet\VideoTools\unins000.exe"
AWicons Pro-->D:\03_Grafik\AWicons Pro\uninstall.exe D:\03_Grafik\AWicons Pro\uninstall.log
BillardGL 1.75-->D:\05_Games\Billiard\BillardGL 1.75\uninstall.exe
Bink and Smacker-->D:\04_DVD\02_AUT~1\RIP&BU~1\RADVideo\UNWISE.EXE D:\04_DVD\02_AUT~1\RIP&BU~1\RADVideo\INSTALL.LOG
bitRipper-->"D:\04_DVD\02_Authoring\Rip & Burn\bitRipper\uninstall.exe"
Book Wizard Producer-->"D:\02_Audio\Programme\Editoren\APH Book Wizard Producer beta\unins000.exe"
Book Wizard Reader-->"C:\Programme\aph\Book Wizard Reader\unins000.exe"
Brainworx BX Control VST RTAS v1.0-->"C:\Programme\Brainworx Music\Uninstall\unins000.exe"
BTR Design Rockster Plus Mastering Processor v1.19-->"D:\02_Audio\PlugIns\Effekte\BTR Design Rockster Plus v1.19\Uninstall\unins000.exe"
BySoft FreeRAM 4.0-->C:\Programme\BySoft FreeRAM\uninst.exe
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
CD Bremse 1.48-->"C:\Programme\CD Bremse\unins000.exe"
CDCheck-->"C:\Programme\CDCheck\uninst.exe"
CDex extraction audio-->"D:\02_Audio\Programme\Format-Wandlung\CDex_170b2\uninstall.exe"
CDXtract 3.6 r4-->D:\02_Audio\PROGRA~1\FORMAT~1\CDXTRA~1.62\UNWISE.EXE D:\02_Audio\PROGRA~1\FORMAT~1\CDXTRA~1.62\INSTALL.LOG
CDXtract Samplit v1.0.8-->D:\02_Audio\PROGRA~1\FORMAT~1\CXXTRA~1.8\UNWISE.EXE D:\02_Audio\PROGRA~1\FORMAT~1\CXXTRA~1.8\INSTALL.LOG
Celtx (0.9.9.5)-->D:\04_DVD\04_Drehbuch\Celtx\uninstall\helper.exe
Chopper XP 2.7-->"C:\Programme\Chopper XP\unins000.exe"
Citavi 2.3.5.9-->C:\Programme\Verwaltung\Citavi v2.3.5.9\Deinstallieren.exe
CloneCD-->"D:\01_Office\02_Burning Tools\CloneCD\ccd-uninst.exe" /D="D:\01_Office\02_Burning Tools\CloneCD"
Color LaserJet 1600-->C:\Programme\Zenographics\{38212C60-05EE-4B6B-96AB-2B8360F22F08}\setup.exe -u "HPCLJKCInstaller.dll=CLJ1600.INF"
Cool Rm to Mp3 Wav converter 4.13-->C:\Programme\Cool Rm to Mp3 Wav converter\uninst.exe
Creation Master 07 Ultimate Version-->"D:\05_Games\Sport\FIFA 07\Patches\Creation Master 07\unins000.exe"
Creation Master 08 Release 1.01-->"C:\Programme\Fifa Master\Creation Master 08\unins000.exe"
CreationCentre06-->C:\WINDOWS\iun6002.exe "D:\05_Games\Sport\CreationCentre06\irunin.ini"
DAISY-->"D:\02_Audio\Programme\Authoring\DAISY-Format\DAISY Book Generator v1.50\uninstall.exe"
DATA BECKER Handy Realtone Studio-->"D:\02_Audio\Programme\Sequenzer & Studios\Data Becker\Handy Realtone Studio\unins000.exe"
DATA BECKER Podcast Producer-->"D:\02_Audio\Programme\Sequenzer & Studios\Data Becker\unins000.exe"
db Audioware Sidechain Compressor v1.02 VST-->D:\02_Audio\PlugIns\Effekte\DBAUDI~1.02\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\DBAUDI~1.02\INSTALL.LOG
db Audioware Sidechain Gate v1.02 VST-->D:\02_Audio\PlugIns\Effekte\DBAUDI~2.02\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\DBAUDI~2.02\INSTALL.LOG
DB Master 08-->"C:\Programme\Fifa Master\DB Master 08\unins000.exe"
dBpowerAMP Mp4 & AAC Decode Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DelinvFile - 3.03-->"C:\Programme\PurgeIE\unins000.exe"
Der Schreibtrainer 3.7-->d:\01_office\06_büro\der schreibtrainer v3.7\Der Schreibtrainer\Uninstal.exe C:\Dokumente und Einstellungen\[Name]\Startmenü\Programme\Der Schreibtrainer
Die neue PC-Fahrschule 2009-->msiexec /qb /x {0805AE1C-D466-3264-0C8F-B05097BCD567}
Digitale Bibliothek 3-->c:\Digibib3\uninstall.exe
Digitale Bibliothek 4-->"C:\Programme\Digitale Bibliothek 4\uninstall.exe"
DIKO 2.20-->"D:\04_DVD\02_Authoring\Rip & Burn\DIKO v2.2\unins000.exe"
Dimension DXi Instrument-->"D:\02_Audio\PlugIns\Effekte\Cakewalk\SONAR 5 Producer Edition\Shared Dxi\Dimension\unins000.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DirectVobSub (remove only)-->"D:\04_DVD\03_Player\Zoom Player\DirectVobSub\uninstall.exe"
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DreamStation DXi2-->C:\WINDOWS\DSDXIRMV.EXE D:\02_AUDIO\PLUGINS\EFFEKTE\CAKEWALK\SONAR 5 PRODUCER EDITION\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
DVD Decrypter (Remove Only)-->"D:\04_DVD\02_Authoring\Rip & Burn\DVD Decrypter\uninstall.exe"
DVD Genie (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\DVD Genie\uninst-dvdgenie.exe"
DVD Shrink 3.2 deutsch-->"D:\04_DVD\02_Authoring\Rip & Burn\DVD Shrink v3.2.0.16\unins000.exe"
DVDFab Gold 4.0.3.5 Beta-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDFab Gold 4\unins000.exe"
