|
Plagegeister aller Art und deren Bekämpfung: TR/Agent.AN.1033 Malware gefunden, Antivir springt anWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.02.2010, 16:35 | #1 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Hallo, mein Antivir springt ständig an und meldet Malware. Auch der Windows Defender hat einmal reagiert. Habe den CCleaner benutzt und einen Hijack-Scan gemacht. Hier die logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:58, on 12.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Users\************\AppData\Local\Temp\Vsh.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Users\DSIRE&~1\AppData\Local\Temp\Vsm.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\CCleaner\ccleaner.exe C:\Windows\SysWOW64\wscript.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de&source=iglk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [F5JMWNZTHI] C:\Users\******************\AppData\Local\Temp\Vsh.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Startup: Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 11642 bytes Hoffe auf eure Hilfe. Vielen Dank im Voraus |
12.02.2010, 16:41 | #2 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Ja, führe noch Malwarebytes aus und poste hier das Logfile. Dann schauen wir wie es weiter geht!
__________________ |
12.02.2010, 16:42 | #3 |
/// Helfer-Team | TR/Agent.AN.1033 Malware gefunden, Antivir springt an Mich würde eher der Ereignisbericht von Antivir interessieren. Dazu Antivir starten, Übersicht, Ergeignisse. Text abkopieren und hier reinstellen. In letzter Zeit häufen sich die false positiv Funde.
__________________ |
12.02.2010, 17:56 | #4 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Hier der Ereignisbericht von Antivir: File-Upload.net - Ereignisse.txt Malwarebytes wird ausgeführt. Ich melde mich dann. Danke |
12.02.2010, 18:22 | #5 |
/// Helfer-Team | TR/Agent.AN.1033 Malware gefunden, Antivir springt an C:\Users\*********************\AppData\Local\Temp\Vsm.exe Diese Datei bei Virustotal prüfen. Poste das Ergebnis. Kann auch ein Fehlalarm sein. |
12.02.2010, 18:57 | #7 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Sobald der Vollständige Sacn von Malwarebytes fertig ist stell mal das Logfile dazu rein. |
12.02.2010, 19:09 | #8 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt anCode:
ATTFilter Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3730 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 12.02.2010 18:59:36 mbam-log-2010-02-12 (18-59-36).txt Scan-Methode: Vollständiger Scan (C:\|E:\|) Durchsuchte Objekte: 300216 Laufzeit: 56 minute(s), 56 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Aber nach dem Neustart wurde immer noch der Trojaner von Antivir angezeigt. Jetzt auch TR/Agent.AN.1031 |
12.02.2010, 19:23 | #9 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Könntest du uns ein weiteres RSIT Logfile zeigen? Da Avira sich meldet scannen wir mal damit, bitte aber Avira so konfigurieren http://www.trojaner-board.de/54192-a...tellungen.html Avira Logfile & das RSIT Logfile bitte hier hinein kopieren |
12.02.2010, 19:47 | #10 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt anCode:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by ************ at 2010-02-12 19:38:56 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 145 GB (50%) free of 290 GB Total RAM: 4057 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:38:58, on 12.02.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Users\************\Desktop\Downloads\RSIT.exe C:\Program Files (x86)\Trend Micro\HijackThis\************.