|
Log-Analyse und Auswertung: Explorer.exe mit Autostarts verseuchtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.12.2009, 12:05 | #1 |
| Explorer.exe mit Autostarts verseucht Hi alle zusammen. Erst mal die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.42 Datenbank Version: 3308 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07.12.2009 11:39:24 mbam-log-2009-12-07 (11-39-24).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 35694 Laufzeit: 5 minute(s), 7 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{34k7f01x-ujd8-x3g2-bt24-cuv0i751h4n3} (Generic.Bot.H) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe (Generic.Bot.H) -> Quarantined and deleted successfully. Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-12-07 11:41:06 Microsoft Windows XP Professional Service Pack 3 System drive C: has 69 GB (53%) free of 131 GB Total RAM: 3327 MB (82% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:41:06, on 07.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\***.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HKLM] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HKCU] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222191105574 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234969806437 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5367 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640] "HKLM"=C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2006-04-30 339968] " Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "Policies"=C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2006-04-30 339968] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2008-08-12 21741864] "DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "HKCU"=C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2006-04-30 339968] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "Policies"=C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2006-04-30 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] C:\WINDOWS\system32\CTHELPER.EXE [2007-04-09 19456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] C:\WINDOWS\system32\CTXFIHLP.EXE [2007-04-09 19968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] C:\Programme\DAEMON Tools Pro\DTProAgent.exe [2008-10-09 200136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GMX_GMX MultiMessenger] C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE /hide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2006-04-30 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2006-04-30 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\PROGRA~1\ICQ6\ICQ.exe silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe [2009-10-28 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] C:\Programme\pdf24\PDFBackend.exe [2008-01-31 134144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian] C:\Programme\PeerGuardian2\pg2.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\QTTask.exe [2009-09-05 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Programme\Steam\Steam.exe [2009-11-18 1217808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2009-06-15 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk] C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico -user_logon [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Adobe Gamma.lnk] C:\PROGRA~1\GEMEIN~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 "iPod Service"=3 "FLEXnet Licensing Service"=3 "Bonjour Service"=2 "Apple Mobile Device"=2 "Adobe LM Service"=3 "MDM"=2 "Imapi Helper"=3 "idsvc"=3 "IDriverT"=3 "PnkBstrB"=2 "PnkBstrA"=2 "JavaQuickStarterService"=2 "ASKUpgrade"=2 "ASKService"=2 "DAUpdaterSvc"=3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\WinSCP\WinSCP.exe"="C:\Programme\WinSCP\WinSCP.exe:*:Enabled:SFTP, FTP and SCP client" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\HLSW\hlsw.exe"="C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application" "C:\Programme\Wolfram Research\Mathematica\6.0\Mathematica.exe"="C:\Programme\Wolfram Research\Mathematica\6.0\Mathematica.exe:*:Enabled:Mathematica 6" "C:\Programme\Wolfram Research\Mathematica\6.0\MathKernel.exe"="C:\Programme\Wolfram Research\Mathematica\6.0\MathKernel.exe:*:Enabled:Mathematica 6 Kernel" "C:\Programme\Wolfram Research\Mathematica\6.0\math.exe"="C:\Programme\Wolfram Research\Mathematica\6.0\math.exe:*:Enabled:math.exe" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE"="C:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE:*:Enabled:GMX MultiMessenger" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{885b3b75-8e3d-11dd-9483-000feae38488}] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1bd1ea9-f501-11dd-9540-000feae38488}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe9c9e7a-3be5-11d8-9476-806d6172696f}] shell\AutoRun\command - D:\Start.exe ======List of files/folders created in the last 1 months====== 2009-12-07 11:41:06 ----D---- C:\rsit 2009-12-07 11:33:09 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2009-12-07 11:33:03 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-12-07 11:33:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-12-07 11:27:02 ----D---- C:\Programme\CCleaner 2009-12-07 11:17:00 ----D---- C:\Programfiler 2009-12-07 11:08:31 ----D---- C:\Programme\Trend Micro 2009-12-04 00:35:58 ----A---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SQLite3.dll 2009-12-01 17:43:37 ----D---- C:\Programme\TheCastle 2009-11-28 19:52:14 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TrueCrypt 2009-11-28 19:51:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt 2009-11-28 19:51:50 ----D---- C:\Programme\TrueCrypt 2009-11-28 17:06:11 ----D---- C:\Programme\WinDjView 2009-11-28 04:27:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare 2009-11-26 08:59:08 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-26 08:59:08 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-26 08:59:08 ----A---- C:\WINDOWS\system32\java.exe 2009-11-25 14:41:51 ----D---- C:\Programme\JRE 2009-11-25 14:34:04 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla 2009-11-25 14:33:03 ----D---- C:\Programme\FileZilla FTP Client 2009-11-25 12:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ 2009-11-25 12:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2009-11-17 15:42:46 ----A---- C:\WINDOWS\system32\ztvunrar36.dll 2009-11-17 15:42:46 ----A---- C:\WINDOWS\system32\ztvunace26.dll 2009-11-17 15:42:46 ----A---- C:\WINDOWS\system32\ztvcabinet.dll 2009-11-17 15:42:44 ----D---- C:\Programme\TUGZip 2009-11-12 22:07:53 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\runic games 2009-11-11 13:47:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2009-11-10 17:23:55 ----D---- C:\users ======List of files/folders modified in the last 1 months====== 2009-12-07 11:41:07 ----D---- C:\WINDOWS\Temp 2009-12-07 11:40:59 ----SHD---- C:\WINDOWS\Installer 2009-12-07 11:40:59 ----D---- C:\WINDOWS\system32\drivers 2009-12-07 11:39:23 ----D---- C:\WINDOWS\Prefetch 2009-12-07 11:33:03 ----RD---- C:\Programme 2009-12-07 11:29:23 ----D---- C:\WINDOWS\Minidump 2009-12-07 11:29:23 ----D---- C:\WINDOWS\Debug 2009-12-07 11:29:23 ----D---- C:\WINDOWS 2009-12-07 11:20:02 ----D---- C:\Programme\Mozilla Firefox 2009-12-07 11:16:09 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype 2009-12-07 11:05:23 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM 2009-12-07 11:05:17 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-07 03:48:12 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-12-07 00:50:23 ----D---- C:\Programme\WebCraft 2009-12-07 00:33:57 ----RSH---- C:\boot.ini 2009-12-07 00:33:57 ----A---- C:\WINDOWS\win.ini 2009-12-07 00:33:57 ----A---- C:\WINDOWS\system.ini 2009-12-04 16:03:51 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-04 16:03:40 ----HD---- C:\WINDOWS\inf 2009-12-04 00:37:03 ----RSD---- C:\WINDOWS\assembly 2009-12-04 00:36:37 ----D---- C:\WINDOWS\system32\DirectX 2009-12-02 02:31:23 ----D---- C:\Programme\Steam 2009-12-01 17:43:32 ----D---- C:\WINDOWS\system32 2009-11-29 02:57:18 ----D---- C:\Programme\Cheat Engine 2009-11-28 04:23:09 ----D---- C:\Programme\Gemeinsame Dateien\BioWare 2009-11-26 08:59:07 ----D---- C:\Programme\Java 2009-11-26 00:48:08 ----D---- C:\WINDOWS\WinSxS 2009-11-26 00:47:56 ----HD---- C:\Programme\InstallShield Installation Information 2009-11-25 14:42:02 ----RSD---- C:\WINDOWS\Fonts 2009-11-25 14:41:49 ----D---- C:\Programme\OpenOffice.org 3 2009-11-25 12:29:20 ----HD---- C:\WINDOWS\$hf_mig$ 2009-11-16 18:37:17 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Petroglyph 2009-11-16 18:25:04 ----D---- C:\WINDOWS\ShellNew 2009-11-09 02:25:24 ----D---- C:\Programme\WinRAR ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-11-28 223440] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-01 281760] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064] R2 irda;IrDA-Protokoll; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-01 25888] R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488] R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632] R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992] R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-02-09 6307328] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760] R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-03-23 130688] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] S1 AmdPPM;AMD HwPState Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792] S3 a5q8kf0z;a5q8kf0z; C:\WINDOWS\system32\drivers\a5q8kf0z.sys [] S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [] S3 aonk2vlf;aonk2vlf; C:\WINDOWS\system32\drivers\aonk2vlf.sys [] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358] S3 cpuz132;cpuz132; \??\C:\DOKUME~1\***\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [] S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128] S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192] S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320] S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768] S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328] S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976] S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632] S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-08 25280] S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736] S3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2004-10-19 33280] S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-10-19 12928] S3 RAMDiskXP;RAMDiskXP; C:\WINDOWS\System32\Drivers\RAMDiskXP.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952] S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Irmon;Infrarotüberwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S4 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-05 72704] S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] S4 ASKService;ASKService; C:\Programme\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] S4 ASKUpgrade;ASKUpgrade; C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-18 654848] S4 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 Imapi Helper;Imapi Helper; C:\Programme\ISO Recorder\ImapiHelper.exe [2006-01-05 163840] S4 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-10-28 545568] S4 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] S4 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-08 66872] S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-06-08 107832] S4 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] -----------------EOF----------------- Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-12-07 11:41:08 ======Uninstall list====== -->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe" Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\25db75244653b42cb93dc27939d1c0e\Setup.exe Adobe Dreamweaver CS3-->MsiExec.exe /I{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F} Adobe ExtendScript Toolkit 2-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} Adobe Setup-->MsiExec.exe /I{7D386596-0E80-4808-8AAE-C1DDA8212F7F} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} AMD Processor Driver-->C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0007 -removeonly Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} CCleaner-->"C:\Programme\CCleaner\uninst.exe" CloneCD-->"C:\Programme\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Programme\SlySoft\CloneCD" CureROM Pro 2.0.2-->C:\Programme\CureROM\uninst.exe DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN EiffelStudio 6.3 (x86) GPL-->MsiExec.exe /X{204A9FC9-E345-4FC7-93E3-1439C41A914B} EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe" FileZilla Client 3.2.7.1-->C:\Programme\FileZilla FTP Client\uninstall.exe GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG Hdd Speed Test Tool v. 1.0.14 (RC 1)-->"C:\Programme\HddSpeedTest\unins000.exe" HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly iPhone-Konfigurationsprogramm-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1} ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21} iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178} Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130} JavaFX(TM) 1.1 SDK-->MsiExec.exe /X{7396F7C8-EDD8-4473-BF6A-2CE4996716E1} K-Lite Mega Codec Pack 4.5.3-->"C:\Programme\K-Lite Codec Pack\unins000.exe" Korean Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-900000000003} Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme-->MsiExec.exe /X{90120000-00B2-0407-0000-0000000FF1CE} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Document Explorer 2008-->C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{B578C85A-A84C-4230-A177-C5B2AF565B8C} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{B45FABE7-D101-4D99-A671-E16DA40AF7F0} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Rise Of Nations-->"D:\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86-->MsiExec.exe /X{44D9A2CB-0692-3180-B5E2-26F4E807D067} Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)-->"C:\Programme\Microsoft SDKs\Windows\v6.1\Setup\SDKSetup.exe" -x "-source:C:\Programme\Microsoft SDKs\Windows\v6.1\Setup\1033\;C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\SDKSetup\WinSDK\;http://download.microsoft.com/download/2/3/F/23F86204-39EE-4CD7-9A51-DB19C9A8F8C4" MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8} Mozilla Firefox (3.5.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} OpenAL-->"C:\Programme\OpenAL\MSI59D.tmp" /U OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585} Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620} PCI Audio Driver-->cmuninst.exe pdf24-->"C:\Programme\pdf24\unins000.exe" PDF-Viewer-->"C:\Programme\Tracker Software\PDF Viewer\unins000.exe" PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u Python 2.6.2-->MsiExec.exe /I{24AAB420-4E30-4496-9739-3E216F3DE6AE} QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Real Alternative 1.9.0-->"C:\Programme\Real Alternative\unins000.exe" RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly Saboteur™-->MsiExec.exe /X{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D} Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6} Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Source SDK Base-->"C:\Programme\Steam\steam.exe" steam://uninstall/215 Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe The Castle's SplitImage-->C:\PROGRA~1\THECAS~1\SPLITI~1\UNWISE.EXE C:\PROGRA~1\THECAS~1\SPLITI~1\INSTALL.LOG TrueCrypt-->"C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u TUGZip 3.5-->"C:\Programme\TUGZip\unins000.exe" Unity Web Player-->C:\Programme\Unity\WebPlayer\Uninstall.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Update für Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VLC media player 0.9.4-->C:\Programme\VideoLAN\VLC\uninstall.exe Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" WinDjView 1.0.3-->C:\Programme\WinDjView\uninstall.exe Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C710CEED791003E4D635992B02471584893356A0\amdk8.inf WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe WinSCP 4.1.7-->"C:\Programme\WinSCP\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" =====HijackThis Backups===== O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-12-07] O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll [2009-12-07] O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKLM\..\Run: [HKLM] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKCU\..\Run: [HKCU] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKCU\..\Run: [HKCU] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKLM\..\Run: [HKLM] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe [2009-12-07] ======Hosts File====== 127.0.0.1 secure.disc-soft.com ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: ROOT-GAME Event Code: 7036 Message: Dienst "RAS-Verbindungsverwaltung" befindet sich jetzt im Status "Ausgeführt". Record Number: 24107 Source Name: Service Control Manager Time Written: 20091009111250.000000+120 Event Type: Informationen User: Computer Name: ROOT-GAME Event Code: 7036 Message: Dienst "SSDP-Suchdienst" befindet sich jetzt im Status "Ausgeführt". Record Number: 24106 Source Name: Service Control Manager Time Written: 20091009111250.000000+120 Event Type: Informationen User: Computer Name: ROOT-GAME Event Code: 7036 Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt". Record Number: 24105 Source Name: Service Control Manager Time Written: 20091009111250.000000+120 Event Type: Informationen User: Computer Name: ROOT-GAME Event Code: 7035 Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "RAS-Verbindungsverwaltung" gesendet. Record Number: 24104 Source Name: Service Control Manager Time Written: 20091009111250.000000+120 Event Type: Informationen User: ROOT-GAME\*** Computer Name: ROOT-GAME Event Code: 7036 Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt". Record Number: 24103 Source Name: Service Control Manager Time Written: 20091009111250.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: ***-GAME Event Code: 1904 Message: Record Number: 3031 Source Name: HHCTRL Time Written: 20090430174239.000000+120 Event Type: Informationen User: Computer Name: ***-GAME Event Code: 1904 Message: Record Number: 3030 Source Name: HHCTRL Time Written: 20090430174239.000000+120 Event Type: Informationen User: Computer Name: ***-GAME Event Code: 1904 Message: Record Number: 3029 Source Name: HHCTRL Time Written: 20090430174239.000000+120 Event Type: Informationen User: Computer Name: ***-GAME Event Code: 1904 Message: Record Number: 3028 Source Name: HHCTRL Time Written: 20090430174239.000000+120 Event Type: Informationen User: Computer Name: ***-GAME Event Code: 1904 Message: Record Number: 3027 Source Name: HHCTRL Time Written: 20090430174239.000000+120 Event Type: Informationen User: ======Environment variables====== "CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=C:\Programme\JavaFX\javafx-sdk1.1\bin;C:\Programme\JavaFX\javafx-sdk1.1\emulator\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0f02 "QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip "TEMP"=C:\WINDOWS\Temp "TMP"=C:\WINDOWS\Temp "windir"=%SystemRoot% -----------------EOF----------------- Das ist natürlich ärgerlich, aber ich werde das Gefühl nicht los, dass das mehr als nur ein Fehler im Programm ist... Bei einer OnlineLogauswertung ( h**p://www.hijackthis.de/de ) sind mir folgende Zeilen in meinem Log ans Herz gelegt worden: Code:
