Bekomme Warnung beim öffnen von Ordnern: "Attention, Microsoft!"

#1 Hi,

seit gestern bekomme ich beim öffnen meines Download Ordners immer wieder diese Meldung. Dann öffnet sich eine Internet Seite, egal ob ich auf ja oder nein klicke.


Ich habe mit Malwarebytes, Kaspersky und Spybot gescannt. Die haben allerdings nichts gefunden. Ich werde mal die Protecus Prozedur zum Log erstellen durchführen.


Vielleicht weiss ja aber jetzt schon jemand was das Problem ist.

Combofix läuft nicht auf Vista 64x, auch nicht catchme. Habe beide auch im safe mode versucht.
Catchme.LOG:catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

detected NTDLL code modification:
ZwEnumerateKey, ZwQueryKey, ZwOpenKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

Ich habe OTMoveIt3.exe runtergeladen das geht zumindest bis zum Start Screen
aber ab da bräuchte ich eine Anleitung, bitte.

EDIT: Habe Malwarybytes nochmal gestartet und der hat das gefunden und gelöscht:

Code

Malwarebytes' Anti-Malware 1.30
Datenbank Version: 1382
Windows 6.0.6001 Service Pack 1

11.11.2008 12:56:54
mbam-log-2008-11-11 (12-56-13).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 38859
Laufzeit: 2 minute(s), 7 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\azza (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\podddd.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0215dc7a-ef2f-451c-9392-b6481b2a4dab} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{156dd78a-cb74-4822-a17c-9cf02b43f72a} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{156dd78a-cb74-4822-a17c-9cf02b43f72a} (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\k.txt (Trojan.FakeAlert) -> No action taken.
C:\Users\gemma\Favorites\SMS TRAP.url (Rogue.Link) -> No action taken.

Hier ist mal der HJT Log

Code

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:00, on 11.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
C:\Windows\SysWOW64\conime.exe
D:\Downloads D\Downloads\Tools\PC Diagnostic+Help Tools\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Downloads/Zwischenablage/Gully_Backup/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8555 bytes

#2 >>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind)

Zitat

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)

und wähle fix checked.
Starte den Rechner neu.

>>
Windows Taste + R drücken
Kopiere rein:
sc stop Application Driver Auto Removal Service
Klicke OK

Windows Taste + R drücken
Kopiere rein:
sc delete Application Driver Auto Removal Service
Klicke OK

>>
http://www.virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

appdrvrem01

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

>>
wende bitte RSIT an + poste die zwei Logs
http://virus-protect.org/artikel/tools/random.html
(sollte unter 64 Vista funktionieren)

Gruss Swiss

#3

Zitat

http://www.virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

appdrvrem01

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

Bis dahin klappt es ja, aber ab regsearch geht nicht s mehr. Wenn ich in:
"Enter search Strings", dies eingebe/kopiere: appdrvrem01
friert das Programm ein. Manchmal sucht er auch ewig. Dier längste Zeit wo er gesucht hat waren 2,5 std., wenn es ein ähnliches Programm wie Combofix ist, dann ist das zu lange, oder? Ich kann das Programm auch nur über den Taskmanager stoppen, egal ob Regsearch nun einfriert oder endlos sucht.

Zitat

appdrvrem01

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

Vllt habe ich dich falsch verstanden. was meinst Du genau damit?

#4 Versuche es einmal hiermit:

http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip

eventuelle Meldung vom Virenscanner --- > warnmeldung: bösartiges skript entdeckt --> ignorieren

Doppelklick:regsrch.vbs
reinkopieren:

appdrvrem01

Press 'OK'
warten, bis die Suche beendet ist.

Gruss Swiss

#5 Danke, jetzt hat es geklappt. habe einen Log bekommen, zwar nur kurz aber ein LOG. Woran liegt es das die anderen Programme nicht gehen? An Vista? an Vista x64? oder an dem wahrscheinlichen Virus?

Ich habe OTMoveIt3.exe runtergeladen das geht zumindest bis zum Start Screen
aber ab da bräuchte ich eine Anleitung, bitte.


LOG

Code

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "appdrvrem01" 11.11.2008 19:27:30

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\appdrvrem01]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\appdrvrem01]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\appdrvrem01]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Eventlog\Application\appdrvrem01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\appdrvrem01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\appdrvrem01]

#6 Ich denke es liegt an der 64 Version

>>
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

drivers to unload:
appdrvrem01

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\appdrvrem01
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\appdrvrem01
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\appdrvrem01
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Eventlog\Application\appdrvrem01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\appdrvrem01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\appdrvrem01

Files to delete:
C:\Windows\System32\appdrvrem01.exe

- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
wende bitte RSIT an + poste die zwei Logs
http://virus-protect.org/artikel/tools/random.html
(sollte unter 64 Vista funktionieren)

Gruss Swiss

#7 Ich habe grade Avenger angewendet, aber ich glaube der hat kein Erfolg gehabt, wenn ich die letzte Zeile richtig deute.

Code

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Tue Nov 11 20:21:03 2008

20:20:58: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\appdrvrem01"  (Registry key deletion mode)  
20:21:03: Error: Execution aborted by user!


