|
Log-Analyse und Auswertung: TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.02.2010, 14:03 | #1 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Hallo, Avira findet In der Datei 'C:\Users\Timo\AppData\Local\Temp\setupv.exe' wurde ein Virus oder unerwünschtes Programm 'TR/VB.Downloader.Gen'. Der Trojaner öffnet Popupfenster und ändert die Startseite meines Browsers immer, mehr fiel mir noch nicht auf. Hijackthis-Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:16, on 06.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\pdf24\PDFBackend.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\System32\CTHELPER.EXE C:\Windows\System32\CTXFIHLP.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Windows\system32\taskeng.exe C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\conime.exe C:\Users\Timo\AppData\Local\Temp\setupv.exe C:\Windows\system32\cmd.exe C:\Users\Timo\AppData\Local\Temp\ldm1.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.iamwired.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: gwprimawega - {39f58b2d-5fcb-f616-b551-d5f498a85dc0} - C:\Windows\system32\R7n-4YXE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "D:\Empire\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: updater.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\httpd.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\filezillaftp\filezillaserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 11390 bytes Vielen Dank im Vorraus. |
06.02.2010, 19:45 | #2 | |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exeZitat:
> bitte lade diese Dateien bei Virus Total hoch und lasse sie checken. Poste dann die logs hier in den Thread. http://www.virustotal.com/de/ C:\Users\Timo\AppData\Local\Temp\setupv.exe C:\Users\Timo\AppData\Local\Temp\ldm1.exe C:\Windows\system32\R7n-4YXE.dll verschiebe diese Dateien nach der Auswertung in die Quarantäne von Avira! > lade die A-squared free hier runter: a-squared Free - Kostenlose Anti-Viren, Anti-Trojaner, Anti-Spyware, Anti-Dialer und Anti-Wurm Software - gratis! und mache einen "Smart Scann" Poste das Log. lg. Geändert von MalwareHero (06.02.2010 um 19:52 Uhr) |
07.02.2010, 13:05 | #3 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Hallo,
__________________C:\Users\Timo\AppData\Local\Temp\setupv.exe Ergebnis: 5/40 (12,5%) Log: http://www.virustotal.com/de/analisis/5eeeab63dfe92a29b43f982a6b848db5416601789939c542a3405e262d146115-1265484351 C:\Users\Timo\AppData\Local\Temp\ldm1.exe Ergebnis: 2/40 (5%) http://www.virustotal.com/de/analisis/66317620600a01c464735c6008b6ef563276450d594e08baed2af625bfa87691-1265535464 C:\Windows\system32\R7n-4YXE.dll Ergebnis: 2/40 (5%) http://www.virustotal.com/de/analisis/26ff91e42a876ef4cbc183989e6a406ca3997f31566e115e4f492fa7ddb693bb-1265535583 Habe nun alle 3 in die Quarantäne verschoben. A-Squared Log: a-squared Free - Version 4.5 Letztes Update: 07.02.2010 10:56:03 Scan Einstellungen: Scan Methode: Smart Scan Objekte: Speicher, Traces, Cookies, C:\Windows\, C:\Program Files Archiv Scan: An Heuristik: Aus ADS Scan: An Scan Beginn: 07.02.2010 10:57:14 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> DisplayName gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> ErrorControl gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> ImagePath gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> ObjectName gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> Start gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileZilla Server --> Type gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> DisplayName gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> ErrorControl gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> ImagePath gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> ObjectName gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> Start gefunden: Trace.Registry.Work Examiner Standard!A2 Value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileZilla Server --> Type gefunden: Trace.Registry.Work Examiner Standard!A2 Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems gefunden: Trace.Registry.Trymedia!A2 Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software gefunden: Trace.Registry.Trymedia!A2 c:\program files\advantage\{a89aed22-9133-424c-88e7-c8235c5ff302}\ gefunden: Trace.Directory.AdVantage!A2 c:\program files\advantage\{a89aed22-9133-424c-88e7-c8235c5ff302}\components\ gefunden: Trace.Directory.AdVantage!A2 c:\program files\advantage\{a89aed22-9133-424c-88e7-c8235c5ff302}\components\memedia_ff.dll gefunden: Trace.File.AdVantage!A2 c:\windows\system32\h@tkeysh@@k.dll gefunden: Trace.File.H@tKeysH@@k!A2 c:\windows\system32\armaccess.dll gefunden: Trace.File.NGC ActiveSpy XP!A2 Value: HKEY_USERS\S-1-5-21-1736430328-2876659159-3367440274-1000\Software\Elcom\Advanced RAR Password Recovery --> Installer Language gefunden: Trace.Registry.Advanced RAR Password Recovery!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> InstallDir gefunden: Trace.Registry.Advanced RAR Password Recovery!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> Stat param #1 gefunden: Trace.Registry.Advanced RAR Password Recovery!A2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> Stat param #2 gefunden: Trace.Registry.Advanced RAR Password Recovery!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@2o7[1].txt gefunden: Trace.TrackingCookie.2o7!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adtech[1].txt gefunden: Trace.TrackingCookie.adtech!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adtech[2].txt gefunden: Trace.TrackingCookie.adtech!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adtech[3].txt gefunden: Trace.TrackingCookie.adtech!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@advertising[1].txt gefunden: Trace.TrackingCookie.advertising!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@advertising[3].txt gefunden: Trace.TrackingCookie.advertising!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@adviva[1].txt gefunden: Trace.TrackingCookie.adviva!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bluestreak[1].txt gefunden: Trace.TrackingCookie.bluestreak!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bluestreak[2].txt gefunden: Trace.TrackingCookie.bluestreak!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bs.serving-sys[1].txt gefunden: Trace.TrackingCookie.bs.serving-sys!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@bs.serving-sys[2].txt gefunden: Trace.TrackingCookie.bs.serving-sys!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@burstnet[1].txt gefunden: Trace.TrackingCookie.burstnet!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@com[1].txt gefunden: Trace.TrackingCookie.com!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@doubleclick[1].txt gefunden: Trace.TrackingCookie.doubleclick!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@doubleclick[2].txt gefunden: Trace.TrackingCookie.doubleclick!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@fastclick[1].txt gefunden: Trace.TrackingCookie.fastclick!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@hitbox[2].txt gefunden: Trace.TrackingCookie.hitbox!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@mediaplex[1].txt gefunden: Trace.TrackingCookie.mediaplex!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@mediaplex[3].txt gefunden: Trace.TrackingCookie.mediaplex!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@pointroll[1].txt gefunden: Trace.TrackingCookie.pointroll!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@questionmarket[1].txt gefunden: Trace.TrackingCookie.questionmarket!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[1].txt gefunden: Trace.TrackingCookie.serving-sys!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[3].txt gefunden: Trace.TrackingCookie.serving-sys!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[4].txt gefunden: Trace.TrackingCookie.serving-sys!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[5].txt gefunden: Trace.TrackingCookie.serving-sys!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@serving-sys[6].txt gefunden: Trace.TrackingCookie.serving-sys!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@smartadserver[2].txt gefunden: Trace.TrackingCookie.smartadserver!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@smartadserver[3].txt gefunden: Trace.TrackingCookie.smartadserver!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@specificclick[1].txt gefunden: Trace.TrackingCookie.specificclick!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@statse.webtrendslive[2].txt gefunden: Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@tradedoubler[1].txt gefunden: Trace.TrackingCookie.tradedoubler!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@tradedoubler[2].txt gefunden: Trace.TrackingCookie.tradedoubler!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[1].txt gefunden: Trace.TrackingCookie.weborama!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[3].txt gefunden: Trace.TrackingCookie.weborama!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[4].txt gefunden: Trace.TrackingCookie.weborama!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[5].txt gefunden: Trace.TrackingCookie.weborama!A2 C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Cookies\timo@weborama[6].txt gefunden: Trace.TrackingCookie.weborama!