DVDFab HD Decrypter 4.0.3.5 Beta-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDFab HD Decrypter 4\unins000.exe"
DVDFab Platinum 4.0.5.0-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDFab Platinum 4+\unins000.exe"
dvdisaster-0.72-->"C:\Programme\dvdisaster\unins000.exe"
DVD-lab PRO 1.53-->"D:\04_DVD\02_Authoring\Creation\DVD-lab Pro v1.53\unins001.exe"
DVDToolbox (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDToolbox\uninstall.exe"
DVDx-->"D:\04_DVD\02_Authoring\Rip & Burn\DVDx\unins000.exe"
EA Download Manager-->C:\Programme\Electronic Arts\EADM\Uninstall.exe
ECP Snow Patch '06-->D:\05_Games\Sport\FIFA 06\ECP Snow Patch '06\Uninstal.exe
Edirol Super Quartet v1.52 TALiO-->D:\02_Audio\PlugIns\INSTRU~1\EDIROL~1.52\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\EDIROL~1.52\INSTALL.LOG
ERUNT 1.1j-->C:\Programme\ERUNT\unins000.exe
ETF5.x-->C:\WINDOWS\st6unst.exe -n "D:\02_Audio\Programme\Akustik\ST6UNST.LOG"
Eurobuchführung-->C:\WINDOWS\AKDeInstall.exe "/D:\01_Office\06_Büro\ebf1\"
Exact Audio Copy 0.95b4-->D:\02_Audio\Programme\Format-Wandlung\Exact Audio Copy\uninst.exe
FabFilter Pro-C VST RTAS v1.0.1-->"C:\Programme\FabFilter\unins000.exe"
Fake Voice 1.0.8-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\01_Insert\Pitch\Fake Voice v1.0.8\unins000.exe"
FAT Master 08-->"D:\05_Games\Sport\FIFA 08\FAT Master 08\unins000.exe"
ffdshow (remove only)-->"C:\Programme\ffdshow\uninstall.exe"
Finale 2005-->C:\WINDOWS\unvise32.exe D:\02_Audio\Programme\Notation\Finale 2005\uninstal.log
Firebird SQL Server - MAGIX Edition (D)-->D:\04_DVD\01_Cut\Common\Database\uninstall.exe
FLAC Installer 1.1.3b (remove only)-->C:\Programme\FLAC\uninstall.exe
Flash Optimizer-->"D:\01_Office\03_Internet\Macromedia\Flash Optimizer\unins000.exe"
FLV to AVI Converter-->"D:\04_DVD\03_Player\FLV to AVI Converter\unins000.exe"
foobar2000 v0.9.3-->"E:\temp\01 - Downloads\05_Burning Tools\Foobar2000\uninstall.exe"
Free M4a to MP3 Converter 5.9-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe"
Free YouTube Download 2.2-->"C:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe"
FreePDF XP (Remove only)-->C:\Programme\FreePDF_XP\fpsetup.exe /r
Freez Screen Video Capture v1.2-->"C:\Programme\Smallvideosoft\Freez Screen Video Capture\unins000.exe"
GoldWave v5.19-->"D:\02_Audio\Programme\Format-Wandlung\GoldWave\unstall.exe" "GoldWave v5.19" "D:\02_Audio\Programme\Format-Wandlung\GoldWave\unstall.log"
GRM Tools Classic VST v1.6.52-->C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\INSTALL.LOG
GRM Tools Spectral Transform VST v1.6.52-->C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\GRMTOO~1.52\INSTALL.LOG
GUI for dvdauthor 0.99-->D:\04_DVD\02_Authoring\Creation\GUI for dvdauthor\uninst.exe
GXTranscoder VideoFilter-->C:\WINDOWS\GXTranscoder VideoFilter Uninstaller.exe
GXTranscoder-->C:\WINDOWS\GXTranscoder Uninstaller.exe
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Programme\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Hypercube Transcoder v3.05-->C:\Programme\Hypercube Transcoder\uninstaller\uninstall.exe -remove
iLok Client Helper x32x64-->"C:\Programme\InstallShield Installation Information\{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}\setup.exe" -runfromtemp -l0x0409 -removeonly
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
IRXpress USB IrDA-->"C:\Programme\IRXpress\IRXpress USB IrDA\IsStub32.exe" -f"C:\Programme\IRXpress\IRXpress USB IrDA\DeIsL1.isu" -c"C:\Programme\IRXpress\IRXpress USB IrDA\_ISREG32.DLL"
IsoBuster 2.2-->"D:\01_Office\02_Burning Tools\IsoBuster\Uninst\unins000.exe"
iTunes-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1031
iZotope Ozone 3-->"D:\02_Audio\PlugIns\Effekte\iZotope\Ozone 3\unins000.exe"
iZotope RX-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\04_Tools\Restoration\iZotope RX Advanced v.1.04\unins000.exe"
Jazz and Big Band KP2-->F:\03_VSTi\GARRIT~1\JAZZAN~1\UNWISE.EXE F:\03_VSTi\GARRIT~1\JAZZAN~1\INSTALL.LOG
Jumper 1.1-->D:\05_Games\BRETTS~1\JUMPER~1.1\UNWISE.EXE D:\05_Games\BRETTS~1\JUMPER~1.1\INSTALL.LOG
Kit Raptor 2GK FIFA 08 Version 1.5-->C:\Programme\EA Sports\FIFA 08\KitRaptor\uninstall-kitraptor.exe
KRISTAL Audio Engine-->D:\02_Audio\Programme\Sequenzer & Studios\Kreatives.org\KRISTAL Audio Engine\Uninstall.exe
LameFE 2.21 (remove only)-->"D:\02_Audio\Programme\Format-Wandlung\LameFE 2.21\uninst.exe"