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de&source=iglk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Startup: Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing) -- End of file - 11362 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}] Asz.Citavi.IEPicker.IEPickerButton - C:\Windows\SysWow64\mscoree.dll [2009-03-30 278848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-05 128232] "Dell Webcam Central"=C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-01-09 405639] "DellSupportCenter"=C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064] "GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-10 417792] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-11-12 141600] "SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\*************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Dell Dock.lnk - C:\Program Files (x86)\Dell\DellDock\DellDock.exe Warner Bros.lnk - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "ForceActiveDesktopOn"= "BindDirectlyToPropertySetStorage"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d1c13fc-75f3-11de-b52c-002564435475}] shell\AutoRun\command - G:\LaunchU3.exe -a ======File associations====== .js - edit - C:\Windows\SysWOW64\Notepad.exe %1 .js - open - C:\Windows\SysWOW64\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-02-12 19:38:56 ----D---- C:\rsit 2010-02-12 18:00:38 ----D---- C:\Users\**************\AppData\Roaming\Malwarebytes 2010-02-12 18:00:32 ----D---- C:\ProgramData\Malwarebytes 2010-02-12 18:00:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-02-12 16:20:48 ----D---- C:\Program Files (x86)\Trend Micro 2010-02-12 16:10:50 ----D---- C:\Program Files (x86)\CCleaner 2010-02-11 01:32:36 ----D---- C:\ProgramData\PlayPond 2010-02-11 01:26:34 ----D---- C:\ProgramData\Arcade Lab 2010-02-11 00:20:23 ----D---- C:\Program Files (x86)\PopCap Games 2010-02-11 00:04:08 ----D---- C:\ProgramData\PopCap Games 2010-02-10 20:28:22 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 20:28:21 ----A---- C:\Windows\system32\avifil32.dll 2010-02-10 01:17:20 ----D---- C:\ProgramData\Real 2010-02-08 16:34:06 ----A---- C:\Windows\system32\javaws.exe 2010-02-08 16:34:06 ----A---- C:\Windows\system32\javaw.exe 2010-02-08 16:34:06 ----A---- C:\Windows\system32\java.exe 2010-02-08 01:36:26 ----D---- C:\Users\************\AppData\Roaming\HdO Adventure 2010-02-06 18:30:43 ----D---- C:\Users\************\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 2010-02-06 18:30:39 ----D---- C:\Program Files (x86)\Warner Bros. Digital Copy Manager 2010-01-29 01:38:17 ----D---- C:\ProgramData\Dekovir 2010-01-22 22:24:42 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR 2010-01-22 13:48:52 ----A---- C:\Windows\system32\mshtml.dll 2010-01-22 13:48:50 ----A---- C:\Windows\system32\ieframe.dll 2010-01-22 13:48:49 ----A---- C:\Windows\system32\wininet.dll 2010-01-22 13:48:49 ----A---- C:\Windows\system32\urlmon.dll 2010-01-22 13:48:49 ----A---- C:\Windows\system32\iertutil.dll 2010-01-22 13:48:48 ----A---- C:\Windows\system32\occache.dll 2010-01-22 13:48:48 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-01-22 13:48:48 ----A---- C:\Windows\system32\msfeeds.dll 2010-01-22 13:48:48 ----A---- C:\Windows\system32\ieUnatt.exe 2010-01-22 13:48:48 ----A---- C:\Windows\system32\ieui.dll 2010-01-22 13:48:48 ----A---- C:\Windows\system32\iepeers.dll 2010-01-22 13:48:48 ----A---- C:\Windows\system32\iedkcs32.dll 2010-01-22 13:48:47 ----A---- C:\Windows\system32\msfeedssync.exe 2010-01-22 13:48:47 ----A---- C:\Windows\system32\jsproxy.dll 2010-01-22 13:48:47 ----A---- C:\Windows\system32\iesysprep.dll 2010-01-22 13:48:47 ----A---- C:\Windows\system32\iesetup.dll 2010-01-22 13:48:47 ----A---- C:\Windows\system32\iernonce.dll 2010-01-22 13:48:47 ----A---- C:\Windows\system32\ie4uinit.exe 2010-01-20 09:42:09 ----D---- C:\Program Files (x86)\Windows Portable Devices 2010-01-20 09:37:13 ----A---- C:\Windows\system32\WMPhoto.dll 2010-01-20 09:37:12 ----A---- C:\Windows\system32\d3d10warp.dll 2010-01-20 09:37:12 ----A---- C:\Windows\system32\d2d1.