//////////////////////////////////////////

Rsit.exe Logs

Code

info.txt logfile of random's system information tool 1.04 2008-11-11 20:41:53

======Uninstall list======

"Faces of War" (Remove Only)-->"C:\Program Files (x86)\Ubisoft\Faces of War\unins000.exe" /SILENT
-->"C:\Program Files (x86)\InstallShield Installation Information\{A8200008-BE06-4C26-BB8D-717FE18F74B7}

\setup.exe" -runfromtemp -l0x0009 -removeonly
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{7AF9359B-EBB1-4CEB-830E-857F22B656FF}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x7  /remove
3DMark06-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" 

-l0x9  -removeonly
7-Zip 4.60 beta-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" 

 -uninstall
Acer DV Magician-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program 

Files (x86)\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\setup.exe"  -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe"  -uninstall
Acer Empowering Technology-->"C:\Program Files (x86)\InstallShield Installation Information\{8F1B6239-FEA0-450A

-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-

90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\setup.exe" 

 -uninstall
Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\setup.exe" 

 -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe"  -uninstall
Acer PlayMovie-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe"  -uninstall
Acer ScreenSaver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" 

-l0x9  -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program 

Files (x86)\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\setup.exe"  -uninstall
Acer VideoMagician-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program 

Files (x86)\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe"  -uninstall
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-

B120F86AF5D7}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -

arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Alone In The Dark-->"C:\Program Files (x86)\Atari\AITD\Uninstall\unins000.exe"
Armageddon-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}\Setup.exe" -l0x9 
Ashampoo Burning Studio 8.03-->"C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
Assassin's Creed-->C:\Program Files (x86)\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-

4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
AVS DVD Copy version 2.1-->"C:\Program Files (x86)\AVS4YOU\AVSDVDCopy\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Barbarian Invasion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}\setup.exe" 

-l0x9 
Battlestations: Midway - Iowa Mission Pack-->MsiExec.exe /I{0F0C322B-037C-4E21-B966-AD31119ABA0A}
Battlestations: Midway-->MsiExec.exe /I{FE1CD6B0-797D-4D46-A5FB-F93C1120600F}
BioShock-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\setup.exe" 

-l0x9  -removeonly
Boilosft AVI to VCD SVCD DVD Converter 3.81-->"C:\Program Files (x86)\Boilsoft AVI Converter\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation 

Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation 

Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation 

Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CDisplay 1.8-->"C:\Program Files (x86)\CDisplay\unins000.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ 3: Kanes Rache-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files (x86)\THQ\Company of Heroes\\Uninstall_English.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Creative ALchemy (SB MB Edition)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7AF9359B-EBB1-4CEB-830E-

857F22B656FF}\setup.exe" -l0x7  /remove
Creative Sound Blaster MB-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{143C7D3A-02DD-4163-9880-

11B202B7E3E6}\setup.exe" -l0x7  /remove
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Sweeper 1.5.5-->"C:\Program Files (x86)\Driver Sweeper\unins000.exe"
Empire Earth II: The Art of Supremacy-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F596C356-BF35-4ED7-981C-

CC791461A8F0}\setup.exe" -l0x9  -removeonly
Empire Earth II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" 

-l0x9  -removeonly
EVEREST Ultimate Edition v4.50-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fallout 3 v1.0-->"C:\Program Files (x86)\Bethesda Softworks\Fallout 3\unins000.exe"
ffdshow [rev 1324] [2007-07-01]-->"C:\Program Files (x86)\The FilmMachine\ffdshow\unins000.exe"
FileZilla Client 3.1.3.1-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
FlatOut Ultimate Carnage-->C:\Program Files (x86)\Empire Interactive\FlatOut Ultimate Carnage\Uninstall.exe
Freedom Force vs The 3rd Reich (remove only)-->"C:\Program Files (x86)\Irrational Games\Freedom Force vs The 3rd 

Reich\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~2\GAMESP~1\UNWISE.EXE C:\PROGRA~2\GAMESP~1\INSTALL.LOG
GetDataBack for NTFS-->"C:\Program Files (x86)\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program 

Files (x86)\Runtime Software\GetDataBack for NTFS\install.log" -u
GTA San Andreas-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\SETUP.EXE" 

-l0x9  -removeonly
GTR Evolution-->"C:\Program Files (x86)\SimBin\GTR Evolution Offline\Uninstall\unins000.exe"
Hearts of Iron 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program 

Files (x86)\InstallShield Installation Information\{98786147-80E3-41A5-A80C-1F3C028558CF}\Setup.exe" -l0x9 
Hearts of Iron-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files 

(x86)\InstallShield Installation Information\{0C7880D0-B759-43A2-BFA9-64E208B9535B}\Setup.exe" -l0x9 
Heroes of the Pacific-->C:\Program Files (x86)\Ubisoft\Heroes of the Pacific\uninst.exe
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
IL-2 Sturmovik 1946-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-

FECE2D68C605} /l1033 
ImgBurn (Remove Only)-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
JaBoG32_ATC-->"C:\Program Files (x86)\Ubisoft\Eagle Dynamics\Lock On\uninstall.exe"
Jane's Attack Squadron-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{EF57B24A-76A3-43CE-814F-DBB7A55548D9}\Setup.exe" 

-l0x9 
Jane's Combat Simulations WWII Fighters-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Jane's Combat 

Simulations\WWII Fighters\Uninst.isu"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-

A8667F5586EF}\setup.exe" -l0x7  -removeonly
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Security Suite CBE-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Lock On: Modern Air Combat-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E90DCEE9-DC27-401B-A7AC-

