|
iwseu.exe: unbekannte Datei öffnet Werbung! Hallo! Seit neustem öffnen sich bei mir Fenster mit Werbung(Jamba,...). Nach beenden der Datei iwseu.exe(Finde weder hier, noch in Google Informationen) schließt sich das Fenster und es werden keine weiteren aufgerufen. Durch den Suchvorgang kann die Datei nicht gefunden werden, habe aber auf eigene Faust gesucht und habe das Programm in C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ gefunden. iwseu-Dateien: iwseu.dat iwseu.exe iwseu_nav.dat iwseu_navps.dat Habe iwseu.exe bei VirusTotal testen lassen: 2 Treffer von 40 Antivirus-Programmen McAfee-GW-Edition Trojan.LooksLike.Dropper Panda Suspicious file Ist jemand dieser Fall bekannt?? Wie soll ich vorgehen? Löschen? Freue mich auf Antworten Oma Peter PS: Antivir, Adaware und spybot sagten: SAUBER! |
Hallo, poste ein Hijackthis logfile. Danach lässt du Navilog laufen. Navilog Starte navilog1.exe und installiere die Anwendung, eventuelle Fehlermeldungen Deines Virescanners sind zu ignorieren (Anwendung erlauben!) Alle anderen Anwendungen bitte beenden! Danach sollte navilog automatisch starten, sonst per Doppelklick dem Desktop starten. Im Sprachmenü bitte Englisch auswählen. Wähle 1 im nächsten Menü um "Suche" auszuwählen. Bestätige mit Enter. Während der Suche nichts am Rechner machen, nur auf Programmaufforderung! Nach dem Durchlauf sollte sich der Editor mit dem Log (fixnavi.txt) öffnen, Inhalt kopieren und in Thread einfügen. Das Log findest Du auch im Hauptverzeichnis (z.B.: "C:\"). http://pagesperso-orange.fr/il.mafio...x/Navilog1.exe |
Erstmal HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:38, on 31.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Lion\Lion.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Electronic Arts\EADM\Core.exe C:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\iwseu.exe C:\Programme\Hamachi\hamachi.exe D:\eigene3\mousometer.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Tunngle\TnglCtrl.exe C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe C:\Programme\HHVcdV5Sys\VC5SecS.exe C:\Programme\HHVcdV7Sys\VC7SecS.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Lion] "C:\Programme\Lion\Lion.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [iwseu] "c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\iwseu.exe" iwseu O4 - Startup: hamachi.lnk = C:\Programme\Hamachi\hamachi.exe O4 - Startup: Mousometer.lnk = C:\Dokumente und Einstellungen\***\Eigene Dateien\mousometer.exe O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{31778FC6-FEB4-4B3B-930F-3CDAA58F47FF}: NameServer = 192.168.0.1 O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c994123999325f) (gupdate1c994123999325f) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programme\Tunngle\TnglCtrl.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7723 bytes Navilog kommt gleich! |
Search Navipromo version 3.7.7 began on 31.05.2009 at 17:29:56,00 !!! Warning, this report may include legitimate files/programs !!! !!! Post this report on the forum you are being helped !!! !!! Don't continue with removal unless instructed by an authorized helper !!! Fix running from C:\Programme\navilog1 Updated on 12.05.2009 at 18h00 by IL-MAFIOSO Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz ) BIOS : Default System BIOS USER : *** ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.26 (Activated) Firewall : ZoneAlarm Firewall 7.0.483.000 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:127 Go (Free:38 Go) D:\ (Local Disk) - NTFS - Total:337 Go (Free:111 Go) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) Search done in normal mode *** Search folders in "C:\WINDOWS" *** *** Search folders in "C:\Programme" *** *** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1\progra~1" *** ...\Live-Player found ! *** Search folders in "C:\Dokumente und Einstellungen\All Users\startm~1" *** *** Search folders in "c:\dokume~1\alluse~1\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\***\anwend~1" *** ...\Live-Player found ! *** Search folders in "C:\Dokumente und Einstellungen\***\lokale~1\anwend~1" *** *** Search folders in "C:\Dokumente und Einstellungen\***\startm~1\progra~1" *** *** Search with Catchme-rootkit/stealth malware detector by gmer *** for more info : http://www.gmer.net *** Search with GenericNaviSearch *** !!! Possibility of legitimate files in the result !!! !!! Must always be checked before manually deleting !!! * Scan in "C:\WINDOWS\system32" * * Scan in "C:\Dokumente und Einstellungen\***\lokale~1\anwend~1" * *** Search files *** *** Search specific Registry keys *** !! Following keys are not certainly all infected !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iwseu"="\"c:\\dokumente und einstellungen\\***\\lokale einstellungen\\anwendungsdaten\\iwseu.exe\" iwseu" *** Complementary Search *** (Search specific files) 1)Search new Instant Access files : 2)Heuristic Search : * In "C:\WINDOWS\system32" : * In "C:\Dokumente und Einstellungen\***\lokale~1\anwend~1" : iwseu.exe found ! iwseu.dat found ! iwseu_nav.dat found ! iwseu_navps.dat found ! 3)Certificates Search : Egroup certificate not found ! Electronic-Group certificate not found ! Montorgueil certificate not found ! OOO-Favorit certificate not found ! Sunny-Day-Design-Ltd certificate not found ! 4)Search others known folders and files : *** Search completed on 31.05.2009 at 17:33:33,34 *** |