[...]

[...]

Lexicon PSP 42 VST DX v1.0-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\FX\03_Send\Reverb\PSPLEX~1\LEXICO~1\Log\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\FX\03_Send\Reverb\PSPLEX~1\LEXICO~1\Log\INSTALL.LOG
Line 6 Drivers 3.2.9.2 (Remove Only)-->C:\Programme\Line6\Tools\Driver Archive\All Drivers\3.2.9.2\Uninstall.exe
Line 6 Edit (remove only)-->"D:\02_Audio\Programme\Editoren\Line 6\Line 6 Edit\Uninstall.exe"
Line 6 Monkey 1.13 (Remove Only)-->C:\Programme\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.15 (Remove Only)-->C:\Programme\Line6\Tools\Line 6 Monkey\Uninstall.exe
Line 6 Monkey 1.16 (Remove Only)-->C:\Programme\Line6\Tools\Line 6 Monkey\Uninstall.exe
LinPlug SaxLab-->D:\02_Audio\PlugIns\Instrumente\LinPlug SaxLab v1.4\UninstalSaxLab.exe
LiquidControl 2.2b1-->"C:\Programme\Focusrite LiquidControl\unins000.exe"
Mackie Traktion VST Plugins Unlocked RePatch v2.1.0.6-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\08_BUN~1\MACKIE\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\08_BUN~1\MACKIE\INSTALL.LOG
Magic ISO Maker v5.4 (build 0251)-->D:\01_OFF~1\02_BUR~1\MagicISO\UNWISE.EXE D:\01_OFF~1\02_BUR~1\MagicISO\INSTALL.LOG
MAGIX Foto Manager 2006 (D)-->D:\04_DVD\01_Cut\Foto_Manager_2006\instslct.exe
MAGIX music maker 2006 deLuxe-->D:\02_Audio\Programme\Sequenzer & Studios\MAGIX\MusicMaker 2006 deLuxe\instslct.exe
MAGIX Music Manager 2006 (D)-->D:\04_DVD\01_Cut\Music_Manager_2006\instslct.exe
MAGIX music studio 2006 deLuxe (D)-->D:\02_Audio\Programme\Sequenzer & Studios\MAGIX\MusicStudio 2006 deLuxe\instslct.exe
MAGIX Online Druck Service (D)-->D:\04_DVD\01_Cut\Online_Druck_Service\instslct.exe
MAGIX Video deLuxe 2005 2006-->D:\04_DVD\01_Cut\MAGIX Video deLuxe 2005-2006\instslct.exe
MAGIX Video deluxe 2006 2007 (D)-->D:\04_DVD\01_Cut\MAGIX Video deLuxe 2006-2007\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins001.exe"
Meda RM2MP3 Converter 1.3-->"C:\Programme\Meda RM2MP3 Converter\unins000.exe"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
MixMeister BPM Analyzer 1.0-->"D:\02_Audio\Programme\Format-Wandlung\MixMeister BPM Analyzer\unins000.exe"
MKVtoolnix 2.2.0-->C:\Programme\MKVtoolnix\uninst.exe
Monkey's Audio-->"D:\02_Audio\Programme\Format-Wandlung\Monkey's Audio\unins000.exe"
Monofilter v3.2-->"D:\02_Audio\PlugIns\Effekte\NuGen Audio Monofilter VST v3.2\unins000.exe"
Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MP3-ID3Tag-Renamer 3.3 (deutsch)-->"D:\01_Office\02_Burning Tools\MIR\unins000.exe"
Mp3tag v2.42-->D:\01_Office\02_Burning Tools\Mp3tag\Mp3tagUninstall.EXE
MSGloss2TWB-->C:\WINDOWS\st6unst.exe -n "c:\Programme\TRADOS\ST6UNST.LOG"
MultiRenamer-->"D:\01_Office\02_Burning Tools\MultiRenamer\unins000.exe"
Mustek 600 CU v2.0a-->C:\WINDOWS\TWAIN_32\600CU\UNINST.EXE
N Schach 3 beta-->"D:\05_Games\Brettspiele\N Schach 3beta\unins000.exe"
Native Instruments Bandstand-->D:\02_Audio\PlugIns\INSTRU~1\NIBAND~1\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\NIBAND~1\INSTALL.LOG
Native Instruments Battery 2-->D:\02_Audio\PlugIns\Sampler\NIBATT~1\UNWISE.EXE D:\02_Audio\PlugIns\Sampler\NIBATT~1\INSTALL.LOG
Native Instruments Guitar Combos-->D:\02_Audio\PlugIns\Effekte\NIGUIT~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\NIGUIT~1\INSTALL.LOG
Native Instruments Guitar Rig 2-->D:\02_Audio\PlugIns\Effekte\NIGUIT~2\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\NIGUIT~2\INSTALL.LOG