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\xpsservices.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\XpsRasterService.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\XpsPrint.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\XpsGdiConverter.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\WindowsCodecs.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\OpcServices.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\dxgi.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\dxdiagn.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\dxdiag.exe 2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d11.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d10level9.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d10core.dll 2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d10_1core.dll 2010-01-20 09:37:10 ----A---- C:\Windows\system32\DWrite.dll 2010-01-20 09:37:10 ----A---- C:\Windows\system32\d3d10_1.dll 2010-01-20 09:37:10 ----A---- C:\Windows\system32\d3d10.dll 2010-01-20 09:36:45 ----A---- C:\Windows\system32\WPDShextAutoplay.exe 2010-01-20 09:36:32 ----A---- C:\Windows\system32\WPDShServiceObj.dll 2010-01-20 09:36:32 ----A---- C:\Windows\system32\wpdshext.dll 2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll 2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2010-01-20 09:36:31 ----A---- C:\Windows\system32\WPDSp.dll 2010-01-20 09:36:31 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll 2010-01-20 09:35:33 ----A---- C:\Windows\system32\oleaccrc.dll 2010-01-20 09:35:32 ----A---- C:\Windows\system32\UIAutomationCore.dll 2010-01-20 09:35:32 ----A---- C:\Windows\system32\oleacc.dll 2010-01-20 09:34:18 ----A---- C:\Windows\system32\UIAnimation.dll 2010-01-20 09:34:17 ----A---- C:\Windows\system32\UIRibbonRes.dll 2010-01-20 09:34:16 ----A---- C:\Windows\system32\UIRibbon.dll 2010-01-19 12:42:31 ----D---- C:\Windows\system32\vi-VN 2010-01-19 12:42:31 ----D---- C:\Windows\system32\eu-ES 2010-01-19 12:42:31 ----D---- C:\Windows\system32\ca-ES 2010-01-18 20:02:35 ----A---- C:\Windows\IsUn040a.exe 2010-01-18 18:40:02 ----D---- C:\Users\*************\AppData\Roaming\gtk-2.0 2010-01-15 21:27:55 ----D---- C:\Users\*************\AppData\Roaming\NCH Software 2010-01-15 21:26:28 ----D---- C:\ProgramData\NCH Software 2010-01-15 21:26:21 ----D---- C:\Program Files (x86)\NCH Software 2010-01-14 13:09:48 ----A---- C:\Windows\system32\t2embed.dll 2010-01-14 13:09:48 ----A---- C:\Windows\system32\fontsub.dll ======List of files/folders modified in the last 1 months====== 2010-02-12 19:37:49 ----D---- C:\Windows\Temp 2010-02-12 19:01:00 ----D---- C:\Windows 2010-02-12 18:59:36 ----D---- C:\Windows\Tasks 2010-02-12 18:00:34 ----D---- C:\Windows\system32\drivers 2010-02-12 18:00:32 ----RD---- C:\Program Files (x86) 2010-02-12 18:00:32 ----HD---- C:\ProgramData 2010-02-12 16:41:12 ----SHD---- C:\System Volume Information 2010-02-12 16:15:40 ----D---- C:\Windows\Debug 2010-02-11 14:28:53 ----D---- C:\Windows\winsxs 2010-02-11 14:03:46 ----D---- C:\Windows\SysWOW64 2010-02-11 14:03:45 ----D---- C:\Windows\System32 2010-02-11 14:03:45 ----D---- C:\Program Files (x86)\Windows Mail 2010-02-11 14:00:49 ----SHD---- C:\Windows\Installer 2010-02-11 14:00:44 ----HD---- C:\Config.Msi 2010-02-11 14:00:26 ----D---- C:\ProgramData\Microsoft Help 2010-02-11 01:32:33 ----D---- C:\Users\***********\AppData\Roaming\Zylom 2010-02-11 01:32:33 ----D---- C:\Users\************\AppData\Roaming\Identities 2010-02-10 18:53:40 ----D---- C:\Windows\inf 2010-02-09 18:50:45 ----D---- C:\Users\**************\AppData\Roaming\Image Zone Express 2010-02-09 17:30:24 ----D---- C:\Windows\Prefetch 2010-02-09 01:45:17 ----D---- C:\Program Files (x86)\Google 2010-02-08 18:28:11 ----RSD---- C:\Windows\assembly 