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236952956638548 gefunden: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236953830308848 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236953830308849 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236953830308850 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236956000663248 gefunden: Trace.TrackingCookie.ad.zanox.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1236956000663250 gefunden: Trace.TrackingCookie.ad.zanox.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237030604653268 gefunden: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237053452845656 gefunden: Trace.TrackingCookie.ad.zanox.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237138143075858 gefunden: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237160364933358 gefunden: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237160364935358 gefunden: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237160364935359 gefunden: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237162649248359 gefunden: Trace.TrackingCookie.ads.heias.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237207546906250 gefunden: Trace.TrackingCookie.www.zanox-affiliate.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237504043979073 gefunden: Trace.TrackingCookie.www.zanox-affiliate.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1237504043980074 gefunden: Trace.TrackingCookie.www.zanox-affiliate.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511755 gefunden: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511756 gefunden: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511757 gefunden: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1238841092511758 gefunden: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1239697541520055 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1242040101718340 gefunden: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1242815723433562 gefunden: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1243441391003258 gefunden: Trace.TrackingCookie.server.cpmstar.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1247013285294568 gefunden: Trace.TrackingCookie.tribalfusion.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1248213358197000 gefunden: Trace.TrackingCookie.ads.heias.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1248278546888000 gefunden: Trace.TrackingCookie.ads.heias.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1249833829601000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1249908705591003 gefunden: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1249908705592002 gefunden: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1250512764443001 gefunden: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1250637700642000 gefunden: Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1250690529964001 gefunden: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1251297724800002 gefunden: Trace.TrackingCookie.eas.apm.emediate.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1251840717855002 gefunden: Trace.TrackingCookie.ads.heias.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1253141166153002 gefunden: Trace.TrackingCookie.ads.heias.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1253871496383000 gefunden: Trace.TrackingCookie.rotator.adjuggler.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1253871496383001 gefunden: Trace.TrackingCookie.rotator.adjuggler.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1254566474624000 gefunden: Trace.TrackingCookie.ad.adition.net!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1254566474624001 gefunden: Trace.TrackingCookie.ad.adition.net!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1257793356662000 gefunden: Trace.TrackingCookie.zedo.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1257793356662001 gefunden: Trace.TrackingCookie.zedo.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1257873518945000 gefunden: Trace.TrackingCookie.ad.adition.net!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1258727628995000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1259155513411000 gefunden: Trace.TrackingCookie.www.burstnet.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1259527973890000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260445818481001 gefunden: Trace.TrackingCookie.ads.heias.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260459097492000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260734224021001 gefunden: Trace.TrackingCookie.myspace.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260734225628000 gefunden: Trace.TrackingCookie.myspace.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1260734225628003 gefunden: Trace.TrackingCookie.myspace.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1261050238663001 gefunden: Trace.TrackingCookie.ads.heias.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1261418872735000 gefunden: Trace.TrackingCookie.adserv!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1262277711869000 gefunden: Trace.TrackingCookie.zedo.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1262779195186001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263297242324000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263316435666003 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263330446292000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263400838033000 gefunden: Trace.TrackingCookie.www.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263465239073000 gefunden: Trace.TrackingCookie.myspace.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263470133266001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263473823403000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263474163694001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263478329361000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263507887345001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263543005089001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263650156899001 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263825002613000 gefunden: Trace.TrackingCookie.ads.telegraph.co.uk!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263825003455000 gefunden: Trace.TrackingCookie.webtrends!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263902675817000 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1263995414337000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264003872477000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264005598074001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264005598232001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264021608150001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264021611452001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264067257579000 gefunden: Trace.TrackingCookie.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264069964500001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264073522122001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264076708158000 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264097942373000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264245907106001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264246161515001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264246161655001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264246302086001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264272075247000 gefunden: Trace.TrackingCookie.about.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264272076499000 gefunden: Trace.TrackingCookie.about.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264272076507000 gefunden: Trace.TrackingCookie.about.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264276231382001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264276231585001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264368945262000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264456251289001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264495796900000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264498678845000 gefunden: Trace.TrackingCookie.ad.ent.tbn.ru!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264502125046001 gefunden: Trace.TrackingCookie.www.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264502125046002 gefunden: Trace.TrackingCookie.www.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264502953611001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264504804976000 gefunden: Trace.TrackingCookie.zbox.zanox.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264504828977000 gefunden: Trace.TrackingCookie.clix.superclix.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264596857220002 gefunden: Trace.TrackingCookie.searchportal.information.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264596948478001 gefunden: Trace.TrackingCookie.adserv!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264678893046002 gefunden: Trace.TrackingCookie.adserv!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264679633391000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691124362000 gefunden: Trace.TrackingCookie.www.