Native Instruments Intakt-->D:\02_Audio\PlugIns\Sampler\NIINTA~1\UNWISE.EXE D:\02_Audio\PlugIns\Sampler\NIINTA~1\INSTALL.LOG
Native Instruments Kontakt 2-->D:\02_Audio\PlugIns\Sampler\NIKONT~1\UNWISE.EXE D:\02_Audio\PlugIns\Sampler\NIKONT~1\INSTALL.LOG
Native Instruments Kontakt 3-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Native Instruments Xpress Keyboards-->D:\02_Audio\PlugIns\INSTRU~1\NIEXPR~1\XPRESS~1\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\NIEXPR~1\XPRESS~1\INSTALL.LOG
Nomad Factory SC-226-->D:\02_Audio\PlugIns\Effekte\NOMADF~1\UNINST~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\NOMADF~1\UNINST~1\INSTALL.LOG
NomadFactory Analog Mastering Tools VST RTAS v1.0-->"C:\Programme\Nomad Factory\Uninstall\unins002.exe"
NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3-->"C:\Programme\Nomad Factory\Blue Tubes Analog TrackBox\Uninstall\unins000.exe"
NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.1-->"C:\Programme\Nomad Factory\Uninstall\unins000.exe"
NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2-->"C:\Programme\Nomad Factory\Blue Tubes Dynamics Pack\Uninstall\unins000.exe"
NomadFactory Blue Tubes Effects Pack VST RTAS v3.2-->"C:\Programme\Nomad Factory\Blue Tubes Effects Pack\Uninstall\unins000.exe"
NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2-->"C:\Programme\Nomad Factory\Blue Tubes Equalizers Pack\Uninstall\unins000.exe"
NomadFactory BlueVerb DRV-2080 VST RTAS v1.4-->"C:\Programme\Nomad Factory\BlueVerb DRV-2080\Uninstall\unins000.exe"
NomadFactory Essential Studio Suite VST RTAS v1.5-->"C:\Programme\Nomad Factory\Essential Studio Suite\Uninstall\unins000.exe"
NomadFactory Limiting Amplifier LM-662 VST RTAS v1.3-->"C:\Programme\Nomad Factory\Limiting Amplifier LM-662\Uninstall\unins000.exe"
NomadFactory Liquid Bundle VST RTAS v2.4-->"C:\Programme\Nomad Factory\Liquid Bundle\Uninstall\unins000.exe"
NomadFactory Program Equalizer EQP-4 VST RTAS v1.3-->"C:\Programme\Nomad Factory\Program Equalizer EQP-4\Uninstall\unins000.exe"
NomadFactory Retrology M-Tone EQ VST RTAS v1.0-->"C:\Programme\Nomad Factory\Uninstall\unins001.exe"
NomadFactory Rock Amp Legends VST RTAS v1.5-->"C:\Programme\Nomad Factory\Rock Amp Legends\Uninstall\unins000.exe"
Norton PartitionMagic 8.0-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
OE Duplicate Remover-->"D:\01_Office\06_Büro\06_MS Office-Tools\Duplicate Email Remover\OE Duplicate Remover\unins000.exe"
Open Video Converter version 3.1-->"D:\04_DVD\02_Authoring\Rip & Burn\OpenVideoConverter v3.0.0\OpenVideoConverter\unins000.exe"
Orbit Downloader-->"D:\01_Office\03_Internet\Orbitdownloader\unins000.exe"
PaqRat-->"C:\Programme\Insanely Great Things\PaqRat\uninst.exe"
PDF-XChange 3.0-->"C:\Programme\Tracker Software\PDF-XChange 3\unins000.exe"
PODxt Drivers 3.0.0.4 (Remove Only)-->C:\Programme\Line6\Tools\Driver Archive\PODxt\3.0.0.4\Uninstall.exe
Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Powerbullet Presenter-->D:\01_Office\03_Internet\Powerbullet\unins000.exe
PPLive 1.3.20-->C:\Programme\PPLive\uninst.exe
PPMate Network TV 2.3.2.0-->C:\Programme\PPMate\uninst.exe
Pro Evolution Soccer 2008-->C:\Programme\InstallShield Installation Information\{2FDFD600-7338-4738-90D5-FC4ACA08DC36}\setup.exe -runfromtemp -l0x0407
Proxy Finder-->D:\01_Office\03_Internet\Proxy Finder v1.1\uninstal.exe
PSP 84 v1.0-->D:\02_Audio\PlugIns\Effekte\PSPLEX~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\PSPLEX~1\INSTALL.LOG