Navilog nochmal mit Option 2 durchlaufen lassen. Log posten. |
Navipromo Removal version 3.7.7 started on 31.05.2009 at 20:53:27,90 Fix running from C:\Programme\navilog1 Updated on 12.05.2009 at 18h00 by IL-MAFIOSO Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz ) BIOS : Default System BIOS USER : *** ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.26 (Activated) Firewall : ZoneAlarm Firewall 7.0.483.000 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:127 Go (Free:38 Go) D:\ (Local Disk) - NTFS - Total:337 Go (Free:111 Go) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) Automatic removal with Catchme and GNS results Cleanning stage done on Reboot *** fsbl1.txt not found *** (Check that Catchme found nothing in Search Mode) *** Deleting with Backups GenericNaviSearch results *** * Deletion in "C:\WINDOWS\System32" * * Deletion in "C:\Dokumente und Einstellungen\***\lokale~1\anwend~1" * *** Deleting folders in "C:\WINDOWS" *** *** Deleting folders in "C:\Programme" *** *** Deleting folders in "C:\Dokumente und Einstellungen\All Users\startm~1\progra~1" *** ...\Live-Player ...deleting... ...\Live-Player deleted ! *** Deleting folders in "C:\Dokumente und Einstellungen\All Users\startm~1" *** *** Deleting folders in "c:\dokume~1\alluse~1\anwend~1" *** *** Deleting folders in "C:\Dokumente und Einstellungen\***\anwend~1" *** ...\Live-Player ...deleting... ...\Live-Player deleted ! *** Deleting folders in "C:\Dokumente und Einstellungen\***\lokale~1\anwend~1" *** *** Deleting folders in "C:\Dokumente und Einstellungen\***\startm~1\progra~1" *** *** Deleting files *** *** Deleting temporary files *** Cleaning of C:\WINDOWS\Temp done ! Cleaning of C:\Dokumente und Einstellungen\***\lokale~1\Temp done ! *** Complementary Search *** (Search specific files) 1)Deletion with backups new Instant Access files: 2)Heuristic search and deletion with backups : * In "C:\WINDOWS\system32" * * In "C:\Dokumente und Einstellungen\***\lokale~1\anwend~1" * iwseu.exe found ! Copy iwseu.exe done ! iwseu.exe deleted ! iwseu.dat found ! Copy iwseu.dat done ! iwseu.dat deleted ! iwseu_nav.dat found ! Copy iwseu_nav.dat done ! iwseu_nav.dat deleted ! iwseu_navps.dat found ! Copy iwseu_navps.dat done ! iwseu_navps.dat deleted ! *** Copy Registry to Safebackup folder *** Backing up Registry done ! *** Cleaning Registry *** Registry cleaned *** Certificates *** Egroup Certificate not found ! Electronic-Group Certificate not found ! Montorgueil Certificate not found ! OOO-Favorit Certificate not found ! Sunny-Day-Design-Ltd Certificate not found ! *** Search others known folders and files *** *** Cleaning stage complete on 31.05.2009 at 20:57:32,14 *** Nächstes Problem: Seit dem Neustart kommen nichtendende Meldungen: Das System wird nach einem schwerwiegenden Fehler wieder ausgeführt! Problemberichtinhalt: C:\DOKUME~1\Janis\LOKALE~1\Temp\WERca43.dir00\Mini042609-01.dmp C:\DOKUME~1\Janis\LOKALE~1\Temp\WERca43.dir00\sysdata.xml Was ist den jetzt los?? |
Systemdetails mit RSIT prüfen
Poste erstmal alle Logs. Danach schließe alle Anwendungen und lass folgendes laufen: Rootkitscan mit RootRepeal
|
Datei zu groß ^^ also Part 1: log.txt PS: MELDUNGEN HABEN NACH NEUSTART AUFGEHÖRT! Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-06-01 09:24:34 Microsoft Windows XP Professional Service Pack 3 System drive C: has 42 GB (32%) free of 131 GB Total RAM: 3327 MB (83% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:24:35, on 01.06.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Lion\Lion.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Electronic Arts\EADM\Core.exe D:\eigene3\mousometer.exe C:\Programme\Outlook Express\msimn.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Tunngle\TnglCtrl.exe C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe C:\Programme\HHVcdV5Sys\VC5SecS.exe C:\Programme\HHVcdV7Sys\VC7SecS.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Lion] "C:\Programme\Lion\Lion.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent O4 - Startup: hamachi.lnk = C:\Programme\Hamachi\hamachi.exe O4 - Startup: Mousometer.lnk = C:\Dokumente und Einstellungen\***\Eigene Dateien\mousometer.exe O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{31778FC6-FEB4-4B3B-930F-3CDAA58F47FF}: NameServer = 192.168.0.1 O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Update Service (gupdate1c994123999325f) (gupdate1c994123999325f) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programme\Tunngle\TnglCtrl.exe O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Programme\HHVcdV5Sys\VC5SecS.exe O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH - C:\Programme\HHVcdV7Sys\VC7SecS.