B0AFF5B34E4D}\setup.exe" -l0x7 
Logitech SetPoint-->C:\Program Files (x86)\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-

A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect.exe
Mercenaries 2: World in Flames(tm)-->MsiExec.exe /X{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.17)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need for Speed™ Carbon-->C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Need for Speed™ Most Wanted-->C:\Program Files (x86)\Electronic Arts\Need for Speed Most Wanted\EAUninstall.exe
Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
NeroVision Express 3-->C:\Windows\UNNeroVision.exe /UNINSTALL
NTI Backup Now 5-->C:\Program Files (x86)\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-

237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files (x86)\InstallShield Installation Information\{2413930C-8309-47A6-BC61-

5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-

B912163AB5EA}\setup.exe" -l0x9  -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-

998EBE5023D7}\setup.exe" -l0x9  -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-

6B3E8E214E89}\setup.exe" -l0x9  -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" 

-l0x9  -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-

4A85EF19DA57}\setup.exe" -l0x9  -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-

C48ABAD63828}\setup.exe" -l0x9  -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-

9FF1DC2D20FA}\setup.exe" -l0x9  -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-

451325E50948}\setup.exe" -l0x9  -removeonly
Oblivion-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" 

-l0x9  -removeonly
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Patrizier II Gold-->"C:\Program Files\PATRIZIER II Gold\unins000.exe"
Piraten-->"C:\Program Files\Piraten\unins000.exe"
Port Royale-->"C:\Program Files\Port Royale\unins000.exe"
Privateer-->"C:\Program Files\Games\Privateer\uninstall.exe"
Privoxy 3.0.6-->"C:\Program Files (x86)\Vidalia Bundle\Uninstall.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Pure-->C:\Program Files (x86)\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}

\setup.exe -runfromtemp -l0x0009 Pure -removeonly
Quake 4(TM)-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-

4D3EB68D9E20} /l1033 
QuickShot 1.52-->"C:\Program Files (x86)\ImageShack\QuickShot\unins000.exe"
QuickTime Alternative 2.7.0-->"C:\Program Files (x86)\QuickTime Alternative\unins000.exe"
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files (x86)\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" 

-l0x7  -removeonly
RivaTuner v2.11-->"C:\Program Files (x86)\RivaTuner v2.11\uninstall.exe"
RouterControl 1.91-->C:\Windows\RCoUn.EXE /UnInst:"C:\Windows\RouterControl_Uninstall.in"
Rush for Berlin GOLD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1A88EB98-8F41-4471-BC61-

E1DFFF854552}\setup.exe" -l0x9  -removeonly
S.T.A.L.K.E.R. - Clear Sky [v1.0007]-->"C:\Program Files (x86)\Deep Silver\S.T.A.L.K.E.R. - Clear 

Sky\unins000.exe"
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]-->"C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of 

Chernobyl\unins000.exe"
Signature Maker v1.0 (1.0.1.2)-->C:\Windows\unvise32.exe C:\Program Files (x86)\iDataExpress\Signature 

Maker\uninstal.log
Silent Hunter 4 Wolves of the Pacific-->C:\Program Files (x86)\InstallShield Installation Information\{0D005F09

-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly
Sins of a Solar Empire-->"C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE 

MODIFY=FALSE
Sins of a Solar Empire-->C:\ProgramData\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Star Wars Empire at War Forces of Corruption-->C:\Program Files (x86)\InstallShield Installation 

Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\setup.exe -runfromtemp -l0x0007 -removeonly
Star Wars Empire at War-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-

BAE5C633390D}\Setup.exe" -l0x7  -removeonly
SWAT 4-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}  

uninstall
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
THE SETTLERS - Rise of an Empire (All products)-->"C:\Program Files (x86)\InstallShield Installation 

Information\{A8200008-BE06-4C26-BB8D-717FE18F74B7}\setup.exe" -runfromtemp -l0x0009 -removeonly
TimeShift-->C:\Program Files (x86)\InstallShield Installation Information\{1367FA2F-2B3D-430F-872F-

588B93420BFC}\setup.exe -runfromtemp -l0x0009 -removeonly
Tor 0.2.0.31-->"C:\Program Files (x86)\Vidalia Bundle\Uninstall.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unlocker 1.8.7-->C:\Program Files (x86)\Unlocker\uninst.exe
Update 1.04.1 for "Faces of War"-->"C:\Program Files (x86)\Ubisoft\Faces of War\unins000.exe" /SILENT
Vidalia 0.1.9-->"C:\Program Files (x86)\Vidalia Bundle\Uninstall.exe"
VirtualCloneDrive-->"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program 

Files (x86)\Elaborate Bytes\VirtualCloneDrive"
VSO CopyToDVD 4-->"C:\Program Files (x86)\VSO\unins000.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
World in Conflict-->C:\Program Files (x86)\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-

3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
X - Beyond the Frontier-->C:\Windows\IsUn0407.exe -f"C:\Program Files (x86)\EGOSOFT\X - Beyond the 

Frontier\Uninst.isu"
X3 Bonuspaket 3.1.07-->"C:\Program Files (x86)\EGOSOFT\X3 Reunion\unins000.exe"
X3: Reunion v2.0.02-->"C:\Windows\unins000.exe"
Xilisoft DVD Creator-->C:\Program Files (x86)\Xilisoft\DVD Creator3\Uninstall.exe
X-TENSION-->C:\Windows\IsUn0407.exe -f"C:\Program Files (x86)\EGOSOFT\X-TENSION\Uninst.isu"
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\unyt.exe