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691131025001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691131465001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691854818000 gefunden: Trace.TrackingCookie.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264691877463000 gefunden: Trace.TrackingCookie.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264756792957000 gefunden: Trace.TrackingCookie.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264766259900000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264767752521000 gefunden: Trace.TrackingCookie.www.buy!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264767753722000 gefunden: Trace.TrackingCookie.zedo.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264800959803002 gefunden: Trace.TrackingCookie.click.cashengines.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264841923355003 gefunden: Trace.TrackingCookie.ign.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870831699000 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870831871001 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870832713000 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870833665000 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870833665001 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870833665002 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870834380000 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264870850790000 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264948569696000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264948572023000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264962234372000 gefunden: Trace.TrackingCookie.lycos.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264962236554000 gefunden: Trace.TrackingCookie.ads.lycos.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1264970932923000 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265016367301000 gefunden: Trace.TrackingCookie.zedo.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265026230768000 gefunden: Trace.TrackingCookie.server.iad.livepers!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265041369866000 gefunden: Trace.TrackingCookie.adserv!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265042455029000 gefunden: Trace.TrackingCookie.de.sitestat.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265056431572000 gefunden: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265056567543002 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265062030041001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265112544510000 gefunden: Trace.TrackingCookie.ad.chip.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265112568677001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265114755544000 gefunden: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265114755544001 gefunden: Trace.TrackingCookie.stat.onestat!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117293427000 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117301782000 gefunden: Trace.TrackingCookie.de.sitestat.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117304214000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265117304214001 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265120765423000 gefunden: Trace.TrackingCookie.www.etracker.de!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265183823778002 gefunden: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265191240373001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265201037365000 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265201048617000 gefunden: Trace.TrackingCookie.go.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265213388641001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265213388705001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265215741283003 gefunden: Trace.TrackingCookie.adbrite.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265272496937001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265290054392000 gefunden: Trace.TrackingCookie.ads.crakmedia.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460000 gefunden: Trace.TrackingCookie.web.checkm8.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460002 gefunden: Trace.TrackingCookie.web.checkm8.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460003 gefunden: Trace.TrackingCookie.web.checkm8.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460004 gefunden: Trace.TrackingCookie.web.checkm8.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265316437460005 gefunden: Trace.TrackingCookie.web.checkm8.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265317895202000 gefunden: Trace.TrackingCookie.optimize.indieclick.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265370654634000 gefunden: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459387677000 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459387677001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459388457000 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459388457001 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265459589426000 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\cookies.sqlite:1265460393397000 gefunden: Trace.TrackingCookie.adsfac.eu!A2 C:\Windows\System32\H@tKeysH@@k.DLL gefunden: Trojan.Win32.HotKeysHook!A2 C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll gefunden: Adware.Win32.AdVantage!A2 C:\Program Files\Celemony\Melodyne.3.0\Resources\studio3.dll gefunden: Virus.Win32.Trojan!IK Gescannt Dateien: 186987 Traces: 562808 Cookies: 3236 Prozesse: 68 Gefunden Dateien: 3 Traces: 23 Cookies: 211 Prozesse: 0 Registry Keys: 0 Scan Ende: 07.02.2010 12:46:08 Scan Zeit: 1:48:54 |
07.02.2010, 17:24 | #4 | ||
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Es handelt sich bei zwei der Dateien um Malware. Lösche diese Dateien in der Avira Quarantäne. Diese Datei belasse in der Quarantäne:C:\Windows\system32\R7n-4YXE.dll Schicke sie an Avira ein, zur Überprüfung. Zitat:
Zitat:
Bitte deinstallieren. > Systemwiederherstellung deaktivieren: http://www.windowspower.de/Systemwie...Vista_967.html > Wechselmedien (USB Sticks etc. immer mitscannen) > Scan deinen PC online mit F-secure: F-Secure Security Lab - Online-Scanner (mit Internet Explorer) Fünde löschen. Poste das Log. > Alle Passwörter sobald wie möglich von einem zweitem, sauberen PC aus ändern! Hast du Online Banking auf diesem System durchgeführt informiere deine Bank, dass Malware auf deinem System gefunden wurde. > Lade dir http://www2.gmer.net/catchme.htm runter und führe es aus: How to scan # Download catchme.exe ( 137KB ) to your desktop. # Auf dein Desktop downloaden. Double click the catchme.exe to run it # Doppel Klick auf catchme.exe Click the "Scan" button to start scan # Klick auf den Scan Knopf Open catchme.log to see results Öffne das catchme.log und poste es hier. Geändert von MalwareHero (07.02.2010 um 17:38 Uhr) |
10.02.2010, 16:12 | #5 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Hallo, Haben die Dateien gelöscht, eben so die von F-Secure. Waren 15 Malware Cookies, Einen Log finde ich nicht hierzu. catchme log: catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-10 15:55:47 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:9c7d76a2 "s2"=dword:dac7382d "h0"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:62,14,04,f9,1d,ee,f4,a3,5e,5c,6c,dd,29,34,47,d0,8f,d8,bb,b2,ca,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000002 "hdf12"=hex:17,ab,aa,b5,f0,41,21,d2,49,59,4c,c5,1f,06,63,16,40,15,30,70,72,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,79,02,b4,17,50,d2,89,fc,d1,b7,03,39,07,7f,19,db,4f,.. "hdf12"=hex:ce,ae,53,8a,56,59,19,a7,58,f9,62,78,3f,41,9d,5a,f7,32,6e,79,83,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:8f,98,d2,74,97,bf,43,d4,76,f9,43,27,b8,92,3d,eb,be,e2,bf,6b,dd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:b5,82,7b,34,5d,d8,fc,99,37,d0,e0,08,7c,05,ac,1b,1c,72,06,bd,a8,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2] "hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3] "hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:36,99,55,a8,05,76,dd,fd,c0,e0,e9,3c,7d,4d,a0,6e,15,56,72,5b,cf,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:c3,db,9b,96,51,3f,cb,c5,ba,69,93,df,06,d6,d6,54,de,ee,b0,0f,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:93,36,3c,c1,ee,7c,8e,de,1d,25,d9,51,60,8d,2c,ae,1c,b1,5c,5a,de,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:d0,fc,11,12,3c,b9,75,a4,8f,50,9a,9f,10,49,c1,7a,1b,35,d5,55,c1,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:c0,d5,45,d0,a6,df,3e,f8,d5,b5,59,c5,ca,52,fc,cf,24,38,e6,13,71,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:c2,08,f9,55,a4,c4,4d,eb,5e,18,3b,77,25,4c,b7,95,48,5c,54,71,b0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:62,14,04,f9,1d,ee,f4,a3,5e,5c,6c,dd,29,34,47,d0,8f,d8,bb,b2,ca,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000002 "hdf12"=hex:17,ab,aa,b5,f0,41,21,d2,49,59,4c,c5,1f,06,63,16,40,15,30,70,72,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001] "a0"=hex:20,01,00,00,79,02,b4,17,50,d2,89,fc,d1,b7,03,39,07,7f,19,db,4f,.. "hdf12"=hex:ce,ae,53,8a,56,59,19,a7,58,f9,62,78,3f,41,9d,5a,f7,32,6e,79,83,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0] "hdf12"=hex:8f,98,d2,74,97,bf,43,d4,76,f9,43,27,b8,92,3d,eb,be,e2,bf,6b,dd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1] "hdf12"=hex:b5,82,7b,34,5d,d8,fc,99,37,d0,e0,08,7c,05,ac,1b,1c,72,06,bd,a8,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2] "hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3] "hdf12"=hex:49,65,14,64,d0,57,f7,75,9c,67,85,fa,5e,ab,92,02,bc,74,c7,73,ce,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000001 "khjeh"=hex:36,99,55,a8,05,76,dd,fd,c0,e0,e9,3c,7d,4d,a0,6e,15,56,72,5b,cf,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:c3,db,9b,96,51,3f,cb,c5,ba,69,93,df,06,d6,d6,54,de,ee,b0,0f,5b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:93,36,3c,c1,ee,7c,8e,de,1d,25,d9,51,60,8d,2c,ae,1c,b1,5c,5a,de,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:d0,fc,11,12,3c,b9,75,a4,8f,50,9a,9f,10,49,c1,7a,1b,35,d5,55,c1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42] "khjeh"=hex:c0,d5,45,d0,a6,df,3e,f8,d5,b5,59,c5,ca,52,fc,cf,24,38,e6,13,71,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43] "khjeh"=hex:c2,08,f9,55,a4,c4,4d,eb,5e,18,3b,77,25,4c,b7,95,48,5c,54,71,b0,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts] "r0\x008d00 ?(?T?r?u?e?T?y?p?e?)?"="hiromi.TTF" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 |
