![]() |
|
Plagegeister aller Art und deren Bekämpfung: Antimalware DoctorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Antimalware Doctor Hi @all!!! hab mir leider was eingefangen bzw. mein PC. Bin laut anleitung vorgegangen. 1.) Iexplore: Code:
ATTFilter This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as *** on 07.09.2010 at 16:11:33. Services Stopped: Processes terminated by Rkill or while it was running: Rkill completed on 07.09.2010 at 16:11:36. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4561 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 07.09.2010 15:39:28 mbam-log-2010-09-07 (15-39-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|) Durchsuchte Objekte: 776263 Laufzeit: 1 Stunde(n), 58 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 27 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lt4tmf (Backdoor.Bot) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> No action taken. C:\Users\***\AppData\Local\Temp\doa546.exe (Backdoor.Bot) -> No action taken. C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken. C:\Users\***\AppData\Local\Temp\7619,062.exe (Trojan.Dropper) -> No action taken. C:\Users\***\AppData\Local\Temp\awttsvlg.exe (Trojan.Downloader) -> No action taken. C:\Users\***\AppData\Local\Temp\jytr.exe (Trojan.FakeAlert) -> No action taken. C:\Users\***\AppData\Local\Temp\lnudls.exe (Trojan.Downloader) -> No action taken. C:\Users\***\AppData\Local\Temp\nwmxaecrso.exe (Trojan.Agent.Gen) -> No action taken. C:\Users\***\AppData\Local\Temp\remacsnowx.exe (Trojan.Agent) -> No action taken. C:\Users\***\AppData\Local\Temp\sxcfgslr.exe (Trojan.Downloader) -> No action taken. C:\Users\***\AppData\Local\Temp\thuurs.exe (Heuristics.Shuriken) -> No action taken. C:\Users\***\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> No action taken. I:\fun.xls.exe (Worm.AutoRun) -> No action taken. I:\Software - CD\Freeripmp3\freeripmp3.exe (Adware.MyWay) -> No action taken. I:\System Volume Information\_restore{8A678CD9-BC47-45B9-B58C-B964E2B82263}\RP200\A0058960.exe (Worm.AutoRun) -> No action taken. I:\System Volume Information\_restore{CFB6E64A-5D4B-4564-98E3-77EC49187E45}\RP12\A0004309.exe (Worm.AutoRun) -> No action taken. C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken. C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> No action taken. C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken. hab ich durchgeführt bis keine Fehler mehr in Regestry 4.) RSIT Code:
ATTFilter info.txt logfile of random's system information tool 1.08 2010-09-07 16:07:18 ======Uninstall list====== -->MsiExec /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2} 3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79} Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001} AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x7 Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Ask Toolbar-->"C:\Program Files (x86)\AskBarDis\unins000.exe" Aspell 0.6 Dictionary (Language: de)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-de.exe" Aspell Data-->"C:\ProgramData\Aspell\Uninstall-AspellData.exe" ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x7 BitTorrent-->D:\Program Files (x86)\BitTorrent\uninst.exe Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C} CCleaner-->"D:\Program Files (x86)\CCleaner\uninst.exe" Command & Conquer(TM) Generäle-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35} Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18} Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98} Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379} Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F} Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3} Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D} Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1} Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E} Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519} Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671} Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F} Company of Heroes-->"E:\Games\Company of Heroes\Uninstall_German.exe" Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32} DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe Dev-C++ 5 beta 9 release (4.9.9.2)-->"E:\Dev-Cpp\uninstall.exe" Die Gilde - Gaukler, Gruften und Geschütze-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG Die Gilde 2 - Die Seeräuber der Hanse-->E:\Program Files (x86)\Die Gilde 2 - Die Seeräuber der Hanse\uninstall.exe Die Gilde 2-->C:\Windows\unvise32.exe E:\Programme\Die Gilde 2\uninstal.log Die Gilde Addon Update v. 2.06 -->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG Die Gilde Update v1.04a-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG Die Schlacht um Mittelerde™ II-->E:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com EA Download Manager-->E:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe EVEREST Ultimate Edition v5.30-->"D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe" FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909} FileZilla Client 3.2.7.1-->D:\Program Files (x86)\FileZilla FTP Client\uninstall.exe Freelancer-->"E:\Program Files (x86)\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove FUSSBALL MANAGER 10-->E:\Program Files (x86)\EA SPORTS\FUSSBALL MANAGER 10\eauninstall.exe