======Security center information======

AV: Kaspersky Security Suite CBE
FW: Kaspersky Security Suite CBE
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: Kaspersky Security Suite CBE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\NewTech 

Infosystems\NTI Backup Now 5\;
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c

-----------------EOF-----------------

Rsit.exe 2.Log

Code

Logfile of random's system information tool 1.04 (written by random/random)
Run by gemma at 2008-11-11 20:41:25
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 49 GB (17%) free of 294 GB
Total RAM: 4094 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:49, on 11.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
C:\Users\gemma\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\gemma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Downloads/Zwischenablage/Gully_Backup/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8565 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-07 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"DAEMON Tools"=C:\Program Files (x86)\DAEMON Tools\daemon.exe [2007-08-22 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42369b75-a0d3-11db-842e-806e6f6e6963}]
shell\AutoRun\command - G:\0data\cbs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30b8a21-83e2-11dd-ae4d-0021851d1513}]
shell\AutoRun\command - O:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30b8a23-83e2-11dd-ae4d-0021851d1513}]
shell\AutoRun\command - P:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30b8a3b-83e2-11dd-ae4d-0021851d1513}]
shell\AutoRun\command - Q:\autoplay.exe


======List of files/folders created in the last 1 months======

2008-11-11 20:41:25 ----D---- C:\rsit
2008-11-11 20:41:25 ----D---- C:\Program Files (x86)\trend micro
2008-11-11 20:37:57 ----A---- C:\Windows\system32\bdau.txt
2008-11-11 20:28:41 ----A---- C:\Windows\system32\edodlsr.txt
2008-11-11 20:23:31 ----A---- C:\cteyue.txt
2008-11-11 20:21:03 ----A---- C:\avenger.txt
2008-11-11 13:29:22 ----D---- C:\ComboFix
2008-11-11 13:29:22 ----A---- C:\Windows\system32\CF22867.exe
2008-11-11 13:29:08 ----A---- C:\Windows\system32\CF22811.exe
2008-11-11 13:09:39 ----A---- C:\Windows\system32\CF18997.exe
2008-11-11 13:09:38 ----A---- C:\Windows\system32\swsc.exe
2008-11-11 13:09:37 ----A---- C:\Bug.txt
2008-11-11 13:09:35 ----A---- C:\Windows\system32\cmd.execf
2008-11-09 03:39:18 ----D---- C:\Program Files (x86)\Paradox Interactive
2008-11-09 01:46:09 ----D---- C:\Program Files (x86)\Paradox Entertainment
2008-11-09 00:19:39 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2008-11-08 19:35:14 ----A---- C:\Windows\system32\OpenAL32.dll
2008-11-08 19:26:52 ----D---- C:\Program Files (x86)\Futuremark
2008-11-08 18:41:46 ----D---- C:\Windows\system32\Futuremark
2008-11-07 18:51:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-07 18:51:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-07 18:51:51 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-07 18:51:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-07 18:51:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-07 18:51:49 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-07 18:51:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-07 18:51:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-07 18:51:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-07 18:51:47 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-07 18:51:46 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-07 18:51:45 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-07 18:51:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-07 18:51:44 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-07 18:51:43 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-07 18:51:41 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-07 18:51:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-07 18:51:41 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-07 18:51:41 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-07 18:51:39 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-07 18:51:39 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-07 18:51:38 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-07 18:51:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-07 18:51:37 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-07 18:51:36 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-07 18:51:35 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-07 18:51:35 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-07 18:51:34 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-07 18:51:33 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-07 18:51:33 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-07 18:51:32 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-07 18:51:32 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-07 18:51:31 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-07 