10.02.2010, 16:57 | #6 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe |
10.02.2010, 18:03 | #7 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Habe die 4 Funde vom Malwarebytes Log gelöscht. Bei Neustart vom Computer existiert aber immer wieder die setupv.exe im Temp Ordner und wird von meinem Avira gemeldet. Malwarebytes Log: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3720 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 10.02.2010 18:03:00 mbam-log-2010-02-10 (18-02-56).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 112674 Laufzeit: 5 minute(s), 53 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f58b2d-5fcb-f616-b551-d5f498a85dc0} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{39f58b2d-5fcb-f616-b551-d5f498a85dc0} (Adware.BHO) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www3.iamwired.net/) Good: (http://www.Google.com) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von TKM (10.02.2010 um 18:10 Uhr) |
10.02.2010, 18:16 | #8 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Bitte Combofix ausführen: Vor Anwendung der Combofix sollte man die temporären Dateien löschen schliesse alle Programme und Anwendungen mit Hintergrundwächtern inklusive der Firewall + Antivirusprogramme müssen deaktiviert sein. Lade Combofix.exe auf das Windows-Desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe * Bitte nicht die Maus während Combofix läuft bewegen oder etwas anklicken. Dies könnte Combofix zum Absturz bringen * doppelklick: combofix.exe Combofix * klicke "Ja" , nach Lesen vom Disclaimer und Warnmeldung Combofix - warnmeldung * schreibe "1" - klicke "Enter" Combofix * nun abwarten, bis ein neuer Systemwiederherstellungspunkt erstellt wurde + der Scan erfolgt * das Log wird automatisch erscheinen (combofix.txt) * mit der rechten Maustaste den Text markieren -> komplett abkopieren -> im Forum, wo du einen Beitrag eröffnet hast -> einfügen - Der Computer wird evtl. nach dem Scan neustarten. Bitte geduldig abwarten, bis das Log erstellt wird! |
11.02.2010, 19:47 | #9 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Hallo, Habe alle Firewalls und Virenscanner ausgemacht, Das Programm meinte aber AntiVir wäre noch an, aber es war aus. Hier der Log: ComboFix 10-02-10.05 - Timo 11.02.2010 19:08:59.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.1845 [GMT 1:00] ausgeführt von:: c:\users\Timo\Desktop\Heruntergeladen\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk c:\users\Timo\AppData\Roaming\inst.exe c:\users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.exe c:\windows\system32\msvcsv60.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-01-11 bis 2010-02-11 )))))))))))))))))))))))))))))) . 2010-02-11 18:18 . 2010-02-11 18:19 -------- d-----w- c:\users\Timo\AppData\Local\temp 2010-02-11 18:18 . 2010-02-11 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-10 16:42 . 2010-02-10 16:42 -------- d-----w- c:\users\Timo\AppData\Roaming\Malwarebytes 2010-02-10 16:42 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-10 16:42 . 2010-02-10 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-10 16:42 . 2010-02-10 16:42 -------- d-----w- c:\programdata\Malwarebytes 2010-02-10 16:42 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-10 16:40 . 2010-02-10 15:36 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-02-10 15:36 . 2010-02-10 15:36 -------- dc----w- c:\windows\system32\DRVSTORE 2010-02-10 15:36 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-02-10 15:36 . 2010-02-10 15:36 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-02-10 15:36 . 2010-02-10 15:36 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-02-10 15:36 . 2010-02-10 15:36 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-02-10 15:36 . 2010-02-10 15:36 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-02-10 15:36 . 2010-02-10 15:36 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-02-10 15:36 . 2010-02-10 15:36 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-10 15:36 . 2010-02-10 15:36 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll 2010-02-10 15:35 . 2010-02-10 15:35 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2010-02-10 15:35 . 2010-02-10 15:35 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-02-10 15:35 . 2010-02-10 15:35 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-02-10 15:35 . 2010-02-10 15:35 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-02-10 15:35 . 2010-02-10 15:35 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-10 15:35 . 2010-02-10 15:35 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-02-10 15:35 . 2010-02-10 15:35 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-02-10 15:35 . 2010-02-10 15:35 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-02-10 15:35 . 2010-02-10 15:35 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-02-10 15:35 . 2010-02-10 15:35 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-02-10 15:33 . 2010-02-10 15:33 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-02-10 15:33 . 2009-12-07 14:10 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2010-02-10 14:44 . 2010-02-10 14:44 -------- d-----w- c:\programdata\F-Secure 2010-02-10 08:41 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-10 08:41 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-07 09:53 . 2010-02-10 14:21 -------- d-----w- c:\program files\a-squared Free 2010-02-06 12:31 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2010-02-06 12:31 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2010-02-06 12:31 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2010-02-06 12:31 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2010-02-06 12:31 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2010-02-06 12:31 . 2010-02-06 12:31 -------- d-----w- c:\program files\Trojan Remover 2010-02-06 12:31 . 2010-02-06 12:31 -------- d-----w- c:\users\Timo\AppData\Roaming\Simply Super Software 2010-02-06 12:31 . 2010-02-06 12:31 -------- d-----w- c:\programdata\Simply Super Software 2010-02-05 22:27 . 2010-02-06 12:53 118284 ----a-w- c:\windows\system32\hdR4OCFxh504UF.exe 2010-02-05 17:38 . 2010-02-05 17:38 -------- d-----w- c:\program files\Design-Lib Creations 2010-02-02 12:17 . 2010-02-02 12:17 -------- d-----w- c:\program files\Common Files\Nokia 2010-02-02 12:16 . 2010-02-02 12:15 24437624 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10DE.exe 2010-02-02 12:16 . 2010-02-02 12:16 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe 2010-02-02 12:16 . 2010-02-02 12:16 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe 2010-02-02 12:16 . 2010-02-02 12:16 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe 2010-02-01 20:39 . 2010-02-01 20:39 -------- d-----w- c:\users\Timo\AppData\Roaming\Ubisoft 2010-01-22 09:33 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll 2010-01-22 09:33 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-16 14:56 . 2010-01-16 14:56 -------- d-----w- c:\program files\Xilisoft 2010-01-16 14:52 . 2010-01-16 14:57 -------- d-----w- C:\Temp 2010-01-16 14:39 . 2010-01-16 14:39 -------- d-----w- c:\program files\WIDI 4.0 Pro 2010-01-16 14:32 . 2010-01-16 14:36 -------- d-----w- c:\program files\TallStick 2010-01-16 13:47 . 2010-01-16 13:51 -------- d-----w- c:\users\Timo\TruePianos Settings 2010-01-13 10:12 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 10:12 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-10 21:48 . 2010-01-12 17:23 -------- d-----w- c:\users\Timo\AppData\Roaming\vlc 2010-02-10 19:53 . 2006-11-02 15:33 621714 ----a-w- c:\windows\system32\perfh007.dat 2010-02-10 19:53 . 2006-11-02 15:33 123452 ----a-w- c:\windows\system32\perfc007.dat 2010-02-10 15:21 . 2007-10-15 09:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-10 10:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-10 10:46 . 2007-04-18 03:55 -------- d-----w- c:\programdata\Microsoft Help 2010-02-05 17:58 . 