PSP Audioware Xenon v1.0-->"C:\Programme\PSPaudioware\PSP Xenon iLok\Uninstall\unins000.exe"
PSP MasterComp 1.5.4-->"D:\02_Audio\PlugIns\Effekte\PSP MasterComp v1.5.4\uninstall.exe" "/U:D:\02_Audio\PlugIns\Effekte\PSP MasterComp v1.5.4\irunin.xml"
PSP MixPack 1.8 Demo-->C:\WINDOWS\iun6002.exe "D:\02_Audio\PlugIns\Effekte\PSP MixPack\PSP MixPack 1.8\irunin.ini"
PSP VintageMeter 1.0-->C:\WINDOWS\iun506.exe D:\02_Audio\PlugIns\Effekte\PSP VintageMeter\irunin.ini
Quattro 1.01-->D:\05_Games\BRETTS~1\Quattro\UNWISE.EXE D:\05_Games\BRETTS~1\Quattro\INSTALL.LOG
Quick MPEG Splitter v2.0-->"C:\Programme\Quick MPEG Splitter\unins000.exe"
Rapidown 5.9 SE - http://www.rapidown.com-->C:\Programme\Rapidown\rapidown.exe rapcmd.uninstall
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 3.0.4-->"D:\02_Audio\Programme\Sequenzer & Studios\Propellerhead\Reason\Uninstall Reason\unins000.exe"
ReCycle Demo 2.1-->"D:\02_Audio\Programme\Format-Wandlung\ReCycle Demo\unins000.exe"
RedMon - Redirection Port Monitor-->C:\WINDOWS\system32\unredmon.exe
Replay Media Catcher 3.02-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Programme\Replay Media Catcher\Uninstall\uninstall.xml"
Replicant VST plug-in-->C:\WINDOWS\Replicant VST plug-in Uninstaller.exe
River Past Audio Converter Pro-->C:\WINDOWS\Audio Converter Pro Uninstaller.exe
RM Converter 3.28-->"D:\01_Office\03_Internet\RM Converter\unins000.exe"
Rm to Mp3 Wav Convertor 2.15-->"C:\Programme\Rm to Mp3 Wav Convertor\unins000.exe"
RME DIGI32, DIGI96 and Hammerfall Series-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\digi96.inf
RME DIGICheck-->C:\WINDOWS\uninst.exe -fC:\Programme\RME\DIGICheck\DeIsL1.isu
RME Fireface-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\fireface.inf
Roger Nichols Digital DETAILER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins000.exe"
Roger Nichols Digital DYNAM-IZER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins001.exe"
Roger Nichols Digital FINIS VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins002.exe"
Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins003.exe"
Roger Nichols Digital InspectorXL VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins004.exe"
Roger Nichols Digital UNIQUEL-IZER VST RTAS v1.2-->"C:\Programme\Roger Nichols Digital, Inc\Uninstall\unins005.exe"
Roger.Nichols.Digital.SPL-IZER.VST.RTAS v1.01-->"C:\Programme\Roger Nichols Digital, Inc\SPL-IZER\Uninstall\unins000.exe"
RoomEQWizard-->"D:\02_Audio\Programme\Akustik\RoomEQWizard\Uninstall.exe" "D:\02_Audio\Programme\Akustik\RoomEQWizard"
SampleTank 2 Free-->D:\02_Audio\PlugIns\INSTRU~1\IKMULT~1\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\IKMULT~1\INSTALL.LOG
SampleTank 2 LE-->C:\PROGRA~1\SAMPLE~1\UNWISE.EXE C:\PROGRA~1\SAMPLE~1\INSTALL.LOG
Samplitude 10 Pro 10.0.0.0 (D)-->D:\02_Audio\Programme\Editoren\Samplitude v10 Pro\instslct.exe
Samplitude 9 professional (D)-->D:\02_Audio\Programme\Editoren\Samplitude v9\instslct.exe
Samplitude V8 professional-->D:\02_Audio\Programme\Editoren\Samplitude V8\instslct.exe
Schreibmaschinenkurs 3.2-->C:\WINDOWS\unin0407.exe -f"d:\01_office\06_büro\Schreibmaschinenkurs v3.2\DeIsL1.isu" -c"d:\01_office\06_büro\Schreibmaschinenkurs v3.2\_ISREG32.DLL"
ShrinkTo5 GUI-->D:\04_DVD\02_Authoring\Rip & Burn\ShrinkTo5\uninstall.exe
ShrinkTo5Basic-->D:\04_DVD\02_Authoring\Rip & Burn\ShrinkTo5Basic\uninstall.exe
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)--