18:51:31 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-07 18:51:30 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-07 18:51:25 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-07 18:51:24 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-07 18:51:24 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-07 18:51:22 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-07 18:51:21 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-07 18:51:20 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-07 18:51:19 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-07 18:51:17 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-07 18:51:15 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-07 15:25:00 ----D---- C:\Users\gemma\AppData\Roaming\Red Alert 3
2008-11-07 10:23:24 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-07 10:23:24 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-07 10:23:22 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-07 10:23:20 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-07 10:23:20 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-07 10:23:16 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-07 06:19:43 ----D---- C:\Program Files (x86)\WinZip
2008-11-07 05:22:57 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2008-11-07 04:31:23 ----D---- C:\Program Files (x86)\Buka
2008-11-03 20:20:13 ----D---- C:\Program Files (x86)\CENEGA
2008-11-03 19:15:15 ----A---- C:\Windows\unins000.exe
2008-11-03 16:11:05 ----D---- C:\Users\gemma\AppData\Roaming\Template
2008-11-03 16:09:05 ----D---- C:\Program Files (x86)\Microsoft Office
2008-11-03 16:06:57 ----D---- C:\Program Files (x86)\Microsoft Works
2008-11-03 12:54:30 ----A---- C:\Windows\system32\acedrvlg.dll
2008-11-03 12:54:30 ----A---- C:\Windows\system32\acedrv07.dll
2008-11-03 12:54:30 ----A---- C:\Windows\system32\acedrv06.dll
2008-11-03 10:40:27 ----A---- C:\Windows\IsUn0407.exe
2008-11-02 16:47:41 ----D---- C:\Program Files (x86)\EGOSOFT
2008-11-02 03:38:35 ----D---- C:\Program Files (x86)\VSO
2008-11-02 01:52:41 ----A---- C:\Windows\DVDShrink.txt
2008-11-02 01:52:15 ----D---- C:\Users\gemma\AppData\Roaming\AVS4YOU
2008-11-02 01:52:15 ----D---- C:\ProgramData\AVS4YOU
2008-11-02 01:50:12 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2008-11-02 01:50:12 ----D---- C:\Program Files (x86)\AVS4YOU
2008-11-02 01:50:12 ----A---- C:\Windows\system32\msvcp70.dll
2008-11-02 01:50:12 ----A---- C:\Windows\system32\mfc70.dll
2008-11-02 01:44:59 ----D---- C:\Users\gemma\AppData\Roaming\Ashampoo
2008-11-02 01:36:49 ----D---- C:\ProgramData\ashampoo
2008-11-02 01:36:36 ----D---- C:\Program Files (x86)\Ashampoo
2008-10-31 12:38:04 ----A---- C:\Windows\system32\uxtuneup.dll
2008-10-31 12:38:03 ----A---- C:\Windows\system32\authuitu.dll
2008-10-31 01:33:58 ----D---- C:\Program Files (x86)\Adobe Media Player
2008-10-31 01:33:56 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2008-10-30 12:10:15 ----A---- C:\Windows\AviSplitter.INI
2008-10-30 03:50:53 ----D---- C:\Users\gemma\AppData\Roaming\Malwarebytes
2008-10-30 03:50:44 ----D---- C:\ProgramData\Malwarebytes
2008-10-30 03:50:44 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-10-30 02:28:34 ----N---- C:\Windows\system32\ealtest.exe
2008-10-30 02:28:34 ----N---- C:\Windows\system32\Eaexec.exe
2008-10-30 02:28:18 ----D---- C:\Program Files (x86)\Jane's Combat Simulations
2008-10-30 02:27:55 ----A---- C:\Windows\IsUninst.exe
2008-10-30 02:14:25 ----D---- C:\Users\gemma\AppData\Roaming\GHISLER
2008-10-29 02:32:46 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-29 02:28:50 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 23:36:00 ----A---- C:\Windows\system32\divx_xx0c.dll
2008-10-28 23:36:00 ----A---- C:\Windows\system32\divx_xx07.dll
2008-10-28 23:35:58 ----A---- C:\Windows\system32\divx_xx11.dll
2008-10-28 23:35:58 ----A---- C:\Windows\system32\divx_xx0a.dll
2008-10-28 23:35:56 ----A---- C:\Windows\system32\DivX.dll
2008-10-28 21:16:22 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-10-28 21:16:21 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-10-28 20:58:40 ----D---- C:\Program Files (x86)\Irrational Games
2008-10-28 15:32:18 ----D---- C:\Program Files (x86)\Xicat
2008-10-28 13:51:25 ----D---- C:\Users\gemma\AppData\Roaming\Bioshock
2008-10-28 07:01:56 ----D---- C:\Program Files (x86)\2K Games
2008-10-26 14:16:48 ----A---- C:\Windows\unvise32.exe
2008-10-26 14:16:44 ----D---- C:\Program Files (x86)\iDataExpress
2008-10-26 13:14:47 ----A---- C:\Windows\PhotoSnapViewer.INI
2008-10-26 10:58:16 ----D---- C:\Program Files (x86)\CDisplay
2008-10-25 18:08:56 ----D---- C:\Program Files (x86)\Runtime Software
2008-10-25 08:07:41 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2008-10-25 07:30:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-10-24 16:49:26 ----D---- C:\Users\gemma\AppData\Roaming\FileZilla
2008-10-24 15:19:30 ----D---- C:\Program Files (x86)\Tracker Checker 2