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7535 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Programme\Java\jre6\bin\ssv.dll [2009-01-12 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-01-12 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-12 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16 161352] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-01-12 136600] "HDAudDeck"=C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe [2008-06-17 29835264] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2008-09-06 413696] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Lion"=C:\Programme\Lion\Lion.exe [2009-01-03 227378] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-30 68856] "EA Core"=C:\Programme\Electronic Arts\EADM\Core.exe [2009-04-29 3338240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Programme\Ahead\InCD\InCD.exe [2004-04-06 1298542] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe [2006-05-16 213936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe [2008-09-10 289576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] C:\WINDOWS\system32\oodtray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-30 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-06-30 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe [2003-11-07 176128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Programme\Winamp\winampa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [] C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart hamachi.lnk - C:\Programme\Hamachi\hamachi.exe Mousometer.lnk - D:\eigene3\mousometer.exe Outlook Express.lnk - C:\Programme\Outlook Express\msimn.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=0 "NoDrives"=03000000 "NoSharedDocuments"=01000000 "NoActiveDesktop"=0 "NoUserNameInStartMenu"=1 "StartMenuLogOff"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe"="C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe:*:Enabled:HDeck" "C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\RarSFX2\haloce.exe"="C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\RarSFX2\haloce.exe:*:Enabled:Halo" "C:\Programme\Fritz und Fertig\Internetschach\PlayChess.exe"="C:\Programme\Fritz und Fertig\Internetschach\PlayChess.exe:*:Enabled:PlayChess" "D:\Programme\Battle for Wesnoth 1.4\wesnothd.exe"="D:\Programme\Battle for Wesnoth 1.4\wesnothd.exe:*:Enabled:wesnothd" "C:\Programme\Firaxis Games\Civilization IV\Civilization4.exe"="C:\Programme\Firaxis Games\Civilization IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "D:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe"="D:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends" "C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Programme\Zattoo\Zattoo2.exe"="C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: " "C:\Programme\Zattoo\Zattoo.exe"="C:\Programme\Zattoo\Zattoo.exe:*:Enabled: " "D:\Programme\EA GAMES\Battlefield 2\BF2.exe"="D:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" "C:\Dokumente und Einstellungen\***\Desktop\WoW-deDE-Installer-downloader.exe"="C:\Dokumente und Einstellungen\***\Desktop\WoW-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Dokumente und Einstellungen\***\Desktop\WoW-BurningCrusade-deDE-Installer-downloader.exe"="C:\Dokumente und Einstellungen\***\Desktop\WoW-BurningCrusade-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader" "D:\Programme\World of Warcraft\Repair.exe"="D:\Programme\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility" "D:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat"="D:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe" "C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe" "C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Programme\Teamspeak2_RC2\server_windows.exe"="C:\Programme\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server" "C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood" "C:\Dokumente und Einstellungen\***\Desktop\soldier.of.fortune.2-WwW.PalDDL.Com\soldier.of.fortune.2-WwW.PalDDL.Com\SoF2MP.exe"="C:\Dokumente und Einstellungen\***\Desktop\soldier.of.fortune.2-WwW.PalDDL.Com\soldier.of.fortune.2-WwW.PalDDL.Com\SoF2MP.exe:*:Enabled:SoF2MP" "D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club" "C:\Programme\Electronic Arts\EADM\Core.exe"="C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "D:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="D:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\Programme\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "D:\Programme\World of Warcraft\Launcher.exe"="D:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "D:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe"="D:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Rune\System\Rune.exe"="C:\Rune\System\Rune.exe:*:Enabled:Rune" "D:\Programme\Wolfenstein - Enemy Territory\ET.exe"="D:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET" "D:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="D:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV" "D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV" "C:\Programme\Tunngle\TnglCtrl.exe"="C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service" "C:\Programme\Tunngle\Tunngle.exe"="C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client" "D:\Programme\EA Sports\Madden NFL 08\Updater.exe"="D:\Programme\EA Sports\Madden NFL 08\Updater.exe:*:Enabled:Updater" "D:\Programme\EA Sports\FIFA 09\FIFA09.exe"="D:\Programme\EA Sports\FIFA 09\FIFA09.exe:*:Enabled:FIFA09" "C:\Programme\PPMate\ppmate.exe"="C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a549cb6-2e50-11dd-9a45-eae8b4e650b5}] shell\AutoRun\command - M:\pushinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca87e00b-595b-11dd-9aad-001a4f9c0a10}] shell\AutoRun\command - I:\WD_Windows_Tools\Setup.exe |
Part 2: ======List of files/folders created in the last 1 months====== 2009-06-01 09:12:44 ----D---- C:\rsit 2009-05-31 20:53:27 ----A---- C:\cleannavi.txt 2009-05-31 17:29:56 ----A---- C:\fixnavi.txt 2009-05-31 17:29:10 ----D---- C:\Programme\Navilog1 2009-05-23 16:38:04 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PPMate 2009-05-23 16:38:03 ----D---- C:\Programme\Gemeinsame Dateien\Synacast 2009-05-23 16:38:01 ----D---- C:\Programme\PPMate 2009-05-23 16:35:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU Networks 2009-05-23 16:34:42 ----D---- C:\Programme\TVUPlayer 2009-05-18 20:23:29 ----D---- C:\ConverterOutput 2009-05-18 20:22:48 ----A---- C:\WINDOWS\system32\cdga.dll 2009-05-18 20:22:48 ----A---- C:\WINDOWS\system32\cdg.dll 2009-05-07 14:21:53 ----D---- C:\Programme\HooTech 2009-05-05 18:42:53 ----A---- C:\WINDOWS\system32\kbdkor.dll 2009-05-05 18:42:53 ----A---- C:\WINDOWS\system32\kbdjpn.dll 2009-05-05 18:42:53 ----A---- C:\WINDOWS\system32\kbd103.dll 2009-05-05 18:42:53 ----A---- C:\WINDOWS\system32\kbd101c.dll 2009-05-05 18:42:53 ----A---- C:\WINDOWS\system32\kbd101b.dll 2009-05-05 18:42:51 ----A---- C:\WINDOWS\system32\kbd106.dll 2009-05-02 12:50:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle 2009-05-02 12:50:18 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Tunngle 2009-05-02 12:50:14 ----D---- C:\Programme\Tunngle ======List of files/folders modified in the last 1 months====== 2009-06-01 09:19:12 ----D---- C:\Programme\Mozilla Firefox 2009-06-01 09:18:50 ----D---- C:\WINDOWS\Temp 2009-06-01 09:18:48 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Hamachi 2009-06-01 09:18:47 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-01 09:18:20 ----D---- C:\WINDOWS\Minidump 2009-06-01 09:18:20 ----D---- C:\WINDOWS 2009-06-01 09:12:50 ----D---- C:\WINDOWS\Prefetch 2009-06-01 00:15:25 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-31 20:57:32 ----D---- C:\WINDOWS\system32 2009-05-31 17:29:10 ----RD---- C:\Programme 2009-05-31 15:27:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2009-05-30 18:02:25 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-30 14:54:52 ----HD---- C:\WINDOWS\inf 2009-05-30 14:54:52 ----D---- C:\WINDOWS\system32\drivers 2009-05-30 14:54:49 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-05-30 14:54:30 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-05-23 16:38:03 ----D---- C:\Programme\Gemeinsame Dateien 2009-05-23 16:05:01 ----D---- C:\Programme\Winamp 2009-05-21 16:05:32 ----A---- C:\WINDOWS\scummvm.ini 2009-05-19 22:03:56 ----A---- C:\Cucu_Video_log.txt 2009-05-17 15:48:10 ----A---- C:\WINDOWS\NeroDigital.ini 2009-05-17 14:02:11 ----HD---- C:\Programme\InstallShield Installation Information 2009-05-16 21:32:56 ----A---- C:\WINDOWS\Robota.INI 2009-05-16 21:32:56 ----A---- C:\WINDOWS\BeatBox.INI 2009-05-16 19:33:43 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent 2009-05-16 19:31:42 ----D---- C:\ppwork 2009-05-14 21:40:01 ----SHD---- C:\WINDOWS\Installer 2009-05-12 20:29:49 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss 2009-05-09 09:58:43 ----RSD---- C:\WINDOWS\assembly 2009-05-09 09:58:26 ----D---- C:\WINDOWS\system32\DirectX 2009-05-09 08:42:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-07 18:35:51 ----SD---- C:\WINDOWS\Tasks 2009-05-07 09:16:29 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-05 18:43:16 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-05 18:43:00 ----D---- C:\WINDOWS\Help 2009-05-05 18:42:57 ----RSD---- C:\WINDOWS\Fonts 2009-05-03 11:25:00 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-05-02 14:18:09 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-04-06 25600] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ISODisk;ISODisk; C:\WINDOWS\system32\drivers\ISODisk.sys [2006-04-26 