GameCenter 1.3.0.5-->"C:\Program Files (x86)\Cyanide\GameCenter\unins000.exe" GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {06694B0F-B778-4E13-B841-4FF9CC81D0C5} /qb+ REBOOTPROMPT="" Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {E1404B9C-5F36-406A-B720-70FA3F242B7B} /qb+ REBOOTPROMPT="" Java Media Framework 2.1.1a-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\JMF2.1.1\Uninst.isu" Java MP3 PlugIn-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\Java\jre6\Uninst.isu" Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} LyX 1.6.4-1-->"E:\Lyx\Uninstall-LyX.exe" Malwarebytes' Anti-Malware-->"D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" MathPlayer-->C:\Program Files (x86)\Design Science\MathPlayer\Setup.exe -u Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D} Microsoft Flight Simulator X Service Pack 1-->C:\Windows\SysWOW64\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {7FB5887E-FA27-4CDC-BBA4-146487E789FA} /package {F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A} Microsoft Flight Simulator X-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Flight Simulator X-->MsiExec.exe /X{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4} Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {519D9F45-CBF4-4E57-B419-11F196CCA8AE} Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585} Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE} Microsoft Office Visio Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE} Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE} Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5} Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD} Microsoft SQL Server 2005-->"C:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8} Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3} Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504} Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD} Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7} Microsoft Visual Studio 2008 Professional Edition - ENU-->E:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe Microsoft Visual Studio Web Authoring Component-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} MiKTeX 2.7-->"E:\Program Files (x86)\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "E:\Program Files (x86)\MiKTeX 2.7\miktex\config\uninstall.dat" Mozilla Firefox (3.5.6)-->D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly NHL™ 09-->MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94} Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X NVIDIA PhysX v8.05.26-->MsiExec.exe /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2} Packet Tracer 5.1-->"D:\Program Files (x86)\Packet Tracer 5.1\unins000.exe" Patch v4.1-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins001.exe" ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025} Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio 2007 (KB982127)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA3200A8-BD90-4763-B7D0-27DFBFB8DD71} Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Star Wars Empire at War-->C:\Program Files (x86)\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\setup.exe -runfromtemp -l0x0007 -removeonly Star Wars: The Force Unleashed-->"E:\Program Files (x86)\Activision\Star Wars The Force Unleashed\unins000.exe" Steamless Left4Dead2 Pack-->E:\Program Files (x86)\Steamless Left4Dead2 Pack\uninstall.exe TeleTeachingTool-->"D:\Program Files (x86)\TeleTeachingTool\Uninstall.exe" "D:\Program Files (x86)\TeleTeachingTool\install.log" The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins000.exe" The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins002.exe" TmNationsForever Update 2010-03-15-->"E:\Program Files (x86)\TmNationsForever\unins000.exe" Tour de France 2010 - Der offizielle Radsport-Manager Version 1-->"E:\Program Files (x86)\Cyanide\Pro Cycling Manager - Season 2010\unins000.exe" Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C} Update for Microsoft Office Visio 2007 Help (KB963666)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278} VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000} VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6} VLC media player 1.0.1-->D:\Program Files (x86)\VideoLAN\VLC\uninstall.exe Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876} Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B} WinRAR-->D:\Program Files (x86)\WinRAR\uninstall.exe ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: Athlon-7850 Event Code: 4383 Message: Windows-Wartung hat das Update 977816-18_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt. Record Number: 100451 Source Name: Microsoft-Windows-Servicing Time Written: 20100415125338.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Athlon-7850 Event Code: 4383 Message: Windows-Wartung hat das Update 977816-16_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt. Record Number: 100450 Source Name: Microsoft-Windows-Servicing Time Written: 20100415125338.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Athlon-7850 Event Code: 4373 Message: Windows-Wartung hat das Paket KB977816(Security Update) erfolgreich in den Status Installiert(Installed) gesetzt. Record Number: 100449 Source Name: Microsoft-Windows-Servicing Time Written: 20100415125338.