2008-10-23 21:10:01 ----A---- C:\Windows\system32\netapi32.dll
2008-10-23 17:08:16 ----D---- C:\Windows\system32\xlive
2008-10-23 17:03:51 ----D---- C:\Program Files (x86)\Empire Interactive
2008-10-23 14:12:01 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-10-23 14:12:00 ----D---- C:\Program Files (x86)\Adobe
2008-10-22 16:33:45 ----D---- C:\Users\gemma\AppData\Roaming\tor
2008-10-22 16:31:53 ----D---- C:\Users\gemma\AppData\Roaming\Vidalia
2008-10-22 16:31:52 ----D---- C:\Program Files (x86)\Vidalia Bundle
2008-10-22 02:04:32 ----D---- C:\Program Files (x86)\Codemasters
2008-10-22 00:41:33 ----D---- C:\Program Files (x86)\GameSpy Arcade
2008-10-20 14:02:29 ----A---- C:\Windows\NeroDigital.ini
2008-10-20 13:58:44 ----D---- C:\Users\gemma\AppData\Roaming\Ahead
2008-10-20 13:51:11 ----N---- C:\Windows\UNNeroVision.exe
2008-10-20 13:51:11 ----A---- C:\Windows\system32\msxml3a.dll
2008-10-20 13:50:59 ----N---- C:\Windows\system32\TwnLib4.dll
2008-10-20 13:50:59 ----N---- C:\Windows\system32\TwnLib20.dll
2008-10-20 13:50:59 ----N---- C:\Windows\system32\picn20.dll
2008-10-20 13:50:59 ----N---- C:\Windows\system32\ImagXRA7.dll
2008-10-20 13:50:59 ----N---- C:\Windows\system32\ImagXR7.dll
2008-10-20 13:50:59 ----N---- C:\Windows\system32\ImagXpr7.dll
2008-10-20 13:50:59 ----N---- C:\Windows\system32\ImagX7.dll
2008-10-20 13:50:59 ----D---- C:\ProgramData\Ahead
2008-10-20 13:50:58 ----D---- C:\Program Files (x86)\Common Files\Ahead
2008-10-20 13:50:54 ----D---- C:\Program Files (x86)\Ahead
2008-10-20 12:29:17 ----D---- C:\Program Files (x86)\Battlestations Midway
2008-10-20 11:28:18 ----D---- C:\ProgramData\vsosdk
2008-10-20 11:23:22 ----D---- C:\Program Files (x86)\AVI Info
2008-10-20 11:22:46 ----N---- C:\Windows\Setup1.exe
2008-10-20 11:22:45 ----A---- C:\Windows\ST6UNST.EXE
2008-10-20 10:50:20 ----A---- C:\Windows\system32\wvc1dmod.dll
2008-10-20 10:50:20 ----A---- C:\Windows\system32\vp7vfw.dll
2008-10-20 10:50:20 ----A---- C:\Windows\system32\drv43260.dll
2008-10-20 10:50:20 ----A---- C:\Windows\system32\drv33260.dll
2008-10-20 10:50:20 ----A---- C:\Windows\system32\drv23260.dll
2008-10-20 10:50:20 ----A---- C:\Windows\system32\cook3260.dll
2008-10-20 10:50:20 ----A---- C:\Windows\gdiplus.dll
2008-10-19 20:54:18 ----D---- C:\Windows\Downloaded Installations
2008-10-19 20:54:10 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-10-19 14:57:45 ----D---- C:\Program Files (x86)\Secret Weapons Over Normandy
2008-10-19 13:05:58 ----D---- C:\Program Files (x86)\Xilisoft
2008-10-18 20:06:31 ----D---- C:\Users\gemma\AppData\Roaming\Disney Interactive Studios
2008-10-18 16:43:49 ----A---- C:\Windows\nfsc_patch.ini
2008-10-18 15:28:36 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-10-18 15:28:36 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-10-18 15:28:35 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-10-18 15:28:35 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-10-18 15:28:35 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-10-18 15:28:35 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-10-18 15:27:27 ----D---- C:\Program Files (x86)\Disney Interactive Studios
2008-10-17 15:59:21 ----A---- C:\Windows\disney.ini
2008-10-16 22:11:53 ----A---- C:\Windows\system32\LMRTREND.dll
2008-10-16 22:11:53 ----A---- C:\Windows\system32\LMRT.dll
2008-10-16 22:11:53 ----A---- C:\Windows\system32\dxtmsft3.dll
2008-10-16 22:10:39 ----A---- C:\Windows\system32\strmdll.dll
2008-10-16 22:10:38 ----A---- C:\Windows\system32\unam4ie.exe
2008-10-16 22:10:35 ----A---- C:\Windows\system32\vidx16.dll
2008-10-16 22:10:35 ----A---- C:\Windows\system32\qcut.dll
2008-10-16 22:10:35 ----A---- C:\Windows\system32\danim.dll
2008-10-16 22:10:22 ----A---- C:\Windows\system32\w95inf32.dll
2008-10-16 22:10:22 ----A---- C:\Windows\system32\w95inf16.dll
2008-10-16 22:09:10 ----D---- C:\Program Files (x86)\Rowan Software
2008-10-16 22:04:39 ----A---- C:\Windows\BlendSettings.ini
2008-10-16 21:44:20 ----D---- C:\Users\gemma\AppData\Roaming\OpenOffice.org
2008-10-16 21:41:25 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2008-10-16 21:40:02 ----D---- C:\Program Files (x86)\OpenOffice.org 3.0 (en-US) Installation Files
2008-10-16 09:29:09 ----A---- C:\Windows\system32\EncDec.dll
2008-10-16 09:29:08 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-16 01:54:52 ----A---- C:\Windows\system32\mshtml.dll
2008-10-16 01:54:51 ----A---- C:\Windows\system32\ieframe.dll
2008-10-16 01:54:50 ----A---- C:\Windows\system32\wininet.dll
2008-10-16 01:54:50 ----A---- C:\Windows\system32\urlmon.dll
2008-10-16 01:54:50 ----A---- C:\Windows\system32\mstime.dll
2008-10-16 01:54:50 ----A---- C:\Windows\system32\iertutil.dll
2008-10-16 01:54:49 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-12 10:12:47 ----D---- C:\log
2008-10-12 01:24:40 ----D---- C:\ProgramData\Apple Computer
2008-10-12 01:24:36 ----D---- C:\Program Files (x86)\QuickTime Alternative