9600] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-26 52224] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys [] R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-04-27 55640] R3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\System32\DRIVERS\fwlanusb.sys [2006-07-31 264704] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-23 25280] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-07 6133856] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2007-09-20 22016] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368] R3 StillCam;Treiber für serielle Digitalkamera; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-18 7040] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2008-09-18 25600] R3 tenCapture;tenCapture; C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-21 277376] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-04-06 89472] S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064] S3 aqicgnbv;aqicgnbv; C:\WINDOWS\system32\drivers\aqicgnbv.sys [] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] S3 catchme;catchme; \??\C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys [] S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-01-12 10976] S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-01-12 22368] S3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25856] S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2008-10-05 4096] S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2007-09-20 53632] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336] S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112] S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680] S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488] S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176] S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696] S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080] S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 83496] S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016] S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 109992] S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976] S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 24872] S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 100008] S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 105896] S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704] S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [] S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; C:\WINDOWS\system32\drivers\mchInjDrv.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 InCDsrv;InCD Helper; C:\Programme\Ahead\InCD\InCDsrv.exe [2004-04-06 929904] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-01-12 152984] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-05-30 1005904] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-02-26 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-03 201440] R2 TunngleService;TunngleService; C:\Programme\Tunngle\TnglCtrl.exe [2009-04-30 667896] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 VC5SecS;Virtual CD v5 Security service; C:\Programme\HHVcdV5Sys\VC5SecS.exe [2003-11-07 147456] R2 VC7SecS;Virtual CD v7 Management Service; C:\Programme\HHVcdV7Sys\VC7SecS.exe [2005-11-24 106496] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 gupdate1c994123999325f;Google Update Service (gupdate1c994123999325f); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-21 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-09-10 536872] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-19 355584] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- |
======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7 Sins-->C:\Programme\Monte Cristo\7 Sins\uninst.exe 7-Zip 4.57-->"C:\Programme\7-Zip\Uninstall.exe" Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArtMoney SE v7.28-->"C:\Programme\ArtMoney\Uninstall\unins000.exe" Audacity 1.2.6-->"C:\Programme\Audacity\unins000.exe" Avanquest update-->C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly AVI Screen Saver-->RunDll32 syssetup.dll,SetupInfObjectInstallAction Uninstall.NT 4 AVISS.INF AVI-MPG-WMV Screensaver Trial-->"C:\Programme\AVI-MPG-WMV Screensaver Trial\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE Battlefield 2: Deluxe-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7 -removeonly BF2142 Editor-->C:\WINDOWS\st6unst.exe -n "C:\Programme\BF2142 Editor\ST6UNST.LOG" Big Mutha Truckers 2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FA075505-EFF6-4006-8E9F-921E09774684}\setup.exe" -l0x7 Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Canon IXY 200a, PowerShot S200, IXUS v2 WIA-Treiber-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E6EB54E2-3FEB-4C45-B817-B8BD40E9642C} CasinoSoft Permanenzdruck-->MsiExec.exe /I{54491063-3093-45DD-9DBB-3AC5075CC18E} CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" Civilization