[...]

[...]

>"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonalksis Plug-Ins for Windows 2.04-->"C:\WINDOWS\unins000.exe"
SONAR 5 Producer Edition-->D:\02_Audio\PROGRA~1\SEQUEN~1\Cakewalk\SONAR5~1\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\Cakewalk\SONAR5~1\INSTALL.LOG
Soneus Premium Edition 1.0-->"D:\02_Audio\Programme\Sequenzer & Studios\Acon\Soneus Premium\unins000.exe"
Sonik Synth 2 Free-->D:\02_Audio\PlugIns\INSTRU~1\IKMULT~2\UNWISE.EXE D:\02_Audio\PlugIns\INSTRU~1\IKMULT~2\INSTALL.LOG
Sonnox Oxford Inflator Native VST v1.5.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford Inflator Native VST\unins000.exe"
Sonnox Oxford Limiter Native VST v1.1.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford Limiter Native VST\unins000.exe"
Sonnox Oxford R3 Dynamics Native VST v1.3.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford R3 Dynamics Native VST\unins000.exe"
Sonnox Oxford R3 EQ Native VST v1.6.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford R3 EQ Native VST\unins000.exe"
Sonnox Oxford TransMod Native VST v1.3.1-->"C:\Programme\Sonnox\Uninstall\Sonnox Oxford TransMod Native VST\unins000.exe"
SopCast 3.0.3-->D:\01_Office\03_Internet\SopCast\uninst.exe
Sound Master 07 Release 1.01-->"D:\05_Games\Sport\FIFA 07\Sound Master 07\unins000.exe"
Sound Master 08 Release 1.02-->"C:\Programme\Fifa Master\Sound Master 08\unins000.exe"
Soundbytes BagPipes VST v1.0-->"D:\02_Audio\PlugIns\Instrumente\Soundbytes BagPipes v1.0\BagPipes\Uninstall\unins000.exe"
SoundFonts.it GS-201 Tape Echo v1.0 VST-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\03_Send\Reverb\SOUNDF~1.0\UNWISE.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~2\VSTPLU~1\FX\03_Send\Reverb\SOUNDF~1.0\INSTALL.LOG
Sounds für Video- und Foto Shows DELUXE-->C:\WINDOWS\IsUn0407.exe -f"d:\02_audio\programme\sequenzer & studios\data becker\Sounds für Video- und Foto Shows DELUXE\soundbrowser2.isu"
SpinAudio Roomverb M2 DX VST v2.3 Build 200-->C:\PROGRA~1\SPINAU~1\ROOMVE~1\UNWISE.EXE C:\PROGRA~1\SPINAU~1\ROOMVE~1\INSTALL.LOG
Spybot - Search & Destroy 1.4-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
SSL LMC-1 v1.0-->D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\01_Insert\Dynamics\SSL LMC-1\Solid State Logic\Remove LMC-1.exe
SSL X-ISM v1.1-->D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase 4\VSTPlugins\FX\05_Mix & Mastering\SSL X-ISM\Solid State Logic\Remove X-ISM.exe
Startup Manager 1.5-->"C:\Programme\Startup Manager\unins000.exe"
Steinberg Cubase SX 3-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\install.log"
Steinberg Groove Agent 2-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\Groove Agent 2\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\Groove Agent 2\INSTALL.LOG"
Steinberg Groove Agent 3-->"D:\02_Audio\PlugIns\Instrumente\Steinberg Groove Agent\Groove Agent 3\uninstall.exe"
Steinberg HALion String Edition 2-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\HALion String Edition 2\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\HALion String Edition 2\Install.log"
Steinberg HALion Symphonic Orchestra-->"D:\02_Audio\PlugIns\Instrumente\Uninstall.exe" "D:\02_Audio\PlugIns\Instrumente\Install.log"