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Athlon-7850 Event Code: 4383 Message: Windows-Wartung hat das Update 977816-22_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt. Record Number: 100448 Source Name: Microsoft-Windows-Servicing Time Written: 20100415125338.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Athlon-7850 Event Code: 4383 Message: Windows-Wartung hat das Update 977816-21_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt. Record Number: 100447 Source Name: Microsoft-Windows-Servicing Time Written: 20100415125338.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM =====Application event log===== Computer Name: Athlon-7850 Event Code: 1005 Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0 Record Number: 35501 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100303214722.000000-000 Event Type: Informationen User: Computer Name: Athlon-7850 Event Code: 1003 Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen. Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f Lizenzierungsstatus= {1,[11db994f-af86-4eb9-af35-fb4e3b0256f5, 8, 0xC004F014,0x0]} {1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]} {1,[6b16d38b-7dac-4614-9948-b4a92ddba889, 8, 0xC004F014,0x0]} {1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]} {1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]} {1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]} {1,[a7a4a974-ad47-420e-8e1a-83d28572058a, 8, 0xC004F014,0x0]} {1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]} {1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 8, 0xC004F014,0x0]} {1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]} {1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]} {1,[cdb090c3-053c-4cd1-9cb2-e35b1738747a, 8, 0xC004F014,0x0]} {1,[da0483a8-c443-45fd-9b52-2bba9b2ee8ab, 8, 0xC004F014,0x0]} {1,[e05164a4-fb9a-471f-8c3a-6959b4cf1b72, 8, 0xC004F014,0x0]} {1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]} {1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]} Record Number: 35500 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100303214722.000000-000 Event Type: Informationen User: Computer Name: Athlon-7850 Event Code: 1033 Message: Die Richtlinien werden ausgeschlossen, da sie nur mit dem override-only-Attribut definiert wurden. Richtliniennamen=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w) Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f SKU-ID=f3acdd3c-119a-4932-a3d7-0b6f33a1dca9 Record Number: 35499 Source Name: Microsoft-Windows-Security-Licensing-SLC Time Written: 20100303214722.000000-000 Event Type: Informationen User: Computer Name: Athlon-7850 Event Code: 1531 Message: Der Benutzerprofildienst wurde erfolgreich gestartet. Record Number: 35498 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100303214718.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Athlon-7850 Event Code: 4625 Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog. Record Number: 35497 Source Name: Microsoft-Windows-EventSystem Time Written: 20100303214718.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: Athlon-7850 Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: ATHLON-7850$ Kontodomäne: NETZWERK Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-20 Kontoname: NETZWERKDIENST Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e4 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x2b8 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 17622 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091122112216.964144-000 Event Type: Überwachung erfolgreich User: Computer Name: Athlon-7850 Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 17621 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091122112216.870543-000 Event Type: Überwachung erfolgreich User: Computer Name: Athlon-7850 Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: ATHLON-7850$ Kontodomäne: NETZWERK Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x2b8 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 17620 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091122112216.870543-000 Event Type: Überwachung erfolgreich User: Computer Name: Athlon-7850 Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: ATHLON-7850$ Kontodomäne: NETZWERK Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x2b8 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 17619 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091122112216.870543-000 Event Type: Überwachung erfolgreich User: Computer Name: Athlon-7850 Event Code: 4902 Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt. Anzahl von Elementen: 0 Richtlinienkennung: 0x146dc Record Number: 17618 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091122112216.667742-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=E:\Program Files (x86)\MiKTeX 2.7\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD "PROCESSOR_REVISION"=0203 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat "DFSTRACINGON"=FALSE "VS90COMNTOOLS"=e:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\Tools\ "RGSCLauncher"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club "RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0 "asl.log"=Destination=file;OnFirstLog=command,environment "CLASSPATH"=.;D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-09-07 16:07:13 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 9 GB (17%) free of 52 GB Total RAM: 8190 MB (79% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:07:17, on 07.