IV-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1487C7D1-AFBC-6EA4-AD70-45AAC049DA74}\setup.exe" -l0x7 -removeonly Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275} Creation Master 09 Rel 1.00-->"C:\Programme\Fifa Master\Creation Master 09\unins000.exe" Cucusoft Ultimate DVD + Video Converter Suite 7.13.7.7-->"d:\Programme\Cucusoft\Ultimate-Converter\unins000.exe" DeFal's CD Menü Designer 1.6.4.1-->"C:\Programme\DeFal\DeFal's CD Menü Designer 1.6\unins000.exe" DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN DreamStripper Cabaret-->MsiExec.exe /I{57EAD830-1C8D-4206-BC4A-C9C19B7B4E6A} Drome Racers-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x7 DVD Solution-->C:\Programme\Uninstall_CDS.exe DVR-Studio Pro-->"C:\Programme\DVR-Studio Pro\Uninstall.exe" "C:\Programme\DVR-Studio Pro\install.log" EA Download Manager-->C:\Programme\Electronic Arts\EADM\Uninstall.exe Far Manager FTP Password recovery-->"C:\Programme\GeeOS FarFTP\uninstall.exe" FastStone Image Viewer 3.7-->C:\Programme\FastStone Image Viewer\uninst.exe ffdshow [rev 1909] [2008-03-20]-->"C:\Programme\K-Lite Codec Pack\ffdshow\unins000.exe" Fiesta Online(EU_German) 1.02.004-->d:\Programme\Gamigo Games\Fiesta Online(EU_German)\uninst.exe FIFA 09 Music Changer-->C:\Program Files\FIFA Tools\FIFA 09 Music Changer\uninstall.exe FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB} FIFA Fussball-Weltmeisterschaft 2006 (TM)-->C:\Programme\EA SPORTS\FIFA Fussball-Weltmeisterschaft 2006 (TM)\EAUninstall.exe Firebird SQL Server - MAGIX Edition-->D:\Programme\MAGIX\Common\Database\instslct.exe /p FlatOut2-->MsiExec.exe /I{7E641E46-81DB-4D1D-906A-48342523051C} Forgotten FTP Password 1.0-->C:\Programme\ZZEE\FFP\remove.exe Free DVD Video Burner version 1.1-->"C:\Programme\DVDVideoSoft\Free DVD Video Burner\unins000.exe" Free iPod Video Converter 1.34-->"C:\Programme\Free iPod Video Converter\unins000.exe" Free Video to DVD Converter version 1.1-->"C:\Programme\DVDVideoSoft\Free Video to DVD Converter\unins000.exe" Free Video to iPod Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free Video to iPod Converter\unins000.exe" FreeStar Burner-DVD Software 1.0.2-->C:\Programme\freestar\bd\uninst.exe GameWiz32-->C:\WINDOWS\system32\GKSUI18.EXE C:\Programme\GameWiz32\Uninstall2EC1.DAT Gigaflat-->"C:\Programme\Gigaflat\unins000.exe" Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall Grand Theft Auto IV-->"C:\Programme\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly GTA2-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9 Gubb-->d:\Programme\Gubble 2\uninstal.exe 0 Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe HammerHead Rhythm Station-->C:\Programme\HammerHead\Uninstall.exe Hex-Editor MX-->"C:\Programme\Hex-Editor MX\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hitman 2: Silent Assassin-->C:\PROGRA~1\EIDOSI~1\HITMAN~1\uninstall.exe Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Customer Participation Program 7.0-->C:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Document Viewer 7.0-->C:\Programme\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Imaging Device Functions 7.0-->C:\Programme\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Premier Software 6.5-->C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Programme\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat ICQ6-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Inno Setup Version 5.2.3-->"C:\Programme\Inno Setup 5\unins000.exe" InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe ISODisk 1.1-->"C:\Programme\ISODisk\unins000.exe" iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Jazz Jackrabbit 2-->C:\Games\Jazz2\UnInst.exe C:\Games\Jazz2\UnInst.j2 Journeyman Project 3 - Legacy of Time-->C:\WINDOWS\unin0407.exe -f"d:\Programme\Red Orb Entertainment\Journeyman Project 3 - Legacy of Time\DeIsL1.isu" KishKish SAM-->C:\Programme\SAM\uninst.exe K-Lite Codec Pack 3.9.0 Full-->"C:\Programme\K-Lite Codec Pack\unins000.exe" L&H TTS3000 Deutsch-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall LEGO Star Wars II-->C:\Programme\InstallShield Installation Information\{578FA426-47C0-4A3F-98A4-01ACD26B7556}\setup.exe -runfromtemp -l0x0407 Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall Lion 3.0.1-->"C:\Programme\Lion\unins000.exe" Madden NFL 08 -->d:\Programme\EA Sports\Madden NFL 08\EAUninstall.exe MAGIX 3D Maker Download-Version 6.0.0.2 (D)-->C:\Programme\MAGIX\3D_Maker_Download-Version\unwise.exe MAGIX Music Maker 2008 13.0.0.16 (D)-->D:\Programme\MAGIX\MusicMaker2008\instslct.exe MAGIX PC Visit-->D:\Programme\MAGIX\PCVisit\instslct.exe Max Payne-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe" uninstall uninstall MediaFocus II-->C:\WINDOWS\unin0407.exe -f"C:\Programme\TechniSat\MediaFocus II\DeIsL1.isu" -c"C:\Programme\TechniSat\MediaFocus II\_ISREG32.DLL" Mediaport-->C:\PROGRA~1\TECHNI~1\MEDIAP~1\UNWISE.EXE C:\PROGRA~1\TECHNI~1\MEDIAP~1\INSTALL.LOG