======List of files/folders modified in the last 1 months======

2008-11-11 20:41:33 ----D---- C:\Windows\Temp
2008-11-11 20:41:25 ----RD---- C:\Program Files (x86)
2008-11-11 20:40:05 ----D---- C:\ProgramData\Kaspersky Lab
2008-11-11 20:38:03 ----D---- C:\Windows\system32\drivers
2008-11-11 20:37:57 ----D---- C:\Windows\SysWOW64
2008-11-11 20:36:04 ----D---- C:\Windows
2008-11-11 20:35:32 ----D---- C:\Windows\System32
2008-11-11 20:35:32 ----D---- C:\Windows\inf
2008-11-11 20:23:12 ----D---- C:\Windows\tracing
2008-11-11 20:23:07 ----SHD---- C:\System Volume Information
2008-11-11 20:18:13 ----D---- C:\Windows\Prefetch
2008-11-11 20:17:21 ----D---- C:\Users\gemma\AppData\Roaming\uTorrent
2008-11-11 13:29:22 ----D---- C:\Windows\system32\en-US
2008-11-11 11:53:38 ----D---- C:\Windows\Minidump
2008-11-10 12:57:41 ----SHD---- C:\Windows\Installer
2008-11-10 12:57:21 ----D---- C:\ProgramData\Media Center Programs
2008-11-10 12:53:00 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-11-10 12:52:55 ----RSD---- C:\Windows\Fonts
2008-11-10 11:00:53 ----D---- C:\Program Files (x86)\DivX
2008-11-08 20:56:43 ----SD---- C:\Users\gemma\AppData\Roaming\Microsoft
2008-11-08 20:42:31 ----SD---- C:\ProgramData\Microsoft
2008-11-08 18:42:53 ----D---- C:\Windows\winsxs
2008-11-08 17:36:40 ----HD---- C:\ProgramData
2008-11-08 00:06:20 ----D---- C:\ProgramData\Vso
2008-11-07 22:01:37 ----D---- C:\Users\gemma\AppData\Roaming\ImgBurn
2008-11-07 22:01:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-11-07 19:19:19 ----D---- C:\Program Files (x86)\Electronic Arts
2008-11-07 18:51:30 ----RSD---- C:\Windows\assembly
2008-11-07 18:40:15 ----D---- C:\Program Files (x86)\Bethesda Softworks
2008-11-07 06:23:55 ----D---- C:\ProgramData\WinZip
2008-11-06 14:45:36 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2008-11-04 14:26:54 ----A---- C:\ProgramData\xmlA018.tmp
2008-11-04 14:26:54 ----A---- C:\ProgramData\xml9F5B.tmp
2008-11-04 14:26:54 ----A---- C:\ProgramData\xml9AE7.tmp
2008-11-04 02:18:58 ----D---- C:\Windows\Tasks
2008-11-04 02:18:57 ----D---- C:\ACER
2008-11-04 02:18:56 ----D---- C:\Windows\registration
2008-11-04 01:36:55 ----D---- C:\Program Files (x86)\OpenAL
2008-11-03 20:06:54 ----D---- C:\Program Files (x86)\WinAVIVideoConverter
2008-11-03 20:00:52 ----D---- C:\Program Files (x86)\mIRC
2008-11-03 20:00:25 ----D---- C:\Program Files (x86)\eSobi
2008-11-03 19:59:04 ----D---- C:\Program Files (x86)\DaViDeo 4
2008-11-03 11:30:51 ----RD---- C:\Program Files
2008-11-02 03:38:49 ----D---- C:\Users\gemma\AppData\Roaming\Vso
2008-11-02 03:38:47 ----A---- C:\Users\gemma\AppData\Roaming\inst.exe
2008-11-02 01:50:12 ----D---- C:\Program Files (x86)\Common Files
2008-10-31 12:41:07 ----D---- C:\Program Files (x86)\TuneUp Utilities 2008
2008-10-31 02:24:57 ----D---- C:\Windows\pss
2008-10-31 01:34:02 ----D---- C:\ProgramData\Adobe
2008-10-31 01:31:23 ----D---- C:\Users\gemma\AppData\Roaming\Adobe
2008-10-30 09:16:02 ----D---- C:\Program Files (x86)\Deep Silver
2008-10-30 03:31:34 ----ASH---- C:\Program Files (x86)\desktop.ini
2008-10-28 21:14:15 ----D---- C:\Program Files (x86)\Ubisoft
2008-10-26 15:39:46 ----D---- C:\Windows\Microsoft.NET
2008-10-26 06:51:44 ----D---- C:\Program Files (x86)\RouterControl
2008-10-25 15:33:07 ----D---- C:\Program Files (x86)\Windows Media Player
2008-10-25 15:33:02 ----D---- C:\Windows\Help
2008-10-19 21:50:51 ----A---- C:\Windows\AVIConverter.INI
2008-10-17 20:01:53 ----D---- C:\Program Files (x86)\CyberLink
2008-10-17 18:39:35 ----D---- C:\ProgramData\Codemasters
2008-10-16 09:30:40 ----D---- C:\Program Files (x86)\Windows Mail
2008-10-16 09:30:06 ----D---- C:\Windows\ehome
2008-10-16 02:42:05 ----D---- C:\Windows\Debug
2008-10-16 02:38:40 ----D---- C:\Windows\system32\migration
2008-10-14 15:08:07 ----SHD---- C:\Boot
2008-10-14 14:58:44 ----D---- C:\Windows\system32\config
2008-10-12 01:46:42 ----D---- C:\Program Files (x86)\Sierra Entertainment