ATTFilter O4 - HKLM\..\Run: [HKLM] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe O4 - HKCU\..\Run: [HKCU] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe Es gibt allerdings eine Mglichkeit die Einträge wegzukriegen: -Beende explorer.exe -Beende firefox.exe (da läuft ein 2. Prozess, welchen ich beenden kann, während ich hier meine Nachricht ebenfalls im Firefox tippe. Mein "richtiger" Firefox verbraucht 70MB Speicher, während der "Schatten-FF" nur 11MB verbraucht...) -Über HijackThis fixen Nur leider tauchen die Einträge sofort wieder auf wenn ich Explorer.exe starte - scheint so als wäre meine EXE verseucht? Ganz ehrlich, ein Betriebssystem ohne Explorer ist nur das halbe Leben... Ich hoffe ihr teilt eure Weisheiten mit mir Und vlt. kommen wir ja noch an einer Neuinstallation vorbei. Grüsse und Danke Patrick EDIT: Ich hab ihn gekillt! Ist doch eine feine Sache einfach mal sonstiges eventuell unnützes Zeugs von HJT löschen zu lassen und zu sehen ob es funzt. Hier das neue HJT Logifle: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:46:03, on 07.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\Skype\Phone\Skype.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 2347 bytes Geändert von bk0 (07.12.2009 um 12:46 Uhr) |
08.12.2009, 11:24 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Explorer.exe mit Autostarts verseucht Hallo,
__________________Code:
ATTFilter C:\Programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe Lade dir danach mal Lop S&D herunter. Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!! Wähle die Sprache deiner Wahl und anschließend die Option 1. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
__________________ |
08.12.2009, 13:59 | #3 |
| Explorer.exe mit Autostarts verseucht Hi cosinus
__________________Leider ist die Datei nicht mehr da, sorry. Das Einzige, das ich dir noch sagen kann, ist, dass es eine versteckte Datei war. Vlt. hilft dir das etwas. Aber nun noch der Log von Lop S&D: Code:
ATTFilter --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz ) BIOS : Award Modular BIOS v6.00PG USER : *** ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:127 Go (Free:67 Go) D:\ (Local Disk) - NTFS - Total:803 Go (Free:146 Go) E:\ (Local Disk) - NTFS - Total:186 Go (Free:61 Go) G:\ (CD or DVD) - UDF - Total:7 Go (Free:0 Go) I:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 08.12.2009|13:45 ) --------------------\\ Ordner Verzeichnis unter ANWEND~1 [01.01.2004|00:23] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei [31.12.2003|23:47] C:\DOKUME~1\ADMINI~1.FLO\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\ADMINI~1.FLO\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1.FLO\ANWEND~1\Bytes frei [13.03.2009|00:24] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [29.09.2008|16:42] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [10.09.2009|22:48] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} [15.04.2009|23:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [02.01.2009|08:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\2DBoy [21.10.2009|21:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe [05.12.2008|16:12] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe Systems [29.09.2008|16:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple [29.09.2008|16:42] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer [04.11.2009|15:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Avira [15.03.2009|19:50] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AVS4YOU [18.10.2008|14:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet [17.02.2009|17:18] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Kaspersky Lab Setup Files [07.12.2009|11:33] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes [01.03.2009|00:56] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Mathematica [17.07.2009|22:52] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft [11.11.2008|16:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft Help [20.11.2008|18:24] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Real [27.09.2008|14:13] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype [02.07.2009|03:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Tages [28.11.2009|19:51] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TrueCrypt [23.09.2008|18:33] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage [0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes [22|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei [31.12.2003|23:47] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei [10.06.2009|01:00] C:\DOKUME~1\***\ANWEND~1\.# [06.10.2009|21:23] C:\DOKUME~1\***\ANWEND~1\.minecraft [24.06.2009|06:22] C:\DOKUME~1\***\ANWEND~1\Adobe [10.09.2009|22:59] C:\DOKUME~1\***\ANWEND~1\Apple Computer [15.03.2009|19:50] C:\DOKUME~1\***\ANWEND~1\AVS4YOU [26.05.2009|22:58] C:\DOKUME~1\***\ANWEND~1\CnC Mining [30.04.2009|15:32] C:\DOKUME~1\***\ANWEND~1\Creative [09.10.2009|20:07] C:\DOKUME~1\***\ANWEND~1\dvdcss [26.11.2009|14:23] C:\DOKUME~1\***\ANWEND~1\FileZilla [14.09.2009|04:34] C:\DOKUME~1\***\ANWEND~1\GMX [01.01.2009|09:07] C:\DOKUME~1\***\ANWEND~1\HLSW [04.03.2009|18:15] C:\DOKUME~1\***\ANWEND~1\ICQ [31.12.2003|23:50] C:\DOKUME~1\***\ANWEND~1\Identities [24.02.2009|16:40] C:\DOKUME~1\***\ANWEND~1\InstallShield [21.07.2009|20:37] C:\DOKUME~1\***\ANWEND~1\InstallShield Installation Information [29.09.2008|16:48] C:\DOKUME~1\***\ANWEND~1\Macromedia [07.12.2009|11:33] C:\DOKUME~1\***\ANWEND~1\Malwarebytes [01.03.2009|00:56] C:\DOKUME~1\***\ANWEND~1\Mathematica [21.07.2009|20:47] C:\DOKUME~1\***\ANWEND~1\Media Center Programs [20.11.2008|18:24] C:\DOKUME~1\***\ANWEND~1\Media Player Classic [26.08.2009|22:36] C:\DOKUME~1\***\ANWEND~1\Microsoft [27.09.2008|14:09] C:\DOKUME~1\***\ANWEND~1\Mozilla [17.02.2009|14:33] C:\DOKUME~1\***\ANWEND~1\Mozilla Embedded Browser [04.11.2009|15:17] C:\DOKUME~1\***\ANWEND~1\NuSphere [04.08.2009|00:14] C:\DOKUME~1\***\ANWEND~1\OpenOffice.org [06.01.2009|21:35] C:\DOKUME~1\***\ANWEND~1\Opera [15.06.2009|15:22] C:\DOKUME~1\***\ANWEND~1\Real [11.10.2008|17:30] C:\DOKUME~1\***\ANWEND~1\SecuROM [08.12.2009|13:32] C:\DOKUME~1\***\ANWEND~1\Skype [08.12.2009|08:00] C:\DOKUME~1\***\ANWEND~1\skypePM [23.10.2008|21:58] C:\DOKUME~1\***\ANWEND~1\Smart PC Solutions [25.01.2009|09:33] C:\DOKUME~1\***\ANWEND~1\Sun [26.06.2009|05:35] C:\DOKUME~1\***\ANWEND~1\teamspeak2 [16.04.2009|15:59] C:\DOKUME~1\***\ANWEND~1\The Creative Assembly [28.11.2009|19:54] C:\DOKUME~1\***\ANWEND~1\TrueCrypt [07.07.2009|14:29] C:\DOKUME~1\***\ANWEND~1\Ubisoft [14.09.2009|03:58] C:\DOKUME~1\***\ANWEND~1\Unity [11.11.2008|14:59] C:\DOKUME~1\***\ANWEND~1\vlc [29.09.2008|19:17] C:\DOKUME~1\***\ANWEND~1\Webweaver [18.02.2009|15:49] C:\DOKUME~1\***\ANWEND~1\Windows Desktop Search [27.09.2008|14:10] C:\DOKUME~1\***\ANWEND~1\Windows Search [29.09.2008|17:28] C:\DOKUME~1\***\ANWEND~1\WinRAR [0|Datei(en)] C:\DOKUME~1\***\ANWEND~1\Bytes [46|Verzeichnis(se),] C:\DOKUME~1\***\ANWEND~1\Bytes frei [22.01.2009|00:30] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei [31.12.2003|23:47] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei --------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks [03.12.2009 23:39][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [08.12.2009 07:45][--ah-----] C:\WINDOWS\tasks\SA.DAT [23.08.2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Ordner Verzeichnis unter C:\Programme [24.02.2009|15:36] C:\Programme\7-Zip [21.10.2009|20:07] C:\Programme\Adobe [18.10.2008|14:23] C:\Programme\Adobe CS3 [26.09.2009|11:08] C:\Programme\AGEIA Technologies [24.02.2009|16:40] C:\Programme\AMD [29.09.2008|16:41] C:\Programme\Apple Software Update [31.08.2009|02:14] C:\Programme\AskBarDis [04.11.2009|15:17] C:\Programme\Avira [14.09.2009|04:32] C:\Programme\AVS4YOU [11.11.2008|16:35] C:\Programme\Bin [19.12.2008|00:45] C:\Programme\Bonjour [07.12.2009|11:27] C:\Programme\CCleaner [29.11.2009|02:57] C:\Programme\Cheat Engine [26.05.2009|22:58] C:\Programme\CnCMining [31.12.2003|23:45] C:\Programme\ComPlus Applications [30.04.2009|15:35] C:\Programme\Creative [21.04.2009|14:20] C:\Programme\CureROM [24.02.2009|16:23] C:\Programme\DIFX [14.09.2009|22:25] C:\Programme\DivX [31.07.2009|11:15] C:\Programme\DreamCatcher [30.07.2009|17:33] C:\Programme\eclipse [11.11.2008|17:00] C:\Programme\Eiffel Software [25.11.2009|14:33] C:\Programme\FileZilla FTP Client [23.05.2009|14:50] C:\Programme\Futuremark [11.06.2009|01:33] C:\Programme\GameSpy Arcade [05.11.2009|20:31] C:\Programme\Gemeinsame Dateien [05.11.2008|21:23] C:\Programme\Hamachi [14.09.2009|09:12] C:\Programme\HddSpeedTest [01.01.2009|09:07] C:\Programme\HLSW [18.01.2009|14:42] C:\Programme\HooTech [04.03.2009|18:15] C:\Programme\ICQ6.5 [26.11.2009|00:47] C:\Programme\InstallShield Installation Information [30.04.2009|15:03] C:\Programme\Intel [15.10.2009|23:19] C:\Programme\Internet Explorer [10.09.2009|22:48] C:\Programme\iPhone-Konfigurationsprogramm [10.09.2009|22:47] C:\Programme\iPod [08.05.2009|17:45] C:\Programme\ISO Recorder [29.10.2009|23:46] C:\Programme\iTunes [26.11.2009|08:59] C:\Programme\Java [21.04.2009|13:49] C:\Programme\JavaFX [25.11.2009|14:41] C:\Programme\JRE [18.01.2009|14:51] C:\Programme\K-Lite Codec Pack [23.05.2009|13:15] C:\Programme\Lavalys [07.12.2009|11:33] C:\Programme\Malwarebytes' Anti-Malware [23.09.2008|21:00] C:\Programme\Messenger [31.12.2003|23:48] C:\Programme\microsoft frontpage [24.02.2008|17:29] C:\Programme\Microsoft Games for Windows - LIVE [27.10.2008|13:52] C:\Programme\Microsoft Office [11.11.2008|15:52] C:\Programme\Microsoft SDKs [10.09.2009|17:44] C:\Programme\Microsoft Silverlight [27.10.2008|13:52] C:\Programme\Microsoft Visual Studio [11.11.2008|16:36] C:\Programme\Microsoft Visual Studio 9.0 [23.09.2008|20:47] C:\Programme\Movie Maker [08.12.2009|13:32] C:\Programme\Mozilla Firefox [18.02.2009|15:53] C:\Programme\MSBuild [23.09.2008|20:47] C:\Programme\msn [31.12.2003|23:45] C:\Programme\MSN Gaming Zone [25.01.2009|20:19] C:\Programme\MSXML 4.0 [01.01.2009|09:10] C:\Programme\NeoTracePro [23.09.2008|20:46] C:\Programme\NetMeeting [02.10.2008|16:05] C:\Programme\NOS [31.12.2003|23:46] C:\Programme\Online-Dienste [13.08.2009|18:16] C:\Programme\OpenAL [25.11.2009|14:41] C:\Programme\OpenOffice.org 3 [03.03.2009|20:35] C:\Programme\Opera [12.08.2009|23:55] C:\Programme\Outlook Express [24.03.2009|13:12] C:\Programme\pdf24 [14.09.2009|04:36] C:\Programme\PeerGuardian2 [10.09.2009|22:46] C:\Programme\QuickTime [09.10.2009|10:34] C:\Programme\RAMDisk [20.11.2008|18:24] C:\Programme\Real Alternative [30.04.2009|15:28] C:\Programme\Realtek [11.11.2008|16:35] C:\Programme\Reference Assemblies [27.08.2009|22:41] C:\Programme\Safari [24.11.2008|14:15] C:\Programme\Skype [07.02.2009|12:39] C:\Programme\SlySoft [23.10.2008|21:54] C:\Programme\Smart PC Solutions [21.04.2009|13:49] C:\Programme\Sun [25.05.2009|15:16] C:\Programme\Teamspeak2_RC2 [04.08.2009|00:24] C:\Programme\Tracker Software [07.12.2009|11:08] C:\Programme\Trend Micro [28.11.2009|19:51] C:\Programme\TrueCrypt [17.11.2009|15:42] C:\Programme\TUGZip [31.12.2003|23:50] C:\Programme\Uninstall Information [14.09.2009|03:46] C:\Programme\Unity [03.10.2008|15:10] C:\Programme\VideoLAN [07.12.2009|00:50] C:\Programme\WebCraft [28.11.2009|17:06] C:\Programme\WinDjView [11.06.2009|07:16] C:\Programme\Windows Desktop Search [23.09.2008|21:21] C:\Programme\Windows Media Connect 2 [23.09.2008|21:21] C:\Programme\Windows Media Player [23.09.2008|20:46] C:\Programme\Windows NT [01.01.2004|00:32] C:\Programme\WindowsUpdate [09.11.2009|02:25] C:\Programme\WinRAR [29.09.2008|17:24] C:\Programme\WinSCP [01.03.2009|00:38] C:\Programme\Wolfram Research [31.12.2003|23:48] C:\Programme\xerox [0|Datei(en)] C:\Programme\Bytes [105|Verzeichnis(se),] C:\Programme\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Programme\Gemeinsame Dateien [21.10.2009|20:07] C:\Programme\Gemeinsame Dateien\Adobe [05.12.2008|16:12] C:\Programme\Gemeinsame Dateien\Adobe Systems Shared [29.10.2009|23:45] C:\Programme\Gemeinsame Dateien\Apple [14.09.2009|04:32] C:\Programme\Gemeinsame Dateien\AVSMedia [27.10.2008|13:52] C:\Programme\Gemeinsame Dateien\Designer [31.12.2003|23:46] C:\Programme\Gemeinsame Dateien\Dienste [19.06.2009|05:31] C:\Programme\Gemeinsame Dateien\DirectX [14.09.2009|22:25] C:\Programme\Gemeinsame