Steinberg The Grand 2-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\The Grand 2\Uninstall.exe" "D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\The Grand 2\Install.log"
Steinberg Virtual Bassist 1.0.0-->"D:\02_Audio\Programme\Sequenzer & Studios\Steinberg\Cubase SX3\Vstplugins\Virtual Bassist\unins000.exe"
Steinberg Virtual Guitarist 2-->"E:\03_Virtual Instruments\Virtual Guitarist 2\unins000.exe"
Steinberg Xphraze-->D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\Xphraze\UNINST~1.EXE D:\02_Audio\PROGRA~1\SEQUEN~1\STEINB~1\CUBASE~1\VSTPLU~1\Xphraze\INSTALL.LOG
Streambox Vcr Suite 2-->D:\01_Office\03_Internet\StreamboxVcrSuite2\unins000.exe
Subtitle Workshop 2.51-->"D:\04_DVD\02_Authoring\Creation\Subtitle Workshop\uninstall.exe"
SUPER © Version 2007.bld.21 (Jan 4, 2007)-->D:\04_DVD\02_AUT~1\RIP&BU~1\SUPER\Setup.exe /remove /q0
SWF & FLV Toolbox 3.5 (build 3.5.14.202)-->"D:\04_DVD\03_Player\SWF & FLV Toolbox\unins000.exe"
Syncrosoft Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SysExporter-->C:\WINDOWS\zipinst.exe /uninst "D:\01_Office\06_Büro\SysExporter\uninst1~.nsu"
TC Bundle v2.0-->C:\WINDOWS\UNWISE.EXE C:\audio\TC\Bundle\INSTALL.LOG
TC Native Essentials v1.02-->C:\WINDOWS\UNWISE.EXE C:\audio\tcnative\TC-ESS~1\install.log
The Way To Everest Book 1.2-->"C:\Programme\The Way To Everest Book\unins000.exe"
Timeworks Millenium Pack-->D:\02_Audio\PlugIns\Effekte\TIMEWO~1\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\TIMEWO~1\INSTALL.LOG
timeworks Reverb 4080L-->C:\WINDOWS\IsUninst.exe -fd:\02_audio\plugins\effekte\Timeworks\Uninst.isu
Timeworks ReverbX-->D:\02_Audio\PlugIns\Effekte\TIMEWO~1\ReverbX\UNWISE.EXE D:\02_Audio\PlugIns\Effekte\TIMEWO~1\ReverbX\INSTALL.LOG
TMPGEnc Plus 2.5-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C489B6E0-56CB-4B0F-B2E6-FF4C3D9FAE4F}
TPS_module (remove only)-->"D:\02_Audio\PlugIns\Instrumente\TPS Brass Section Module\uninst.exe"
TreeSize Free V1.78-->"D:\01_Office\04_Viewers\TreeSize\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.0.0-->C:\Programme\TVUPlayer\uninst.exe
UniDB Version 4.0-->D:\05_Games\Sport\UniDB\unins000.exe
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update für Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URL Snooper v2.13.04-->"D:\01_Office\03_Internet\URLSnooper2\unins000.exe"
URS Classic Console Strip Pro VST RTAS v1.0-->"C:\Programme\URS Plugins\Uninstall\unins000.exe"
Variax Workbench (remove only)-->"D:\02_Audio\Programme\Editoren\Line 6\Variax Workbench\Uninstall.exe"
Video Fixer 3.23-->C:\Programme\videofixer\unins000.exe
VideoLAN VLC media player 0.8.5-->D:\01_Office\03_Internet\VLC\uninstall.exe
Vidomi (remove only)-->"D:\04_DVD\02_Authoring\Rip & Burn\Vidomi\uninst-Vidomi.exe"
VidSplitter-->"C:\Programme\GeoVid\VidSplitter\unins000.exe"
vob2audio 0.1.0-->"D:\04_DVD\02_Authoring\Rip & Burn\vob2audio\unins000.exe"
VSO CopyToDVD 3-->"D:\04_DVD\02_Authoring\Creation\CopyToDVD v3.0.56\unins000.exe"
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Tools 4.1-->c:\PROGRAMME\WINDOWS MEDIA PLAYER\Tools\_insttoo.exe /U
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