MediaSaver-->C:\WINDOWS\uninst.exe -f"C:\Program Files\GTI Software\MediaSaver\DeIsL1.isu" Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Application Compatibility Toolkit 5.0-->MsiExec.exe /X{BBB3F622-D848-4CDA-B282-CC53627432F0} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Express Edition - DEU-->C:\Programme\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - DEU\setup.exe Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall Midi Maker-->C:\WINDOWS\iun506.exe C:\Programme\Midi Maker\irunin.ini Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe Mp3tag v2.43-->C:\Programme\Mp3tag\Mp3tagUninstall.EXE MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Multimedia Launcher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall MyReader-->MsiExec.exe /X{861C203D-5163-4BE3-BB5A-2561C61888DB} MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723} Name Maker Studio G2 v6.3-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Name Maker Studio G2\ST6UNST.LOG" Navilog1 3.7.7-->"C:\Programme\Navilog1\unins000.exe" Nero 6 Ultra Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Novo's Easy WoW Server 0.2.6-->C:\Programme\Novo's Easy WoW Server\0.2.6\Uninstall.exe NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF} OCR Software by I.R.I.S 7.0-->C:\Programme\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat Oxin's Style! 3D Sexvilla 2.055.001-->"C:\Program Files\Oxin's Style!\3D Sexvilla 2\Binaries\unins000.exe" Photo Transport-->MsiExec.exe /X{63CFD835-FF50-4F8B-91CD-5662A8C640F8} PKR-->"d:\Programme\PKR\uninstall-pkr.exe" Populous 3-->"C:\Programme\InstallShield Installation Information\{96A48468-E42F-489E-9A18-B4EC48780523}\setup.exe" -runfromtemp -l0x0009 -removeonly PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall PPMate Network TV 2.3.2.0-->C:\Programme\PPMate\uninst.exe Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} ProtectDisc Helper Driver 10-->C:\Programme\ProtectDisc Driver Installer\uninstall_v10.exe QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} RAD Video Tools-->"C:\Programme\RADVideo\uninstall.exe" RanGen 1.0.2.x-->C:\Programme\RanGen\unins000.exe RAR Password Recovery v1.1 RC16 (remove only)-->C:\Programme\Intelore\RAR-PR\uninstall.exe Rayman 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}\setup.exe" -l0x7 RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly Rockstar Games Social Club-->"C:\Programme\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x7 Rune Halls of Valhalla 1.08-->"C:\Rune\unins000.exe" Rune-->C:\Rune\System\Setup.exe uninstall "Rune - Halls of Valhalla" Sataan - Das Spiel-->"C:\Programme\rondomedia\Sataan - Das Spiel\unins001.exe" ScummVM 0.8.0-->"C:\Programme\ScummVM\unins000.exe" Setupbuilder Std-->C:\Programme\Setupbuilder Std\uninstall.exe "C:\Programme\Setupbuilder Std\uninstall.sbu" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" |
Part 2: Singles Patch 1.4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5628829F-3318-4DDA-988D-D301832F1611}\Setup.exe" -l0x7 Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Smart Install Maker 5.02-->C:\Programme\Smart Install Maker\Uninstall.exe Smart Virtual CD v5-->"C:\WINDOWS\system32\VCDSCDUI.EXE" 1 SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821} Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{98EA51C9-B0B0-45BC-8641-3E119EA47D7B} Sony Ericsson PC Suite 4.010.00-->C:\Programme\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0007 -removeonly Sound Master 09 Beta 1-->"C:\Programme\Fifa Master\Sound Master 09\unins000.exe" Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe" Star Wars Battlefront II-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x7 -removeonly Star Wars(TM): Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x7 Stronghold Legends-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{66A405D2-BA14-4594-BF36-B3B544F0754E}\setup.exe" -l0x7 -removeonly SUPER © Version 2008.bld.30 (Mar 22, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 Sveglia 2.1-->C:\Programme\Sveglia\uninst.exe System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins001.exe TeamSpeak 2 Server RC2-->"C:\Programme\Teamspeak2_RC2\unins000.exe" Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} The Movies(TM) Stunts & Spezialeffekte-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0556F885-2415-4666-B53E-33727E46AEA1} The Sims Deluxe Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l0009 Thrustmaster Calibration Tool-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{44B660BB-EAC5-4D4F-9890-C607DD5F7630}\setup.exe" -l0x7 -removeonly Thrustmaster Force Feedback Driver-->C:\Programme\InstallShield Installation Information\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}\setup.exe -runfromtemp -l0x0007 -removeonly Tony Hawk's Underground 2-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14} /l1031 TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Tunngle