Dateien\DivX Shared [30.04.2009|15:35] C:\Programme\Gemeinsame Dateien\InstallShield [01.10.2008|20:40] C:\Programme\Gemeinsame Dateien\Java [18.10.2008|14:24] C:\Programme\Gemeinsame Dateien\Macrovision Shared [24.03.2009|13:10] C:\Programme\Gemeinsame Dateien\Microsoft Shared [31.12.2003|23:45] C:\Programme\Gemeinsame Dateien\MSSoap [31.12.2003|23:38] C:\Programme\Gemeinsame Dateien\ODBC [15.06.2009|15:22] C:\Programme\Gemeinsame Dateien\Real [27.09.2008|14:13] C:\Programme\Gemeinsame Dateien\Skype [31.12.2003|23:38] C:\Programme\Gemeinsame Dateien\SpeechEngines [27.10.2008|13:52] C:\Programme\Gemeinsame Dateien\System [29.10.2009|18:02] C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [15.06.2009|15:22] C:\Programme\Gemeinsame Dateien\xing shared [0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes [22|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei --------------------\\ Process ( 30 Processes ) ... OK ! --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern C:\WINDOWS\Temp\nsd1F.tmp C:\WINDOWS\Temp\nsi1B.tmp C:\WINDOWS\Temp\nsw13.tmp C:\WINDOWS\Temp\nsx17.tmp C:\WINDOWS\Temp\Standard00.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_MIRROR C:\WINDOWS\Temp\Standard00.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_MIRROR C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_MIRROR C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_MIRRORMASK C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_MIRROR_MIRRORMASK C:\WINDOWS\Temp\Standard13.fxV2_Q30_MESH_STANDARD_SPECULAR_MIRROR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_PARALLAX C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_PARALLAX_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ALPHAFADE C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_MIRROR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_RIMLIGHTING C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ALPHAFADE C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_ALPHAFADE C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_MIRROR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_MIRRORMASK C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_MIRROR_MIRRORMASK C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_RIMLIGHTING C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_MIRROR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BLEND_ALPHAFADE C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BLEND_SCROLL C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_PARALLAX_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_RIMLIGHTING C:\WINDOWS\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_PARALLAX C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BlendEnabled_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ALPHAFADE_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_BUMPDETAIL_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_PARALLAX_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ALPHAFADE C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_MIRROR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_RIMLIGHTING C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_BUMP_SPECULAR_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BlendEnabled_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ALPHAFADE C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_ALPHAFADE C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_MIRROR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_MIRRORMASK C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_MIRROR_MIRRORMASK C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_RIMLIGHTING C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_MIRROR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION_ILLUMINATION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BLEND_ALPHAFADE C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BLEND_SCROLL C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_PARALLAX_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BlendEnabled_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_REFLECTION_REFRACTION2D C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_RIMLIGHTING C:\WINDOWS\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_SPECULAR C:\WINDOWS\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD C:\WINDOWS\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD_BLEND C:\WINDOWS\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD_BlendEnabled C:\WINDOWS\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND C:\WINDOWS\Temp\StaticShadowTextureAdditive.fxV2_Q30_MESH_STANDARD_BLEND C:\WINDOWS\Temp\StaticShadowTextureAdditive.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND C:\WINDOWS\Temp\StaticShadowTextureShadow.fxV2_Q30_MESH_STANDARD_BLEND C:\WINDOWS\Temp\StaticShadowTextureShadow.fxV2_Q30_MESH_STANDARD_BlendEnabled_BLEND --------------------\\ Suche innerhalb der Registry ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-08 13:46:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Suche nach anderen Infektionen Kein anderen Infektionen gefunden ! [F:748][D:56]-> C:\WINDOWS\Temp [F:3][D:0]-> C:\DOKUME~1\***\Cookies [F:6][D:4]-> C:\DOKUME~1\***\LOKALE~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 08.12.2009|13:47 - Option : [1] --------------------\\ Scan beendet um 13:47:47 Grüsse bk0 |
08.12.2009, 14:46 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Explorer.exe mit Autostarts verseucht Ok. Bitte nun einen Durchlauf mit Combofix machen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.12.2009, 17:34 | #5 |
| Explorer.exe mit Autostarts verseucht CC ausgeführt, dann cofi.exe ausgeführt, das war der Log: Code:
