Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 07.09.2010, 15:26   #1
nero08
 
Antimalware Doctor - Standard

Antimalware Doctor



Hi @all!!!

hab mir leider was eingefangen bzw. mein PC. Bin laut anleitung vorgegangen.

1.) Iexplore:

Code:
ATTFilter
This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 
Ran as *** on 07.09.2010 at 16:11:33. 


Services Stopped:


Processes terminated by Rkill or while it was running: 




Rkill completed on 07.09.2010  at 16:11:36.
         
2.) Anti- Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4561

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

07.09.2010 15:39:28
mbam-log-2010-09-07 (15-39-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|)
Durchsuchte Objekte: 776263
Laufzeit: 1 Stunde(n), 58 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 27

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lt4tmf (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\***\AppData\Local\Temp\doa546.exe (Backdoor.Bot) -> No action taken.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
C:\Users\***\AppData\Local\Temp\7619,062.exe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Local\Temp\awttsvlg.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\jytr.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Local\Temp\lnudls.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\nwmxaecrso.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\***\AppData\Local\Temp\remacsnowx.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\sxcfgslr.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\thuurs.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\***\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> No action taken.
I:\fun.xls.exe (Worm.AutoRun) -> No action taken.
I:\Software - CD\Freeripmp3\freeripmp3.exe (Adware.MyWay) -> No action taken.
I:\System Volume Information\_restore{8A678CD9-BC47-45B9-B58C-B964E2B82263}\RP200\A0058960.exe (Worm.AutoRun) -> No action taken.
I:\System Volume Information\_restore{CFB6E64A-5D4B-4564-98E3-77EC49187E45}\RP12\A0004309.exe (Worm.AutoRun) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.
         
3.)CCleaner

hab ich durchgeführt bis keine Fehler mehr in Regestry

4.) RSIT

Code:
ATTFilter
info.txt logfile of random's system information tool 1.08 2010-09-07 16:07:18

======Uninstall list======

-->MsiExec /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2}
3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x7 
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files (x86)\AskBarDis\unins000.exe"
Aspell 0.6 Dictionary (Language: de)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-de.exe"
Aspell Data-->"C:\ProgramData\Aspell\Uninstall-AspellData.exe"
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x7 
BitTorrent-->D:\Program Files (x86)\BitTorrent\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner-->"D:\Program Files (x86)\CCleaner\uninst.exe"
Command & Conquer(TM) Generäle-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"E:\Games\Company of Heroes\Uninstall_German.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
Dev-C++ 5 beta 9 release (4.9.9.2)-->"E:\Dev-Cpp\uninstall.exe"
Die Gilde - Gaukler, Gruften und Geschütze-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Gilde 2 - Die Seeräuber der Hanse-->E:\Program Files (x86)\Die Gilde 2 - Die Seeräuber der Hanse\uninstall.exe
Die Gilde 2-->C:\Windows\unvise32.exe E:\Programme\Die Gilde 2\uninstal.log
Die Gilde Addon Update v. 2.06 -->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Gilde Update v1.04a-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Schlacht um Mittelerde™ II-->E:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EA Download Manager-->E:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe
EVEREST Ultimate Edition v5.30-->"D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
FileZilla Client 3.2.7.1-->D:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Freelancer-->"E:\Program Files (x86)\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
FUSSBALL MANAGER 10-->E:\Program Files (x86)\EA SPORTS\FUSSBALL MANAGER 10\eauninstall.exe
GameCenter 1.3.0.5-->"C:\Program Files (x86)\Cyanide\GameCenter\unins000.exe"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {06694B0F-B778-4E13-B841-4FF9CC81D0C5} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {E1404B9C-5F36-406A-B720-70FA3F242B7B} /qb+ REBOOTPROMPT=""
Java Media Framework 2.1.1a-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\JMF2.1.1\Uninst.isu"
Java MP3 PlugIn-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\Java\jre6\Uninst.isu"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LyX 1.6.4-1-->"E:\Lyx\Uninstall-LyX.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files (x86)\Design Science\MathPlayer\Setup.exe -u
Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Flight Simulator X Service Pack 1-->C:\Windows\SysWOW64\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {7FB5887E-FA27-4CDC-BBA4-146487E789FA} /package {F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}
Microsoft Flight Simulator X-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} 
Microsoft Flight Simulator X-->MsiExec.exe /X{F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {519D9F45-CBF4-4E57-B419-11F196CCA8AE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU-->E:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MiKTeX 2.7-->"E:\Program Files (x86)\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "E:\Program Files (x86)\MiKTeX 2.7\miktex\config\uninstall.dat"
Mozilla Firefox (3.5.6)-->D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly
NHL™ 09-->MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94}
Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
NVIDIA PhysX v8.05.26-->MsiExec.exe /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2}
Packet Tracer 5.1-->"D:\Program Files (x86)\Packet Tracer 5.1\unins000.exe"
Patch v4.1-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins001.exe"
ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio 2007 (KB982127)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA3200A8-BD90-4763-B7D0-27DFBFB8DD71}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Star Wars Empire at War-->C:\Program Files (x86)\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\setup.exe -runfromtemp -l0x0007 -removeonly
Star Wars: The Force Unleashed-->"E:\Program Files (x86)\Activision\Star Wars The Force Unleashed\unins000.exe"
Steamless Left4Dead2 Pack-->E:\Program Files (x86)\Steamless Left4Dead2 Pack\uninstall.exe
TeleTeachingTool-->"D:\Program Files (x86)\TeleTeachingTool\Uninstall.exe" "D:\Program Files (x86)\TeleTeachingTool\install.log"
The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins000.exe"
The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins002.exe"
TmNationsForever Update 2010-03-15-->"E:\Program Files (x86)\TmNationsForever\unins000.exe"
Tour de France 2010 - Der offizielle Radsport-Manager Version 1-->"E:\Program Files (x86)\Cyanide\Pro Cycling Manager - Season 2010\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Visio 2007 Help (KB963666)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VLC media player 1.0.1-->D:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinRAR-->D:\Program Files (x86)\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-18_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100451
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-16_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100450
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4373
Message: Windows-Wartung hat das Paket KB977816(Security Update) erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 100449
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-22_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100448
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-21_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100447
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: Athlon-7850
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0