=====HijackThis Backups=====

O20 - Winlogon Notify: mssoapr32 - mssoapr32.dll (file missing) [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [2009-10-16]
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM') [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotDeletingC496] cmd.exe /c del "C:\WINDOWS\system32\lowsec\user.ds" [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotDeletingA9570] command.com /c del "C:\WINDOWS\system32\lowsec\user.ds" [2009-10-16]
O4 - HKLM\..\RunOnce: [SpybotDeletingC3321] cmd.exe /c del "C:\WINDOWS\system32\lowsec\local.ds" [2009-10-16]
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') [2009-10-16]
O23 - Service: ABBYY FineReader 9.0-Lizenzierungsdienst (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - D:\01_Office\06_Büro\Abby Finereader v9.0\NetworkLicenseServer.exe (file missing) [2009-10-16]
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab [2009-10-19]

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition
AV: Avira AntiVir PersonalEdition Classic
AV: a-squared Anti-Malware

======System event log======

Computer Name: STUDIO
Event Code: 2
Message: Device identified.

Record Number: 108175
Source Name: nvatabus
Time Written: 20090928090431.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 2
Message: Device identified.

Record Number: 108174
Source Name: nvatabus
Time Written: 20090928090431.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 2
Message: Device identified.

Record Number: 108173
Source Name: nvatabus
Time Written: 20090928090431.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 1003
Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 0013D337CE7C zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten:
Der Vorgang wurde durch den Benutzer abgebrochen.
.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Record Number: 108172
Source Name: Dhcp
Time Written: 20090928090430.000000+120
Event Type: Warnung
User:

Computer Name: STUDIO
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 108171
Source Name: EventLog
Time Written: 20090928090429.000000+120
Event Type: Informationen
User:

=====Application event log=====

Computer Name: STUDIO
Event Code: 512
Message:
Record Number: 10846
Source Name: CodeMeter Runtime Server
Time Written: 20091016161336.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 105
Message: The service was started.

Record Number: 10845
Source Name: ATI Smart
Time Written: 20091016161336.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 1002
Message: Die Shell wurde unerwartet beendet und Explorer.exe wurde neu gestartet.

Record Number: 10844
Source Name: Winlogon
Time Written: 20091016091221.000000+120
Event Type: Informationen
User:

Computer Name: STUDIO
Event Code: 100
Message:
Record Number: 10843
Source Name: SNL HiveManager
Time Written: 20091015204804.000000+120
Event Type: Warnung
User:

Computer Name: STUDIO
Event Code: 100
Message:
Record Number: 10842
Source Name: SNL HiveManager
Time Written: 20091015204610.000000+120
Event Type: Warnung
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\iZotope\Runtimes;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.5.0_09\lib\ext\QTJava.zip

-----------------EOF-----------------

Ups! Da schlummert wohl noch was ...


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d392d338a6eafa45993aee24daad1070
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-27 04:12:29
# local_time=2009-10-27 05:12:29 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1022435 1022435 0 0
# compatibility_mode=8192 67108863 100 0 3691 3691 0 0
# compatibility_mode=9730 16764901 100 100 74423 57896584 0 0
# scanned=195297
# found=2
# cleaned=2
# scan_time=5654
D:\01_Office\03_Internet\RSD v0.56 CES\ccf2rsdf.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\01_Office\03_Internet\RSD v0.56 CES\RSD.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

schritt 1

Tool-Bereinigung mit OTM

Wir werden nun die CleanUp!-Funktion von OTM nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

• Bitte lade Dir (falls noch nicht vorhanden) OTM von OldTimer herunter.
• Speichere es auf Deinem Desktop.
• Doppelklick auf OTM.exe um das Programm auszuführen.
  Vista-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
• Klicke auf den Button "CleanUp!"
• OTM fragt eventuell nach einem Neustart.
  Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTM und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


schritt 2

Poste eine neue HJT Logfile.
Berichte wie sich der Rechner macht?

Hallo nochmal,

dieser Thread war zwar schon von mir verwaist liegen gelassen worden, da ich den Rechner schlicht neu aufgesetzt habe ... :killpc:

[natürlich nach eurer Anleitung! :-)]

... nun möchte ich aber sicher gehen, dass insbesondere zwei Störenfriede nicht mehr vorhanden sind (da einige Dateien des alten Systems erneut benutzt werden). :aufsmaul:

Es geht mir um "urlzone_2" und "urlzone" bzw. "tr/runner.bg".
Vielleicht könnt ihr mir Gewissheit verschaffen, dass ich diese beiden definitiv los bin. :-)

Welche Logfiles benötigt ihr dafür?