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\SysWOW64\rundll32.exe D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe D:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe E:\Eigene Dateien\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe" O4 - HKLM\..\Run: [QFan Help] "D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [nxasocewrm.exe] "C:\Users\***\AppData\Local\Temp\nxasocewrm.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [byivqr] RUNDLL32.EXE C:\Users\***\AppData\Local\Temp\msllhsjn.dll,w O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9BC827-1B38-4705-9949-BBEAE13D0DB2}: NameServer = 195.3.96.67 213.33.98.136 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10384 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Norton Security Scan for ***.job C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440] "Ai Nap"=D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe [2008-12-22 1953280] "QFan Help"=D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432] "Cpu Level Up help"=D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152] "Adobe Reader Speed Launcher"=D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-09-01 421160] "SunJavaUpdateSched"=D:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280] "DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584] "nxasocewrm.exe"=C:\Users\***\AppData\Local\Temp\nxasocewrm.exe [2010-09-07 48128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968] "AlcoholAutomount"=D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-24 203416] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240] "RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-03-14 306088] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168] "DAEMON Tools Pro Agent"=E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2010-04-15 427328] "byivqr"=C:\Users\***\AppData\Local\Temp\msllhsjn.dll [2010-09-07 36865] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup NETGEAR WG111T Smart Wizard.lnk - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "ForceActiveDesktopOn"=0 "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "D:\Program Files (x86)\BitTorrent\bittorrent.exe"="D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\SysWOW64\Notepad.exe %1 .js - open - C:\Windows\SysWOW64\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-09-07 16:07:13 ----D---- C:\rsit 2010-09-07 16:07:13 ----D---- C:\Program Files (x86)\trend micro 2010-09-07 13:38:10 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-09-07 13:38:03 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys 2010-09-07 13:38:02 ----D---- C:\ProgramData\Malwarebytes 2010-09-07 13:02:01 ----A---- C:\Windows\SysWOW64\3356018.BAT 2010-09-07 13:01:39 ----D---- C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721 2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared 2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaws.exe 2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaw.exe 2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\java.exe 2010-09-03 23:40:25 ----D---- C:\Program Files (x86)\Java 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jsound.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvh263.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvfw.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvcm.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmutil.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpegv.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpa.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmci.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmjpeg.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh263enc.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh261.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgsm.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgdi.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmg723.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmfjawt.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmddraw.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaudc.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaud.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmcvid.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmam.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmacm.dll 2010-09-03 20:31:13 ----A---- C:\Windows\IsUninst.exe 2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\iTunes 2010-09-02 12:53:34 ----D---- C:\Program Files (x86)\QuickTime 2010-09-02 12:51:02 ----D---- C:\Program Files (x86)\Bonjour 2010-08-30 21:47:13 ----D---- C:\ProgramData\Symantec 2010-08-30 21:47:13 ----D---- C:\ProgramData\Norton 2010-08-30 21:47:13 ----D---- C:\Program Files (x86)\Norton Security Scan 2010-08-30 21:47:12 ----D---- C:\ProgramData\NortonInstaller 2010-08-30 21:47:12 ----D---- C:\Program Files (x86)\NortonInstaller 2010-08-30 19:28:56 ----D---- C:\ProgramData\EA Logs 2010-08-25 21:27:01 ----D---- C:\Users\***\AppData\Roaming\The Creative Assembly 2010-08-25 17:42:16 ----D---- C:\Program Files (x86)\Design Science 2010-08-17 13:42:46 ----D---- C:\Program Files (x86)\The Guild 2 - Renaissance 2010-08-16 15:49:04 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-16 15:48:32 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-08-16 15:48:10 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-16 15:48:09 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\occache.