beta-->"C:\Programme\Tunngle\unins000.exe" TVUPlayer 2.4.5.3-->C:\Programme\TVUPlayer\uninst.exe Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" UltraMixer 2.3.5.1-->"C:\Programme\UltraMixer\unins000.exe" Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update Service-->d:\Programme\Sony Ericsson\Update Service\uninst.exe VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VIA Plattform-Geräte-Manager-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Virtual CD v7-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D026E10A-798A-4E54-8471-1016B968AEBB}\setup.exe" -l0x7 -removeonly VLC media player 0.9.6-->C:\Programme\VideoLAN\VLC\uninstall.exe Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->C:\Programme\WinRAR\uninstall.exe WinUHA 2.0 RC1 (2005.02.27)-->C:\Programme\WinUHA\unins000.exe Wolfenstein - Enemy Territory-->D:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u D:\PROGRA~1\WOLFEN~1\Uninstall\Install.log World of Warcraft-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\WORLD OF WARCRAFT (3)\Uninstall.exe WWE RAW - Total Edition-->MsiExec.exe /I{BECD7781-1BA0-461B-8389-237B3142868B} WWE RAW-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{689838DE-8467-45AE-A7FF-087B7C0E48C6}\Setup.exe" -l0x9 XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" YouTube Uploader for CASIO-->MsiExec.exe /X{E90040E4-98E2-40C8-AAC9-1E7B768F1A65} Zattoo 3.3.4 Beta-->C:\Programme\Zattoo\uninst.exe ZoneAlarm-->C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe =====HijackThis Backups===== O4 - Global Startup: Reboot.exe [2008-05-30] O4 - HKLM\..\RunOnce: [Execute] C:\WINDOWS\System32\Tools\DelFolders.exe [2008-05-30] O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} (Setup Class) - https://www.permissionresearch.com/C...pr/prsetup.cab [2008-07-28] O4 - HKCU\..\Run: [Biassign] C:\DOKUME~1\***\ANWEND~1\THUNKP~1\SafeDrive.exe [2008-07-29] O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\\NetPumperIEProxy.exe" [2008-07-29] ======Hosts File====== 192.168.0.101 cilantro.gotdns.com ======Security center information====== AV: AntiVir Desktop FW: ZoneAlarm Firewall (disabled) ======System event log====== Computer Name: ***-2 Event Code: 4201 Message: Netzwerkadapter "AVM FRITZ!WLAN USB Stick v1.1 - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das System wurde über das Netzwerk im normalen Zustand gestartet. Record Number: 59788 Source Name: Tcpip Time Written: 20090426142823.000000+120 Event Type: Informationen User: Computer Name: ***-2 Event Code: 17 Message: AVGNTFLT successfully loaded Record Number: 59787 Source Name: avgntflt Time Written: 20090426142823.000000+120 Event Type: Informationen User: Computer Name: ***-2 Event Code: 10 Message: Die digitale Audiowiedergabe wird von diesem Laufwerk nicht unterstützt. Record Number: 59786 Source Name: redbook Time Written: 20090426142823.000000+120 Event Type: Informationen User: Computer Name: ***-2 Event Code: 10 Message: Die digitale Audiowiedergabe wird von diesem Laufwerk nicht unterstützt. Record Number: 59785 Source Name: redbook Time Written: 20090426142823.000000+120 Event Type: Informationen User: Computer Name: ***-2 Event Code: 10 Message: Die digitale Audiowiedergabe wird von diesem Laufwerk nicht unterstützt. Record Number: 59784 Source Name: redbook Time Written: 20090426142823.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: ***-2 Event Code: 0 Message: Record Number: 1829 Source Name: gusvc Time Written: 20090210142243.000000+060 Event Type: Informationen User: Computer Name: ***-2 Event Code: 1 Message: Record Number: 1828 Source Name: Bonjour Service Time Written: 20090210142243.000000+060 Event Type: Informationen User: Computer Name: ***-2 Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 1827 Source Name: SecurityCenter Time Written: 20090210141905.000000+060 Event Type: Informationen User: Computer Name: ***-2 Event Code: 4096 Message: Der AntiVir Dienst wurde erfolgreich gestartet! Record Number: 1826 Source Name: Avira AntiVir Time Written: 20090210141902.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: ***-2 Event Code: 0 Message: Record Number: 1825 Source Name: gusvc Time Written: 20090210141856.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\DivX Shared\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=4 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "VS80COMNTOOLS"=C:\Programme\Microsoft Visual Studio 8\Common7\Tools\ "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.6.0_06\lib\ext\QTJava.zip "tvdumpflags"=8 "RGSCLauncher"=d:\Programme\Rockstar Games\Rockstar Games Social Club "RGSC"=d:\Programme\Rockstar Games\Rockstar Games Social Club\1_0_0_0 -----------------EOF----------------- |
Kann zu RootRepeal nichts sagen! Stürzt immer beim suchlauf ab! |
GMER - Rootkit Detection
Versuche es mal hiermit. Was zeigt Windows an wenn RootRepeal abstürzt? Fehlermeldung? |
Zitat:
Ich probiers nochmal! |