2007-10-22 20:06 -------- d-----w- c:\programdata\FLEXnet 2010-02-05 16:28 . 2007-11-08 11:36 -------- d-----w- c:\users\Timo\AppData\Roaming\dvdcss 2010-02-04 14:19 . 2007-12-10 21:30 48 ----a-w- c:\windows\msocreg32.dat 2010-02-02 12:24 . 2009-01-19 23:02 -------- d-----w- c:\programdata\Installations 2010-02-02 12:18 . 2009-01-19 23:03 -------- d-----w- c:\program files\Nokia 2010-02-01 20:10 . 2007-04-18 03:27 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-31 20:11 . 2009-08-21 22:04 -------- d-----w- c:\users\Timo\AppData\Roaming\Hamachi 2010-01-30 23:22 . 2007-11-22 21:26 -------- d-----w- c:\program files\Anno 1701 2010-01-30 00:11 . 2007-10-08 17:15 312472 ----a-w- c:\users\Timo\AppData\Local\GDIPFONTCACHEV1.DAT 2010-01-16 14:40 . 2008-10-12 15:15 -------- d-----w- c:\users\Timo\AppData\Roaming\Music Recognition 2010-01-14 10:12 . 2009-10-02 23:37 181120 ------w- c:\windows\system32\MpSigStub.exe 2009-12-26 11:54 . 2009-12-26 11:54 -------- d-----w- c:\program files\mp3DirectCut 2009-12-26 11:25 . 2009-12-26 11:25 -------- d-----w- c:\program files\ConvertHelper 2009-12-15 18:30 . 2007-11-07 18:33 139280 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-12-15 18:30 . 2007-11-07 18:33 202000 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-13 19:49 . 2008-03-08 09:51 -------- d-----w- c:\program files\CCleaner 2009-12-11 11:43 . 2010-02-10 08:42 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 08:42 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-08 20:01 . 2010-02-10 08:42 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-12-08 20:01 . 2010-02-10 08:42 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-08 20:01 . 2010-02-10 08:42 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 17:26 . 2010-02-10 08:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-12-04 18:30 . 2010-02-10 08:42 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-04 18:29 . 2010-02-10 08:42 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-04 18:28 . 2010-02-10 08:42 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-04 18:28 . 2010-02-10 08:42 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-04 18:28 . 2010-02-10 08:42 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-04 18:28 . 2010-02-10 08:42 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-04 18:28 . 2010-02-10 08:42 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-04 18:28 . 2010-02-10 08:42 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-04 18:27 . 2010-02-10 08:42 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll 2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe 2009-11-18 15:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2006-05-03 10:06 . 2009-01-22 22:28 163328 --sh--r- c:\windows\System32\flvDX.dll 2007-02-21 11:47 . 2009-01-22 22:28 31232 --sh--r- c:\windows\System32\msfDX.dll 2008-03-16 13:30 . 2009-01-22 22:28 216064 --sh--r- c:\windows\System32\nbDX.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883840] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912] "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232] "CTXFIREG"="CTxfiReg.exe" [2008-02-20 43520] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13683232] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 92704] "PDFPrint"="c:\program files\pdf24\PDFBackend.exe" [2008-01-31 134144] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "CTHelper"="CTHELPER.EXE" [2008-02-20 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 19968] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\READREG" [X] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-18 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):2a,2e,b7,07,ab,0a,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1736430328-2876659159-3367440274-1000] "EnableNotificationsRef"=dword:00000001 R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [10.02.2010 16:36 64288] R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [07.02.2010 10:53 1858144] R2 acedrv11;acedrv11;c:\windows\System32\drivers\acedrv11.sys [19.01.2009 19:31 277544] R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [10.12.2008 00:10 24636] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02.12.2009 14:19 1181328] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [06.05.2009 10:11 185640] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [15.10.2007 09:51 721904] S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [22.11.2007 14:31 79360] S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\daupdatersvc.service.exe [23.11.2009 21:21 25832] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [20.01.2009 13:13 1527900] S3 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [29.05.2008 11:56 21504] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.03.2009 14:48 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.03.2009 14:48 8320] S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [25.01.2007 18:31 42000] S3 P1130VID;Creative WebCam NX Pro;c:\windows\System32\drivers\P1130Vid.sys [04.05.2004 04:48 90229] S3 vaxscsi;vaxscsi;c:\windows\System32\drivers\vaxscsi.sys [17.03.2008 19:34 223128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners 2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35] 2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35] 2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35] 2010-02-11 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35] 2010-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:35] 2010-02-11 c:\windows\Tasks\User_Feed_Synchronization-{56CAD019-6BFF-4321-9054-E580AD17B35D}.job - c:\windows\system32\msfeedssync.exe [2008-05-29 21:33] . . ------- Zusätzlicher Suchlauf ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.Google.com uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: line6.net FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\53baw5c4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:defficial FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search= FF - component: c:\program files\Mozilla Firefox\extensions\{8c60d071-d3a0-e479-a01d-b91cb41fc45e}\components\1-f0pBq.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-Steam - d:\empire\Steam.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) AddRemove-ArtMoney SE_is1 - c:\users\Timo\Desktop\ArtMoney\Uninstall\unins000.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-MegaTrainer XL_is1 - c:\users\Timo\Desktop\MegaTrainer XL\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-11 19:19 Windows 6.0.6002 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-1736430328-2876659159-3367440274-1000\Software\SecuROM\License information*] "datasecu"=hex:5c,8e,17,6f,86,6b,96,5c,0b,c5,70,44,13,5e,4b,ad,30,03,9a,9a,c1, a1,d4,28,84,d0,af,0f,56,4e,33,aa,8d,d8,6a,d5,a0,86,44,4b,68,33,f9,e9,2a,1c,\ "rkeysecu"=hex:4c,37,c0,b6,cf,83,9c,29,ac,95,b0,4a,70,0e,2d,57 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2010-02-11 19:21:54 ComboFix-quarantined-files.txt 2010-02-11 18:21 Vor Suchlauf: 9.763.639.296 Bytes frei Nach Suchlauf: 9.880.317.952 Bytes frei - - End Of File - - 15A4E11D53ED2A9511A4424F3C5D29F3 |
12.02.2010, 15:48 | #10 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Die setupv.exe wird nun nichtmehr erstellt. Dafür stürzt mein Firefox nun ständig ab und öffnet auf jeder Seite Werbung, also keine Popups, sondern direkt auf der Seite. |
14.02.2010, 01:03 | #11 | |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exeZitat:
- Scan mit Malwarebytes im abgesicherten Modus. (Beim Restart F8 Taste drücken) Poste das Log. lg. |
14.02.2010, 11:26 | #12 |
/// Selecta Jahrusso | TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Den Scan mit Malwarebytes im abgesicherten Modus kannst Du dir sparen. schritt 1 Starte MBAM im Normalmodus, lass alle Funde entfernen. schritt 2 Downloade dir TFC ( by OldTimer ) von hier. Speichere die Datei am Desktop. Schließe alle laufenden Programme. Das Tool verlangt eventuell einen Neustart, dies bitte zulassen. schritt 3 Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1 - Download Mirror #2
schritt 4 Systemdetails mit RSIT prüfen
Bitte poste in Deiner nächsten Antwort Log von Malwarebytes Systemlook.txt log.txt info.txt Berichte wie der Rechner läuft. [und wieder raus bin]
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