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieUnatt.exe 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesysprep.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesetup.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iernonce.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ie4uinit.exe 2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-16 15:48:03 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-16 15:47:57 ----A---- C:\Windows\SysWOW64\schannel.dll ======List of files/folders modified in the last 1 months====== 2010-09-07 16:07:16 ----D---- C:\Windows\Temp 2010-09-07 16:07:13 ----RD---- C:\Program Files (x86) 2010-09-07 15:54:51 ----D---- C:\Windows\Debug 2010-09-07 15:54:51 ----D---- C:\Windows 2010-09-07 15:44:02 ----D---- C:\Windows\SysWOW64 2010-09-07 13:38:03 ----D---- C:\Windows\SysWOW64\drivers 2010-09-07 13:38:02 ----HD---- C:\ProgramData 2010-09-07 13:12:20 ----D---- C:\Windows\Prefetch 2010-09-07 13:01:36 ----SHD---- C:\Windows\Installer 2010-09-07 12:15:50 ----SHD---- C:\System Volume Information 2010-09-07 12:11:14 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-09-06 20:16:31 ----SD---- C:\Windows\Downloaded Program Files 2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files 2010-09-05 15:19:11 ----D---- C:\ProgramData\DivX 2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\DivX 2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\Common Files\DivX Shared 2010-09-03 21:31:31 ----D---- C:\Users\***\AppData\Roaming\vlc 2010-09-03 11:45:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-09-02 12:55:47 ----RD---- C:\Program Files 2010-09-02 12:55:46 ----D---- C:\ProgramData\Apple Computer 2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\Common Files\Apple 2010-09-02 12:52:16 ----D---- C:\Windows\inf 2010-09-02 12:51:02 ----D---- C:\Windows\System32 2010-09-01 15:25:07 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-08-31 20:58:26 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2010-08-30 21:47:18 ----D---- C:\Windows\Tasks 2010-08-30 19:24:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-30 19:18:11 ----D---- C:\Windows\Minidump 2010-08-26 01:16:09 ----D---- C:\Users\***\AppData\Roaming\BitTorrent 2010-08-25 20:52:30 ----RSD---- C:\Windows\assembly 2010-08-25 17:42:16 ----RSD---- C:\Windows\Fonts 2010-08-24 19:42:09 ----D---- C:\Users\***\AppData\Roaming\temp 2010-08-17 12:32:47 ----D---- C:\Windows\winsxs 2010-08-17 12:28:02 ----D---- C:\Windows\Microsoft.NET 2010-08-17 12:19:52 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-17 12:19:49 ----D---- C:\Program Files (x86)\Windows Mail 2010-08-17 12:19:48 ----D---- C:\Windows\SysWOW64\migration 2010-08-16 22:00:06 ----A---- C:\Windows\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [] R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [] R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\Windows\System32\drivers\sfsync04.sys [] R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [] R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [] R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh64.sys [] S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-04-08 70400] S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2003-09-06 6944] S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832] S1 acedrv07;acedrv07; \??\C:\Windows\system32\drivers\acedrv07.sys [] S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-04-08 54272] S1 SSHDRV59;SSHDRV59; \??\C:\Windows\system32\drivers\SSHDRV59.sys [2010-02-13 35840] S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] S3 a2shxq3i;a2shxq3i; C:\Windows\SysWOW64\drivers\a2shxq3i.sys [] S3 asb6kma2;asb6kma2; C:\Windows\SysWOW64\drivers\asb6kma2.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [] S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50a64.sys [] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50a64.sys [] S3 PCD59X2;PCD59X2; \??\C:\Users\***\AppData\Local\Temp\PCD59X2.sys [] S3 PCD59X3;PCD59X3; \??\C:\Users\***\AppData\Local\Temp\PCD59X3.sys [] S3 PCD59X4;PCD59X4; \??\C:\Users\***\AppData\Local\Temp\PCD59X4.sys [] S3 PCD59X5;PCD59X5; \??\C:\Users\***\AppData\Local\Temp\PCD59X5.sys [] S3 PCD59X6;PCD59X6; \??\C:\Users\***\AppData\Local\Temp\PCD59X6.sys [] S3 PCD59X7;PCD59X7; \??\C:\Users\***\AppData\Local\Temp\PCD59X7.sys [] S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WG111Tvx.sys [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S3 xnacc;Treiberdienst XBOX 360-Controller für Windows; C:\Windows\system32\DRIVERS\xnacc.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 MSSQLSERVER;SQL Server (MSSQLSERVER); D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-26 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-12-26 103736] R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 932640] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe svc [] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688] -----------------EOF----------------- bin ich jetzt clean Danke für Eure Hilfe!!! lg |