Record Number: 35501
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User: 

Computer Name: Athlon-7850
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[11db994f-af86-4eb9-af35-fb4e3b0256f5, 8, 0xC004F014,0x0]}

{1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]}

{1,[6b16d38b-7dac-4614-9948-b4a92ddba889, 8, 0xC004F014,0x0]}

{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}

{1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]}

{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}

{1,[a7a4a974-ad47-420e-8e1a-83d28572058a, 8, 0xC004F014,0x0]}

{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}

{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 8, 0xC004F014,0x0]}

{1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]}

{1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]}

{1,[cdb090c3-053c-4cd1-9cb2-e35b1738747a, 8, 0xC004F014,0x0]}

{1,[da0483a8-c443-45fd-9b52-2bba9b2ee8ab, 8, 0xC004F014,0x0]}

{1,[e05164a4-fb9a-471f-8c3a-6959b4cf1b72, 8, 0xC004F014,0x0]}

{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}

Record Number: 35500
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User: 

Computer Name: Athlon-7850
Event Code: 1033
Message: Die Richtlinien werden ausgeschlossen, da sie nur mit dem override-only-Attribut definiert wurden.
Richtliniennamen=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w) 
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
SKU-ID=f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Record Number: 35499
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User: 

Computer Name: Athlon-7850
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 35498
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100303214718.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Athlon-7850
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 35497
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100303214718.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: Athlon-7850
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		ATHLON-7850$
	Kontodomäne:		NETZWERK
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-20
	Kontoname:		NETZWERKDIENST
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e4
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2b8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 17622
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.964144-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 17621
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		ATHLON-7850$
	Kontodomäne:		NETZWERK
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2b8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 17620
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		ATHLON-7850$
	Kontodomäne:		NETZWERK
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2b8
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 17619
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Athlon-7850
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

	Anzahl von Elementen:	0
	Richtlinienkennung:	0x146dc
Record Number: 17618
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.667742-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=E:\Program Files (x86)\MiKTeX 2.7\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"VS90COMNTOOLS"=e:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\Tools\
"RGSCLauncher"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club
"RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
         

Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-09-07 16:07:13
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 9 GB (17%) free of 52 GB
Total RAM: 8190 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:07:17, on 07.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\rundll32.exe
D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe
D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
D:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
E:\Eigene Dateien\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe"
O4 - HKLM\..\Run: [QFan Help] "D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [nxasocewrm.exe] "C:\Users\***\AppData\Local\Temp\nxasocewrm.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [byivqr] RUNDLL32.EXE C:\Users\***\AppData\Local\Temp\msllhsjn.dll,w
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9BC827-1B38-4705-9949-BBEAE13D0DB2}: NameServer = 195.3.96.67 213.33.98.136
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10384 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for ***.job
C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]
"Ai Nap"=D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe [2008-12-22 1953280]
"QFan Help"=D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"Cpu Level Up help"=D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"Adobe Reader Speed Launcher"=D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-09-01 421160]
"SunJavaUpdateSched"=D:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"nxasocewrm.exe"=C:\Users\***\AppData\Local\Temp\nxasocewrm.exe [2010-09-07 48128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"AlcoholAutomount"=D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-24 203416]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-03-14 306088]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168]
"DAEMON Tools Pro Agent"=E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2010-04-15 427328]
"byivqr"=C:\Users\***\AppData\Local\Temp\msllhsjn.dll [2010-09-07 36865]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WG111T Smart Wizard.lnk - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files (x86)\BitTorrent\bittorrent.exe"="D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-07 16:07:13 ----D---- C:\rsit
2010-09-07 16:07:13 ----D---- C:\Program Files (x86)\trend micro
2010-09-07 13:38:10 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-09-07 13:38:03 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-09-07 13:38:02 ----D---- C:\ProgramData\Malwarebytes
2010-09-07 13:02:01 ----A---- C:\Windows\SysWOW64\3356018.BAT
2010-09-07 13:01:39 ----D---- C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721
2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\java.exe
2010-09-03 23:40:25 ----D---- C:\Program Files (x86)\Java
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jsound.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvh263.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvfw.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvcm.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmutil.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpegv.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpa.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmci.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmjpeg.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh263enc.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh261.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgsm.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgdi.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmg723.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmfjawt.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmddraw.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaudc.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaud.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmcvid.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmam.dll
2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmacm.dll
2010-09-03 20:31:13 ----A---- C:\Windows\IsUninst.exe
2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\iTunes
2010-09-02 12:53:34 ----D---- C:\Program Files (x86)\QuickTime
2010-09-02 12:51:02 ----D---- C:\Program Files (x86)\Bonjour
2010-08-30 21:47:13 ----D---- C:\ProgramData\Symantec
2010-08-30 21:47:13 ----D---- C:\ProgramData\Norton
2010-08-30 21:47:13 ----D---- C:\Program Files (x86)\Norton Security Scan
2010-08-30 21:47:12 ----D---- C:\ProgramData\NortonInstaller
2010-08-30 21:47:12 ----D---- C:\Program Files (x86)\NortonInstaller
2010-08-30 19:28:56 ----D---- C:\ProgramData\EA Logs
2010-08-25 21:27:01 ----D---- C:\Users\***\AppData\Roaming\The Creative Assembly
2010-08-25 17:42:16 ----D---- C:\Program Files (x86)\Design Science
2010-08-17 13:42:46 ----D---- C:\Program Files (x86)\The Guild 2 - Renaissance
2010-08-16 15:49:04 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-16 15:48:32 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-08-16 15:48:10 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-16 15:48:09 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\occache.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-16 15:48:03 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-16 15:47:57 ----A---- C:\Windows\SysWOW64\schannel.dll