ATTFilter ComboFix 09-12-07.09 - *** 08.12.2009 17:15.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3327.2932 [GMT 1:00] ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\***\Anwendungsdaten\.# c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@C10@3C41B0.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@C10@3C41E0.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@C10@3C4210.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@DB4@3C41B0.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@DB4@3C41E0.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@DB4@3C4210.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@F58@3C41B0.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@F58@3C41E0.### c:\dokumente und einstellungen\***\Anwendungsdaten\.#\MBX@F58@3C4210.### c:\dokumente und einstellungen\***\Anwendungsdaten\logs.dat c:\programme\INSTALL.LOG . ((((((((((((((((((((((( Dateien erstellt von 2009-11-08 bis 2009-12-08 )))))))))))))))))))))))))))))) . 2009-12-08 12:45 . 2009-12-08 12:57 -------- d-----w- C:\Lop SD 2009-12-07 21:23 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll 2009-12-07 10:41 . 2009-12-07 10:41 -------- d-----w- C:\rsit 2009-12-07 10:33 . 2009-12-07 10:33 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes 2009-12-07 10:33 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-07 10:33 . 2009-12-07 10:33 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2009-12-07 10:33 . 2009-12-07 10:33 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-12-07 10:33 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-07 10:27 . 2009-12-07 10:27 -------- d-----w- c:\programme\CCleaner 2009-12-07 10:17 . 2009-12-07 10:17 -------- d-----w- C:\Programfiler 2009-12-07 10:08 . 2009-12-07 10:08 -------- d-----w- c:\programme\Trend Micro 2009-12-04 15:03 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys 2009-12-04 15:03 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2009-12-03 23:35 . 2009-12-03 23:35 33360 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\SQLite3.dll 2009-11-28 18:52 . 2009-11-28 18:54 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\TrueCrypt 2009-11-28 18:51 . 2009-11-28 18:51 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TrueCrypt 2009-11-28 18:51 . 2009-11-28 18:51 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys 2009-11-28 18:51 . 2009-11-28 18:51 -------- d-----w- c:\programme\TrueCrypt 2009-11-28 16:06 . 2009-11-28 16:06 -------- d-----w- c:\programme\WinDjView 2009-11-26 07:58 . 2009-11-26 07:58 152576 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-26 07:58 . 2009-11-26 07:58 79488 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-25 13:41 . 2009-11-25 13:41 -------- d-----w- c:\programme\JRE 2009-11-25 13:34 . 2009-11-26 13:23 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\FileZilla 2009-11-25 13:33 . 2009-11-25 13:33 -------- d-----w- c:\programme\FileZilla FTP Client 2009-11-17 14:42 . 2007-03-12 22:34 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2009-11-17 14:42 . 2007-03-12 22:34 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2009-11-17 14:42 . 2007-03-12 22:34 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2009-11-17 14:42 . 2009-11-17 14:42 -------- d-----w- c:\programme\TUGZip 2009-11-10 16:23 . 2009-11-10 16:23 -------- d-----w- C:\users . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-08 15:31 . 2008-09-27 13:13 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Skype 2009-12-08 15:27 . 2008-09-29 17:01 -------- d-----w- c:\programme\WebCraft 2009-12-08 15:01 . 2008-09-27 13:14 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\skypePM 2009-12-07 23:32 . 2009-11-04 14:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-07 19:31 . 2008-09-23 19:27 39288 ----a-w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-12-02 01:31 . 2009-02-07 11:19 -------- d-----w- c:\programme\Steam 2009-12-01 00:32 . 2009-08-03 23:14 1 ----a-w- c:\dokumente und einstellungen\***\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-11-29 01:57 . 2008-09-29 16:34 -------- d-----w- c:\programme\Cheat Engine 2009-11-28 03:23 . 2009-11-05 19:31 -------- d-----w- c:\programme\Gemeinsame Dateien\BioWare 2009-11-26 07:59 . 2008-10-01 19:40 -------- d-----w- c:\programme\Java 2009-11-25 23:47 . 2003-12-31 23:18 -------- d--h--w- c:\programme\InstallShield Installation Information 2009-11-25 17:35 . 2009-07-11 07:01 193048 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2009-11-25 13:41 . 2009-08-03 23:13 -------- d-----w- c:\programme\OpenOffice.org 3 2009-11-04 14:17 . 2009-01-21 23:10 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\NuSphere 2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----w- c:\programme\Avira 2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira 2009-10-29 22:46 . 2008-09-29 15:42 -------- d-----w- c:\programme\iTunes 2009-10-29 22:45 . 2008-09-29 15:41 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2009-10-29 22:40 . 2009-10-29 22:40 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 17:02 . 2008-10-10 14:12 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2009-10-25 12:47 . 2001-08-23 12:00 89914 ----a-w- c:\windows\system32\perfc007.dat 2009-10-25 12:47 . 2001-08-23 12:00 473624 ----a-w- c:\windows\system32\perfh007.dat 2009-10-21 19:07 . 2008-10-01 22:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe 2009-10-11 03:17 . 2009-04-21 12:48 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 19:07 . 2009-07-20 16:31 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\dvdcss 2009-09-24 21:43 . 2009-09-24 21:43 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-09-11 14:17 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 21:40 . 2009-09-10 21:40 79144 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe 2003-12-18 10:33 . 2009-10-26 19:30 20102 ----a-w- c:\programme\Readme.txt 2003-09-03 06:46 . 2009-10-26 19:30 10960 ----a-w- c:\programme\EULA.txt 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\opera\program\plugins\ssldivx.dll 1999-04-23 22:22 . 1999-04-23 22:22 12 -csha-w- c:\windows\system\WININETICMP32.drv . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640] "TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-06-15 198160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Adobe Gamma.lnk] path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OpenOffice.org 3.1.lnk] path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 10:08 935288 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 02:08 35696 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 13:51 177440 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2009-03-02 12:08 209153 ----a-w- c:\programme\Avira\AntiVir Desktop\avgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2003-03-19 23:21 1855488 ------w- c:\windows\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2005-05-19 13:47 57344 -c--a-w- c:\programme\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 02:22 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] 2007-04-09 10:32 19456 -c--a-w- c:\windows\system32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] 2007-04-09 10:32 19968 -c--a-w- c:\windows\system32\Ctxfihlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-10-28 19:21 141600 ----a-w- c:\programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-02-09 12:18 13680640 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-02-09 12:18 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-02-09 12:18 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2008-01-31 07:17 134144 -c--a-w- c:\programme\pdf24\PDFBackend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 23:54 417792 ----a-w- c:\programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\programme\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-06-15 14:22 198160 ----a-w- c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "iPod Service"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) "MDM"=2 (0x2) "Imapi Helper"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "ASKUpgrade"=2 (0x2) "ASKService"=2 (0x2) "DAUpdaterSvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\WinSCP\\WinSCP.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Wolfram Research\\Mathematica\\6.0\\Mathematica.exe"= "c:\\Programme\\Wolfram Research\\Mathematica\\6.0\\MathKernel.exe"= "c:\\Programme\\Wolfram Research\\Mathematica\\6.0\\math.exe"= "c:\\Programme\\ICQ6.5\\ICQ.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\Java\\jre6\\bin\\java.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.11.2009 15:17 108289] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.10.2008 15:09 717296] S3 cpuz132;cpuz132;\??\c:\dokume~1\***\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys --> c:\dokume~1\***\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys [?] S3 RAMDiskXP;RAMDiskXP;c:\windows\system32\Drivers\RAMDiskXP.sys --> c:\windows\system32\Drivers\RAMDiskXP.sys [?] S4 ASKService;ASKService;c:\programme\AskBarDis\bar\bin\AskService.exe [31.08.2009 02:14 464264] S4 ASKUpgrade;ASKUpgrade;c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe [31.08.2009 02:14 234888] S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\dragon age\bin_ship\daupdatersvc.service.exe [28.11.2009 04:18 25832] . ------- Zusätzlicher Suchlauf ------- . FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\coj2cs1o.default\ FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll FF - plugin: c:\programme\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) MSConfigStartUp-GMX_GMX MultiMessenger - c:\programme\GMX\GMX MultiMessenger\MESSENGR.EXE MSConfigStartUp-HKCU - c:\programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe MSConfigStartUp-HKLM - c:\programfiler\Common Files\sytem\install\system\Microsoft_kbh4j3k63.exe MSConfigStartUp-ICQ - c:\progra~1\ICQ6\ICQ.exe MSConfigStartUp-PeerGuardian - c:\programme\PeerGuardian2\pg2.exe AddRemove-SDKSetup_6.0.6001.18000 - c:\programme\Microsoft SDKs\Windows\v6.1\Setup\SDKSetup.exe -x -source:c:\programme\Microsoft SDKs\Windows\v6.1\Setup\1033\;c:\dokumente und einstellungen\***\Lokale Einstellungen\Temp\SDKSetup\WinSDK\;http://download.microsoft.com/download/2/3/F/23F86204-39EE-4CD7-9A51-DB19C9A8F8C4 ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-08 17:24 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1844237615-1592454029-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:7d,aa,b4,bd,4b,9c,12,b2,f2,d3,be,91,e4,71,31,b1,bb,c2,49,eb,c9,93,16, 7f,e8,48,5b,fe,8e,2f,35,b4,c1,e2,5a,35,23,ec,29,1c,b3,67,7b,07,52,ee,81,e1,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_USERS\S-1-5-21-1844237615-1592454029-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:54,82,59,9b,b2,8b,4e,bb,ed,e9,23,9b,d2,b7,76,3d,ee,02,1e,7f,ef, ba,d5,37,e4,16,e8,7e,83,cd,5d,a4,f3,8a,10,85,22,e5,e2,2c,93,19,7e,7c,01,5d,\ "rkeysecu"=hex:5f,1b,58,40,de,75,08,38,1a,92,84,8e,fb,86,1f,98 . Zeit der Fertigstellung: 2009-12-08 17:25 ComboFix-quarantined-files.txt 2009-12-08 16:25 Vor Suchlauf: 14 Verzeichnis(se), 72.715.431.936 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 77.910.286.336 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer - - End Of File - - 7A30470230E25B6DC62BC3CCC1AA21F6 Und noch was: Woher habt ihr eugentlich eure ganze Info? Ich darf ohne mich zu schämen sagen, ich studiere Informatik an der ETH zürich, bin also nicht gerade ein Anfänger, aber das konzentrierte Wissen bei manchen eurer Threads überrascht mich sehr - gibt es da eine Möglichkeit, sich das auch anzueignen/dann anderen damit ebenfalls zu helfen? Wäre wirklich ne tolle Sache Grüsse bk0 |
09.12.2009, 10:57 | #6 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Explorer.exe mit Autostarts verseucht Das Logfile sieht für mich unauffällig aus. Wie ist es nun um den PC bestellt? Zitat:
Zitat:
Wir haben hier sehr spezielles Fachwissen, an der Uni lernt man sowas weniger, mehr wenn Du Dich privat da an das Thema hängst. Wenn Du wirklich daran interessiert bist Dir das selbst anzueignen, kannst Du uns Helfern ja mal über die Schulter schauen. Diverse andere Boards bieten auch Ausbildungen an, wo Du quasi strukturiert von Anfang lernen kannst. Ich bin dafür aber eher der ungeeignetere Ansprechpartner.
__________________ --> Explorer.exe mit Autostarts verseucht |
09.12.2009, 12:14 | #7 |
| Explorer.exe mit Autostarts verseucht Also um meinen PC ist es schon seit dem 1. Post bereits bestens bestellt, weder irgendwie auftauchenden Fenster noch komische Prozesse noch sonst irgendwelche nicht-fixbaren Einträge in HJT. Würde mal sagen Problem gelöst Und dann werd ich mal im Forum mitlesen, dürfte ja interessant werden^^ Grüsse bk0 |
Themen zu Explorer.exe mit Autostarts verseucht |
1.exe, antivir, antivir guard, ask toolbar, autostart, avgnt, avgnt.exe, avgntflt.sys, avira, bho, bonjour, central, components, desktop, device driver, document, drvstore, excel, explorer, firefox, flash player, fontcache, generic.bot.h, helper.exe, hijack, hijackthis, hkus\s-1-5-18, home, install.exe, installation, jusched.exe, logfile, malwarebytes' anti-malware, mozilla, msiexec, msiexec.exe, nicht fixbar, object, plug-in, problem, realtek, registrierungsschlüssel, registry, rundll, server, skype.exe, software, start von windows, starten, system, tracker, verseucht, windows internet, windows internet explorer, windows xp, wsearch |