14.02.2010, 12:47 | #13 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Ich weis nicht wie ich etwas im Forum minimiere, habe auch schon geschaut wie das geht, finde aber nichts. Deswegen poste ich jetzt jeden Log als eigenen Beitrag, damit es übersichtlicher ist. RSIT-Log (info.txt): info.txt logfile of random's system information tool 1.06 2010-02-14 12:37:26 ======Uninstall list====== -->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0007 -->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0007 -->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0007 -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0007 -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0007 -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0007 -->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0007 -->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:GER -->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} -->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A68AACBA-C3AF-467B-978C-E05C31650CF6}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAE8EC2-2340-4D6E-A74D-07814046A11B}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x7 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x7 /remove Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x7 -removeonly Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x7 -removeonly Acer Plug and Record-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\Setup.exe" -uninstall Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x7 -removeonly Acer Zone Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\Setup.exe" -uninstall ACID Pro 7.0-->MsiExec.exe /X{FBCED1D8-E731-42B7-AD49-A291175BAA1B} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->"C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe Addictive Drums-->C:\Windows\unvise32.exe C:\Program Files\XLN Audio\Addictive Drums\uninstal.log Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Agatha Christie - Evil Under the Sun-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B806E8-BA3C-4FC2-AAB8-116FC8514697}\setup.exe" -l0x9 -uninst Age of Conan: Hyborian Adventures-->"D:\Age of Conan\unins000.exe" ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly Anno 1701-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -l0x7 -removeonly Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Applied Acoustics Systems - Strum Acoustic GS-1 v1.0-->D:\Strum Acoustic GS-1\Uninstall.exe ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe" Auslogics Disk Defrag-->"D:\Auslogics Disk Defrag\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x7 Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x7 Call of Duty Modern Warfare 2-->"D:\Call of Duty Modern Warfare 2\Modern Warfare 2\unins000.exe" Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{149464D9-B06F-4505-9968-FD1206F67AD3}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.5 Patch-->C:\Program Files\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{750C87B8-AF19-4C3C-B791-50D9C83AE572}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409 CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe" CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} Creative ALchemy (X-Fi Edition)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A68AACBA-C3AF-467B-978C-E05C31650CF6}\setup.exe" -l0x7 /remove Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x7 /remove Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x7 /remove Creative WebCam NX Pro Driver (1.03.03.0326)-->C:\Windows\CtDrvIns.exe -uninstall -script Pd1130.uns -unsext NT -plugin P1130Pin.dll -pluginres P1130Pin.crl Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x7 /remove Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x7 /remove Design-Lib.Com - Batch PSD to JPG-->C:\Program Files\Design-Lib Creations\UninstalDlPsdtoJpg.exe DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0} Die*Sims™*3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0007 -removeonly DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Doc Convertor 1.0 (Beta)-->"C:\Program Files\Doc Convertor\unins000.exe" Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0407 FileZilla Client 3.2.0-->C:\Program Files\FileZilla FTP Client\uninstall.exe Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe GoldWave v5.22-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.22" "C:\Program Files\GoldWave\unstall.log" Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe" Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe" iZotope Ozone 4-->"C:\Program Files\iZotope\Ozone 4\unins000.exe" Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Kodak EasyShare Software-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_460007_22405a\Setup.exe /APR-REMOVE Lost Auction-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Lost Auction\ST6UNST.LOG" LoudMo Contextual Ad Assistant-->C:\Windows\system32\hdR4OCFxh504UF.exe MAGIX Screenshare 4.3.6.1987 (D)-->C:\Program Files\MAGIX\PCVisit\unwise.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Melodyne 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669} Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Miroslav Philharmonik Instruments-->C:\Program Files\InstallShield Installation Information\{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly Miroslav Philharmonik-->C:\Program Files\InstallShield Installation Information\{BA0D0121-A3BA-487D-9C78-7AB0E676C722}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly mkv2vob-->MsiExec.exe /X{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D} Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Native Instruments Guitar Rig 3-->C:\Program Files\Native Instruments\Guitar Rig 3\uninstall.exe Native Instruments Guitar Rig Registered User Library Vol.1-->C:\Users\Timo\DOCUME~1\NATIVE~1\GUITAR~1\SOUNDB~1\GUITAR~2\UNWISE.EXE C:\Users\Timo\DOCUME~1\NATIVE~1\GUITAR~1\SOUNDB~1\GUITAR~2\INSTALL.LOG Native Instruments Kontakt 3-->C:\PROGRA~1\NATIVE~1\KONTAK~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~2\INSTALL.LOG Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296} Nokia Software Updater-->MsiExec.exe /X{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78} NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} OpenAL-->"C:\Program Files\OpenAL\OALInst.exe" /U PC Wizard 2008.1.87-->"C:\Program Files\PC Wizard 2008\unins000.exe" pdf24-->"C:\Program Files\pdf24\unins000.exe" PDFToIMAGE v1.6-->"C:\Program Files\Oakdoc\PDFToIMAGE\unins000.exe" Pianoteq v2.2.0-->"C:\Program Files\Pianoteq 2.2\uninstall.exe" Pixie 1.4.1-->"C:\Program Files\Pixie\unins000.exe" Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3} ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe PunkBuster für Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x7 PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA} RealStrat-->"D:\RealStrat\Uninstall.exe" "D:\RealStrat\install.log" -u Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Risen-->"C:\Program Files\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0007 -removeonly Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SharpEye Music Reader 2-->C:\PROGRA~1\VISIV-~1\SHARPE~1\UNWISE.EXE C:\PROGRA~1\VISIV-~1\SHARPE~1\INSTALL.LOG SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sony ACID Music Studio 7.0-->MsiExec.exe /X{64CFBF47-0149-4E4C-A348-3701FE7597F1} Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x7 /remove Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Studio Instruments 1.0-->"C:\Program Files\Cakewalk\Studio Instruments\unins000.exe" SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 System Requirements Lab-->MsiExec.exe /I{9EBDAF91-DADA-47CE-94F2-F5B004007934} Tales of Monkey Island - Lair of the Leviathan-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland103.exe Tales of Monkey Island - Launch of the Screaming Narwhal-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland101.exe Tales of Monkey Island - Rise of the Pirate God-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland105.exe Tales of Monkey Island - The Siege of Spinner Cay-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland102.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} The Nosebleed Pack Patch Install-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5EDF350-FBEE-40B7-926D-4DA2492BFF06}\setup.exe" Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe" TruePianos 1.4.1-->"D:\TruePianos\unins000.exe" TruePianos: Amber Module 1.4.0-->"D:\TruePianos\Content\unins000.exe" TruePianos: Diamond Module 1.4.0-->"D:\TruePianos\Content\unins001.exe" TruePianos: Emerald Module 1.4.0-->"D:\TruePianos\Content\unins002.exe" TruePianos: Sapphire Module 1.4.0-->"D:\TruePianos\Content\unins003.exe" TruePianos: Sapphire Module 1.4.0-->"D:\TruePianos\Content\unins004.exe" Ulead Photo Explorer 8.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\setup.exe" -l0x7 Ulead PhotoImpact 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7 Ulead PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0407 Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0407 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe WIDCOMM Bluetooth Software 6.2.0.5800-->MsiExec.exe /X{E464702F-5433-46EC-8F65-159276C0A54F} WIDI Recognition System Pro 4.03 (remove only)-->"C:\Program Files\WIDI 4.0 Pro\Uninstall.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe WinRAR-->C:\Program Files\WinRAR\uninstall.exe Wolfenstein(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}\setup.exe -runfromtemp -l0x0409 Worms Armageddon-->C:\Windows\IsUninst.exe -f"d:\Worms Armageddon\Uninst.isu" Worms World Party-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe" XAMPP 1.7.1-->"D:\xampp\uninstall.exe" Zoo Tycoon: Complete Collection-->"D:\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove ======Hosts File====== 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ======Security center information====== AV: Avira AntiVir PersonalEdition AS: Avira AntiVir PersonalEdition AS: Windows-Defender ======System event log====== Computer Name: Timo-M Event Code: 4372 Message: Windows-Wartung setzt das Paket KB975517(Security Update) in den Status Wird bereitgestellt(Staging). Record Number: 423510 Source Name: Microsoft-Windows-Servicing Time Written: 20091016090002.