======List of files/folders modified in the last 1 months======

2010-09-07 16:07:16 ----D---- C:\Windows\Temp
2010-09-07 16:07:13 ----RD---- C:\Program Files (x86)
2010-09-07 15:54:51 ----D---- C:\Windows\Debug
2010-09-07 15:54:51 ----D---- C:\Windows
2010-09-07 15:44:02 ----D---- C:\Windows\SysWOW64
2010-09-07 13:38:03 ----D---- C:\Windows\SysWOW64\drivers
2010-09-07 13:38:02 ----HD---- C:\ProgramData
2010-09-07 13:12:20 ----D---- C:\Windows\Prefetch
2010-09-07 13:01:36 ----SHD---- C:\Windows\Installer
2010-09-07 12:15:50 ----SHD---- C:\System Volume Information
2010-09-07 12:11:14 ----D---- C:\Users\***\AppData\Roaming\Skype
2010-09-06 20:16:31 ----SD---- C:\Windows\Downloaded Program Files
2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files
2010-09-05 15:19:11 ----D---- C:\ProgramData\DivX
2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\DivX
2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-09-03 21:31:31 ----D---- C:\Users\***\AppData\Roaming\vlc
2010-09-03 11:45:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-09-02 12:55:47 ----RD---- C:\Program Files
2010-09-02 12:55:46 ----D---- C:\ProgramData\Apple Computer
2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\Common Files\Apple
2010-09-02 12:52:16 ----D---- C:\Windows\inf
2010-09-02 12:51:02 ----D---- C:\Windows\System32
2010-09-01 15:25:07 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2010-08-31 20:58:26 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2010-08-30 21:47:18 ----D---- C:\Windows\Tasks
2010-08-30 19:24:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-08-30 19:18:11 ----D---- C:\Windows\Minidump
2010-08-26 01:16:09 ----D---- C:\Users\***\AppData\Roaming\BitTorrent
2010-08-25 20:52:30 ----RSD---- C:\Windows\assembly
2010-08-25 17:42:16 ----RSD---- C:\Windows\Fonts
2010-08-24 19:42:09 ----D---- C:\Users\***\AppData\Roaming\temp
2010-08-17 12:32:47 ----D---- C:\Windows\winsxs
2010-08-17 12:28:02 ----D---- C:\Windows\Microsoft.NET
2010-08-17 12:19:52 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-17 12:19:49 ----D---- C:\Program Files (x86)\Windows Mail
2010-08-17 12:19:48 ----D---- C:\Windows\SysWOW64\migration
2010-08-16 22:00:06 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys []
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys []
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys []
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\Windows\System32\drivers\sfsync04.sys []
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys []
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys []
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-04-08 70400]
S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2003-09-06 6944]
S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832]
S1 acedrv07;acedrv07; \??\C:\Windows\system32\drivers\acedrv07.sys []
S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-04-08 54272]
S1 SSHDRV59;SSHDRV59; \??\C:\Windows\system32\drivers\SSHDRV59.sys [2010-02-13 35840]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 a2shxq3i;a2shxq3i; C:\Windows\SysWOW64\drivers\a2shxq3i.sys []
S3 asb6kma2;asb6kma2; C:\Windows\SysWOW64\drivers\asb6kma2.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50a64.sys []
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50a64.sys []
S3 PCD59X2;PCD59X2; \??\C:\Users\***\AppData\Local\Temp\PCD59X2.sys []
S3 PCD59X3;PCD59X3; \??\C:\Users\***\AppData\Local\Temp\PCD59X3.sys []
S3 PCD59X4;PCD59X4; \??\C:\Users\***\AppData\Local\Temp\PCD59X4.sys []
S3 PCD59X5;PCD59X5; \??\C:\Users\***\AppData\Local\Temp\PCD59X5.sys []
S3 PCD59X6;PCD59X6; \??\C:\Users\***\AppData\Local\Temp\PCD59X6.sys []
S3 PCD59X7;PCD59X7; \??\C:\Users\***\AppData\Local\Temp\PCD59X7.sys []
S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WG111Tvx.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 xnacc;Treiberdienst XBOX 360-Controller für Windows; C:\Windows\system32\DRIVERS\xnacc.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-26 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-12-26 103736]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 932640]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe svc []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]

-----------------EOF-----------------
         

bin ich jetzt clean

Danke für Eure Hilfe!!!

lg

 

Themen zu Antimalware Doctor
adware.myway, benutzerprofildienst, bho, bonjour, components, desktop, device driver, diagnostics, document, error, excel, fehler, firefox, flash player, fontcache, google, hdaudio.sys, heuristics.shuriken, hijack, hijackthis, hilfe!!, home, home premium, hotfix.exe, iexplore, install.exe, installation, local\temp, log file, logfile, msiexec, msiexec.exe, notepad.exe, object, office 2007, plug-in, programdata, registry, richtlinie, rogue.antimalwaredoctor, security, server, software, sptd.sys, start menu, studio, svchost.exe, symantec, system, syswow64, torrent.exe, trojan.agent.ge, visual studio, worm.autorun, wscript.exe




Ähnliche Themen: Antimalware Doctor


  1. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (22)
  2. antimalware doctor
    Plagegeister aller Art und deren Bekämpfung - 18.09.2010 (1)
  3. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (19)
  4. Antimalware Doctor...
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (6)
  5. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (1)
  6. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (14)
  7. Antimalware Doctor
    Diskussionsforum - 30.08.2010 (8)
  8. Antimalware Doctor auf PC
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (2)
  9. Entfernung von Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (3)
  10. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (1)
  11. antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 07.07.2010 (2)
  12. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 11.06.2010 (15)
  13. Antimalware Doctor entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2010 (21)
  14. Antimalware Doctor löschen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2010 (1)
  15. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 03.06.2010 (12)
  16. Antimalware Doctor
    Plagegeister aller Art und deren Bekämpfung - 23.05.2010 (1)
  17. Antimalware Doctor beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (9)

Zum Thema Antimalware Doctor - Hi @all!!! hab mir leider was eingefangen bzw. mein PC. Bin laut anleitung vorgegangen. 1.) Iexplore: Code: Alles auswählen Aufklappen ATTFilter This log file is located at C:\rkill.log. Please post - Antimalware Doctor...
Archiv
Du betrachtest: Antimalware Doctor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.