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys []
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files (x86)\Acer Arcade Live\Acer PlayMovie\000.fcl [2008-06-18 32240]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 int15;int15; \??\C:\Windows\SysWOW64\drivers\int15_64.sys [2008-04-25 17952]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S2 acedrvlg;acedrvlg; \??\C:\Windows\system32\drivers\acedrvlg.sys []
S3 a0pp7b3h;a0pp7b3h; C:\Windows\system32\drivers\a0pp7b3h.sys []
S3 acedrv01;acedrv01; C:\Windows\SYSTEM32\DRIVERS\acedrv01.sys []
S3 acedrv02;acedrv02; C:\Windows\SYSTEM32\DRIVERS\acedrv02.sys []
S3 acedrv03;acedrv03; C:\Windows\SYSTEM32\DRIVERS\acedrv03.sys []
S3 acedrv04;acedrv04; C:\Windows\SYSTEM32\DRIVERS\acedrv04.sys []
S3 acedrv05;acedrv05; C:\Windows\SYSTEM32\DRIVERS\acedrv05.sys []
S3 acedrv06;acedrv06; C:\Windows\SYSTEM32\DRIVERS\acedrv06.sys []
S3 acedrv07;acedrv07; C:\Windows\SYSTEM32\DRIVERS\acedrv07.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.11\RivaTuner64.sys [2008-09-27 19952]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x64\Sandra.sys [2008-03-10 21920]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]
R2 AVP;Kaspersky Security Suite CBE; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe [2008-05-01 221184]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-02-25 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-02-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-09 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe svc []
S2 MySql;MySql; C:/Downloads/Zwischenablage/Gully_Backup/mysql/bin/mysqld-nt.exe []
S2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 160272]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Sound Blaster MB Licensing Service;Sound Blaster MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe [2007-01-10 79360]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S4 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-02-25 21752]

-----------------EOF-----------------

#8 Hat das funktioniert:
>>
Windows Taste + R drücken
Kopiere rein:
sc stop "Application Driver Auto Removal Service"
Klicke OK

Windows Taste + R drücken
Kopiere rein:
sc delete "Application Driver Auto Removal Service"
Klicke OK

>>
Schau unter den Dienste ob du diesen findest:
Application Driver Auto Removal Service

Deaktivier ihn

>>
Wende das Avenger Script erneut an

Gruss Swiss

#9 Also unter Dienste ist es nachdem ich das gemacht habe deaktiviert

Windows Taste + R drücken
Kopiere rein:
sc stop "Application Driver Auto Removal Service"
Klicke OK

Windows Taste + R drücken
Kopiere rein:
sc delete "Application Driver Auto Removal Service"
Klicke OK

Der Avenger Log zeigt aber mmer noch folgendes:


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Tue Nov 11 20:21:03 2008

20:20:58: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\appdrvrem01" (Registry key deletion mode)
20:21:03: Error: Execution aborted by user!


//////////////////////////////////////////

#10 Kannst du es unter den Diensten löschen? Kenne mich mit Vista nicht aus

Bricht Avenger selbständig ab?
Oder hast du nicht das ganze Log gepostet?

So sollte es aussehen:

Zitat

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 1)
Thu Mar 06 12:15:38 2008

12:15:32: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yustfluh" (Registry key deletion mode)
12:15:38: Error: Execution aborted by user!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger
......

Poste ein neues HJT Log.

Gruss Swiss

#11 Nee, das ist der gesamte Avenger Log. Es erscheint ja gleich nach dem Reboot. Habs abkopiert und gepostet.

Bei Vista unter Start>>msconfig>>Dienste>>Kann man nur de-/aktivieren. Nichts löschen.


HJT LOG folgt:

Code

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:20, on 12.11.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
C:\Program Files (x86)\ImageShack\QuickShot\QuickShot.exe
D:\Downloads D\Downloads\Tools\PC Diagnostic+Help Tools\Removal Tools\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\r3hook.dll,C:\PROGRA~2\KASPER~1\KASPER~1\adialhk.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Security Suite CBE (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/Downloads/Zwischenablage/Gully_Backup/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\SBMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8570 bytes

Was ich noch sagen wollte ist, das seit gestern Abend keine einzige Virenmeldung beim öffnen eines Ordners mehr auftrat.

#12 Du solltest eigentlich den Dienst so löschen können:

Windows Taste + R drücken
Kopiere rein:
sc delete "Application Driver Auto Removal Service"
Klicke OK

Ok mal schauen was HJT sagt.

Gruss Swiss

#13 >>
Combofix entfernen:
Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK"
(oder, wenn es nicht funktioniert: C:\QooBox löschen)

>>
OTMoveIt2.exe
http://oldtimer.geekstogo.com/OTMoveIt3.exe

->OTMoveIt2.exe auf dem Desktop speichern
OTMoveIt.exe klicken

1. klicken: CleanUp! button
2. cleanup.txt wird vom Internet geladen (von Firewall zulassen!)
3. Begin cleanup process? klicke: Yes. - "Do you want to reboot?" klicke Yes

so wird von OTMoveIt2 automatisch alles an Tools entfernt, die zur Virenreinigung geladen wurden.


Also im HJT Log ist auch nichts mehr zu erkennen.

Belassen wir es so.
Falls du noch Probleme hast, melde Dich.

Gruss Swiss

#14 Also, vielen Dank für die Mühe und das Du dir die Zeit genommen hast mir zu helfen. Sieht so aus als ob das problem nicht mehr da ist. Danke.

Edit: Was genau war das denn? Virus, Trojaner, Spyware?

#15 Es dürfte ein Backdoor gewesen sein, aber genau kann ich Dir das nicht sagen. Auch im Google gehen die Meinungen bezgl appdrvrem01 auseinander.

Gruss Swiss