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Timo-M Event Code: 4372 Message: Windows-Wartung setzt das Paket KB975517(Security Update) in den Status Wird bereitgestellt(Staging). Record Number: 423509 Source Name: Microsoft-Windows-Servicing Time Written: 20091016090002.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Timo-M Event Code: 4372 Message: Windows-Wartung setzt das Paket KB975517(Security Update) in den Status Aufgelöst(Resolved). Record Number: 423508 Source Name: Microsoft-Windows-Servicing Time Written: 20091016090002.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Timo-M Event Code: 4383 Message: Windows-Wartung hat das Update 975517-20_neutral_GDR aus Paket KB975517 (Security Update) in den Status Wird aufgelöst(Resolving) gesetzt. Record Number: 423507 Source Name: Microsoft-Windows-Servicing Time Written: 20091016085955.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: Timo-M Event Code: 4383 Message: Windows-Wartung hat das Update 975517-19_neutral_LDR aus Paket KB975517 (Security Update) in den Status Wird aufgelöst(Resolving) gesetzt. Record Number: 423506 Source Name: Microsoft-Windows-Servicing Time Written: 20091016085955.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM =====Application event log===== Computer Name: Timo-M Event Code: 0 Message: Der Dienst wurde gestartet. Record Number: 41651 Source Name: Service1 Time Written: 20080911125237.000000-000 Event Type: Informationen User: Computer Name: Timo-M Event Code: 0 Message: Record Number: 41650 Source Name: Capture Device Service Time Written: 20080911125237.000000-000 Event Type: Informationen User: Computer Name: Timo-M Event Code: 0 Message: Record Number: 41649 Source Name: Capture Device Service Time Written: 20080911125237.000000-000 Event Type: Informationen User: Computer Name: Timo-M Event Code: 0 Message: Record Number: 41648 Source Name: Capture Device Service Time Written: 20080911125237.000000-000 Event Type: Informationen User: Computer Name: Timo-M Event Code: 0 Message: Record Number: 41647 Source Name: Capture Device Service Time Written: 20080911125237.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: Timo-M Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-21-1736430328-2876659159-3367440274-1000 Kontoname: Timo Kontodomäne: Timo-M Anmelde-ID: 0x318d9 Berechtigungen: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 71447 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090312160418.694474-000 Event Type: Überwachung erfolgreich User: Computer Name: Timo-M Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: TIMO-M$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 2 Neue Anmeldung: Sicherheits-ID: S-1-5-21-1736430328-2876659159-3367440274-1000 Kontoname: Timo Kontodomäne: Timo-M Anmelde-ID: 0x318d9 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x324 Prozessname: C:\Windows\System32\winlogon.exe Netzwerkinformationen: Arbeitsstationsname: TIMO-M Quellnetzwerkadresse: 127.0.0.1 Quellport: 0 Detaillierte Authentifizierungsinformationen: Anmeldeprozess: User32 Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 71446 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090312160418.694474-000 Event Type: Überwachung erfolgreich User: Computer Name: Timo-M Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: TIMO-M$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: Timo Kontodomäne: Timo-M Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x324 Prozessname: C:\Windows\System32\winlogon.exe Netzwerkinformationen: Netzwerkadresse: 127.0.0.1 Port: 0 Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 71445 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090312160418.694474-000 Event Type: Überwachung erfolgreich User: Computer Name: Timo-M Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 71444 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090312160417.339468-000 Event Type: Überwachung erfolgreich User: Computer Name: Timo-M Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: TIMO-M$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x2b4 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 71443 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090312160417.339468-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\iZotope\Runtimes;%PIXIEHOME%\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=6b01 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "RAWWAVE_PATH"=C:\Users\Timo\Desktop\Programme\Csound\samples "PYTHONPATH"=;C:\Users\Timo\Desktop\Programme\Csound\bin "RGSCLauncher"=D:\GTA IV\Rockstar Games Social Club "RGSC"=D:\GTA IV\Rockstar Games Social Club\1_0_0_0 "PIXIEHOME"=C:\Program Files\Pixie "SHADERS"=%PIXIEHOME%\shaders -----------------EOF----------------- |
14.02.2010, 12:48 | #14 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe RSIT (log.txt): Logfile of random's system information tool 1.06 (written by random/random) Run by Timo at 2010-02-14 12:36:36 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 3 GB (2%) free of 149 GB Total RAM: 3071 MB (51% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:37:06, on 14.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe C:\Windows\System32\rundll32.exe C:\Program Files\pdf24\PDFBackend.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\CTHELPER.EXE C:\Windows\System32\CTXFIHLP.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Users\Timo\Desktop\Programme\MSD 0.655\MSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Timo\Desktop\Heruntergeladen\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Timo.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files\pdf24\PDFBackend.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O15 - Trusted Zone: *.line6.net O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\httpd.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\xampp\filezillaftp\filezillaserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 10688 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Ad-Aware Update (Daily 1).job C:\Windows\tasks\Ad-Aware Update (Daily 2).job C:\Windows\tasks\Ad-Aware Update (Daily 3).job C:\Windows\tasks\Ad-Aware Update (Daily 4).job C:\Windows\tasks\Ad-Aware Update (Weekly).job C:\Windows\tasks\User_Feed_Synchronization-{56CAD019-6BFF-4321-9054-E580AD17B35D}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912] "Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2007-01-24 319488] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-06 464168] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] "VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-12-06 180224] "UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112] "Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-10 385024] "UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-07-23 341232] "CTXFIREG"=C:\Windows\system32\CTxfiReg.exe [2008-02-20 43520] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-02 13683232] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-02 92704] "PDFPrint"=C:\Program Files\pdf24\PDFBackend.exe [2008-01-31 134144] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "CTHelper"=C:\Windows\system32\CTHELPER.EXE [2008-02-20 19456] "CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-02-20 19968] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-08-04 1068424] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883840] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-02-14 12:36:36 ----D---- C:\rsit 2010-02-11 19:21:59 ----SHD---- C:\$RECYCLE.BIN 2010-02-11 19:21:55 ----A---- C:\ComboFix.txt 2010-02-11 19:05:53 ----A---- C:\Windows\zip.exe 2010-02-11 19:05:53 ----A---- C:\Windows\SWSC.exe 2010-02-11 19:05:53 ----A---- C:\Windows\SWREG.exe 2010-02-11 19:05:53 ----A---- C:\Windows\sed.exe 2010-02-11 19:05:53 ----A---- C:\Windows\PEV.exe 2010-02-11 19:05:53 ----A---- C:\Windows\NIRCMD.exe 2010-02-11 19:05:53 ----A---- C:\Windows\MBR.exe 2010-02-11 19:05:53 ----A---- C:\Windows\grep.exe 2010-02-11 19:05:39 ----D---- C:\Windows\ERDNT 2010-02-11 19:04:17 ----D---- C:\ComboFix 2010-02-11 19:00:32 ----D---- C:\Qoobox 2010-02-11 19:00:17 ----A---- C:\Windows\SWXCACLS.exe 2010-02-10 17:42:31 ----D---- C:\Users\Timo\AppData\Roaming\Malwarebytes 2010-02-10 17:42:23 ----D---- C:\ProgramData\Malwarebytes 2010-02-10 17:42:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-10 17:40:58 ----A---- C:\Windows\system32\lsdelete.exe 2010-02-10 16:36:26 ----DC---- C:\Windows\system32\DRVSTORE 2010-02-10 16:33:33 ----HDC---- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2010-02-10 15:44:44 ----D---- C:\ProgramData\F-Secure 2010-02-10 09:42:19 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 09:42:19 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-10 09:42:08 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 09:42:07 ----A---- C:\Windows\system32\avifil32.dll 2010-02-07 10:53:41 ----D---- C:\Program Files\a-squared Free 2010-02-06 13:31:27 ----A---- C:\Windows\system32\ztvunrar36.dll 2010-02-06 13:31:27 ----A---- C:\Windows\system32\ztvunace26.dll 2010-02-06 13:31:27 ----A---- C:\Windows\system32\ztvcabinet.dll 2010-02-06 13:31:27 ----A---- C:\Windows\system32\UNRAR3.dll 2010-02-06 13:31:27 ----A---- C:\Windows\system32\unacev2.dll 2010-02-06 13:31:24 ----D---- C:\Users\Timo\AppData\Roaming\Simply Super Software 2010-02-06 13:31:24 ----D---- C:\ProgramData\Simply Super Software 2010-02-06 13:31:24 ----D---- C:\Program Files\Trojan Remover 2010-02-05 23:27:55 ----A---- C:\Windows\system32\hdR4OCFxh504UF.exe 2010-02-05 18:38:54 ----D---- C:\Program Files\Design-Lib Creations 2010-02-02 13:17:05 ----D---- C:\Program Files\Common Files\Nokia 2010-02-01 21:39:46 ----D---- C:\Users\Timo\AppData\Roaming\Ubisoft 2010-01-22 10:33:31 ----A---- C:\Windows\system32\wininet.dll 2010-01-22 10:33:31 ----A---- C:\Windows\system32\mshtml.dll 2010-01-22 10:33:30 ----A---- C:\Windows\system32\urlmon.dll 2010-01-22 10:33:28 ----A---- C:\Windows\system32\ieframe.dll 2010-01-22 10:33:27 ----A---- C:\Windows\system32\ieui.dll 2010-01-22 10:33:25 ----A---- C:\Windows\system32\iepeers.dll 2010-01-22 10:33:25 ----A---- C:\Windows\system32\ieencode.dll 2010-01-22 10:33:23 ----A---- C:\Windows\system32\ieapfltr.dll 2010-01-16 15:56:14 ----D---- C:\Program Files\Xilisoft 2010-01-16 15:52:15 ----D---- C:\Temp 2010-01-16 15:39:48 ----D---- C:\Program Files\WIDI 4.0 Pro 2010-01-16 15:32:02 ----D---- C:\Program Files\TallStick ======List of files/folders modified in the last 1 months====== 2010-02-14 12:36:55 ----D---- C:\Windows\Temp 2010-02-14 12:36:47 ----D---- C:\Windows\Prefetch 2010-02-14 12:36:06 ----D---- C:\Windows\system32\drivers 2010-02-14 12:07:36 ----D---- C:\Program Files\Mozilla Firefox 2010-02-14 11:43:31 ----D---- C:\Users\Timo\AppData\Roaming\vlc 2010-02-14 11:01:05 ----A---- C:\Windows\NeroDigital.ini 2010-02-14 11:00:06 ----D---- C:\Windows\System32 2010-02-14 11:00:06 ----D---- C:\Windows\inf 2010-02-14 11:00:06 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-14 10:55:07 ----D---- C:\Windows\system32\Tasks 2010-02-14 10:55:04 ----D---- C:\Windows\Tasks 2010-02-13 15:34:50 ----SHD---- C:\System Volume Information 2010-02-12 10:47:05 ----D---- C:\Windows 2010-02-11 19:19:03 ----A---- C:\Windows\system.ini 2010-02-11 19:14:41 ----D---- C:\Windows\AppPatch 2010-02-11 19:14:40 ----D---- C:\Program Files\Common Files 2010-02-11 09:03:32 ----D---- C:\Windows\winsxs 2010-02-10 18:07:35 ----D---- C:\Windows\system32\catroot2 2010-02-10 18:05:39 ----RSD---- C:\Windows\Media 2010-02-10 17:42:23 ----RD---- C:\Program Files 2010-02-10 17:42:23 ----D---- C:\ProgramData 2010-02-10 16:36:26 ----D---- C:\Windows\system32\catroot 2010-02-10 16:33:33 ----SHD---- C:\Windows\Installer 2010-02-10 16:21:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-02-10 13:19:59 ----AD---- C:\ProgramData\TEMP 2010-02-10 11:50:07 ----D---- C:\Program Files\Windows Mail 2010-02-10 11:46:42 ----D---- C:\Windows\Debug 2010-02-10 11:46:23 ----D---- C:\ProgramData\Microsoft Help 2010-02-06 11:18:20 ----D---- C:\Windows\Minidump 2010-02-05 19:55:48 ----D---- C:\Program Files\Adobe 2010-02-05 18:58:37 ----D---- C:\Users\Timo\AppData\Roaming\Adobe 2010-02-05 18:58:26 ----D---- C:\ProgramData\FLEXnet 2010-02-05 18:58:26 ----D---- C:\ProgramData\Adobe 2010-02-05 17:28:22 ----D---- C:\Users\Timo\AppData\Roaming\dvdcss 2010-02-02 13:24:05 ----D---- C:\ProgramData\Installations 2010-02-02 13:18:04 ----D---- C:\Program Files\Nokia 2010-02-01 21:16:26 ----RSD---- C:\Windows\assembly 2010-02-01 21:10:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe 2010-01-31 21:11:43 ----D---- C:\Users\Timo\AppData\Roaming\Hamachi 2010-01-31 00:22:46 ----D---- C:\Program Files\Anno 1701 2010-01-29 21:58:10 ----RSD---- C:\Windows\Fonts 2010-01-20 15:43:57 ----A---- C:\Windows\WORDPAD.INI 2010-01-16 15:40:03 ----D---- C:\Users\Timo\AppData\Roaming\Music Recognition 2010-01-16 15:32:10 ----A---- C:\Windows\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-06-02 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-06-02 75096] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2008-04-15 21248] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2009-01-19 277544] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-02 281760] R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-02 25888] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-06-02 52056] R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2008-02-25 170520] R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-02-25 524312] R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2008-02-25 1323544] R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2008-02-25 72728] R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-02-25 14360] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-02-25 157208] R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-02-25 92696] R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 1172504] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-08-23 25280] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-18 6144] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-02 7643904] R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-02-25 127000] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560] S1 ntiomin;ntiomin; C:\Windows\system32\drivers\ntiomin.sys [] S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [] S3 a5g68646;a5g68646; C:\Windows\system32\drivers\a5g68646.sys [] S3 catchme;catchme; \??\C:\Users\Timo\AppData\Local\Temp\catchme.sys [] S3 COMMONFX.DLL;COMMONFX.DLL; C:\Windows\system32\COMMONFX.DLL [2008-02-25 98328] S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-02-25 511000] S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\Windows\system32\CTAUDFX.DLL [2008-02-25 551960] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-02-25 346856] S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\Windows\system32\CTEAPSFX.DLL [2008-02-25 174104] S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\Windows\system32\CTEDSPFX.DLL [2008-02-25 286232] S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\Windows\system32\CTEDSPIO.DLL [2008-02-25 134680] S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\Windows\system32\CTEDSPSY.DLL [2008-02-25 329240] S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\Windows\system32\CTERFXFX.DLL [2008-02-25 100888] S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\Windows\system32\CTSBLFX.DLL [2008-02-25 566296] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 L6DP;L6DP; C:\Windows\System32\Drivers\l6dp.sys [] S3 L6TPortA;Service - Line 6 TonePort UX1; C:\Windows\System32\Drivers\L6TPortA.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320] S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-01-25 42000] S3 P1130VID;Creative WebCam NX Pro; C:\Windows\system32\DRIVERS\P1130Vid.sys [2004-05-04 90229] S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-07-30 47360] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 vaxscsi;vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [2008-03-17 223128] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144] R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-29 28672] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297] R2 Apache2.2;Apache2.2; D:\xampp\apache\bin\httpd.exe [2008-12-10 24636] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-10-14 555560] R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 417792] R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-06 457512] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248] R2 FileZilla Server;FileZilla Server FTP server; D:\xampp\filezillaftp\filezillaserver.exe [2009-03-03 691200] R2 mysql;mysql; D:\xampp\mysql\bin\mysqld.exe [2009-03-16 6562432] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-02 207392] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-01 75064] R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-06 185640] S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-10 1181328] S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2007-11-22 79360] S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-22 654848] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-26 316664] -----------------EOF----------------- |
14.02.2010, 13:09 | #15 |
| TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe Malwarebytes Log: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3737 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 14.02.2010 12:55:59 mbam-log-2010-02-14 (12-55-59).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 114039 Laufzeit: 6 minute(s), 0 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdr4ocfxh504uf (Adware.AdRotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\hdR4OCFxh504UF.exe (Adware.AdRotator) -> Quarantined and deleted successfully. System Look Log: SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 13:05 on 14/02/2010 by Timo (Administrator - Elevation successful) ========== filefind ========== Searching for "setupv.exe" No files found. ========== regfind ========== Searching for "setupv" No data found. -=End Of File=- |
Themen zu TR/VB.Downloader.Gen in AppData\Local\Temp\setupv.exe |
ad-aware, adobe, antivir, avg, bho, defender, dll, explorer, ftp, hkus\s-1-5-18, internet, internet explorer, local\temp, magix, nvidia, object, plug-in, pop-up-blocker, programm, rundll, server, software, symantec, system, temp, tr/vb.downloader.gen, trojaner, virus, vista, windows, öffnet |