2010-02-08 16:34:03 ----D---- C:\Program Files (x86)\Java 2010-02-08 01:36:08 ----D---- C:\ProgramData\JollyBear 2010-02-04 22:26:26 ----D---- C:\Users\***************\AppData\Roaming\SpinTop Games 2010-02-04 14:01:41 ----D---- C:\Program Files (x86)\DivX 2010-02-04 14:01:11 ----D---- C:\Program Files (x86)\Common Files\DivX Shared 2010-01-28 03:07:48 ----D---- C:\Users\************\AppData\Roaming\ICQ 2010-01-28 03:00:26 ----D---- C:\Program Files (x86)\Internet Explorer 2010-01-27 17:13:34 ----D---- C:\Program Files (x86)\Adobe 2010-01-26 20:57:05 ----D---- C:\Users\***********\AppData\Roaming\Apple Computer 2010-01-24 20:53:10 ----SD---- C:\Users\***********\AppData\Roaming\Microsoft 2010-01-23 03:22:49 ----D---- C:\Windows\system32\migration 2010-01-22 22:24:51 ----D---- C:\ProgramData\Electronic Arts 2010-01-22 22:24:45 ----D---- C:\ProgramData\Adobe 2010-01-22 22:24:44 ----D---- C:\Users\**************\AppData\Roaming\Adobe 2010-01-22 22:24:42 ----D---- C:\Program Files (x86)\Common Files 2010-01-21 12:57:10 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-01-20 18:54:05 ----D---- C:\Windows\Microsoft.NET 2010-01-20 12:49:00 ----D---- C:\Windows\rescache 2010-01-20 09:42:10 ----D---- C:\Windows\system32\de-DE 2010-01-20 09:42:09 ----RD---- C:\Program Files 2010-01-20 09:42:09 ----D---- C:\Windows\system32\wbem 2010-01-20 09:42:04 ----D---- C:\Windows\system32\zh-TW 2010-01-20 09:42:04 ----D---- C:\Windows\system32\zh-HK 2010-01-20 09:42:04 ----D---- C:\Windows\system32\zh-CN 2010-01-20 09:42:04 ----D---- C:\Windows\system32\uk-UA 2010-01-20 09:42:04 ----D---- C:\Windows\system32\tr-TR 2010-01-20 09:42:04 ----D---- C:\Windows\system32\th-TH 2010-01-20 09:42:04 ----D---- C:\Windows\system32\sv-SE 2010-01-20 09:42:04 ----D---- C:\Windows\system32\sr-Latn-CS 2010-01-20 09:42:04 ----D---- C:\Windows\system32\sl-SI 2010-01-20 09:42:04 ----D---- C:\Windows\system32\sk-SK 2010-01-20 09:42:04 ----D---- C:\Windows\system32\ru-RU 2010-01-20 09:42:04 ----D---- C:\Windows\system32\ro-RO 2010-01-20 09:42:04 ----D---- C:\Windows\system32\pt-PT 2010-01-20 09:42:04 ----D---- C:\Windows\system32\pt-BR 2010-01-20 09:42:04 ----D---- C:\Windows\system32\pl-PL 2010-01-20 09:42:04 ----D---- C:\Windows\system32\nl-NL 2010-01-20 09:42:04 ----D---- C:\Windows\system32\nb-NO 2010-01-20 09:42:04 ----D---- C:\Windows\system32\lv-LV 2010-01-20 09:42:04 ----D---- C:\Windows\system32\lt-LT 2010-01-20 09:42:04 ----D---- C:\Windows\system32\ko-KR 2010-01-20 09:42:04 ----D---- C:\Windows\system32\ja-JP 2010-01-20 09:42:04 ----D---- C:\Windows\system32\it-IT 2010-01-20 09:42:04 ----D---- C:\Windows\system32\hu-HU 2010-01-20 09:42:04 ----D---- C:\Windows\system32\hr-HR 2010-01-20 09:42:04 ----D---- C:\Windows\system32\he-IL 2010-01-20 09:42:04 ----D---- C:\Windows\system32\fr-FR 2010-01-20 09:42:04 ----D---- C:\Windows\system32\fi-FI 2010-01-20 09:42:04 ----D---- C:\Windows\system32\et-EE 2010-01-20 09:42:04 ----D---- C:\Windows\system32\es-ES 2010-01-20 09:42:04 ----D---- C:\Windows\system32\en-US 2010-01-20 09:42:04 ----D---- C:\Windows\system32\el-GR 2010-01-20 09:42:04 ----D---- C:\Windows\system32\da-DK 2010-01-20 09:42:04 ----D---- C:\Windows\system32\cs-CZ 2010-01-20 09:42:04 ----D---- C:\Windows\system32\bg-BG 2010-01-20 09:42:04 ----D---- C:\Windows\system32\ar-SA 2010-01-19 17:32:10 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-01-19 12:51:20 ----SHD---- C:\boot 2010-01-19 12:44:19 ----D---- C:\Program Files (x86)\Windows Sidebar 2010-01-19 12:44:19 ----D---- C:\Program Files (x86)\Windows Media Player 2010-01-19 12:44:19 ----D---- C:\Program Files (x86)\Windows Calendar 2010-01-19 12:44:18 ----D---- C:\Program Files (x86)\Common Files\System 2010-01-19 12:44:17 ----D---- C:\Program Files (x86)\Windows Photo Gallery 2010-01-19 12:44:14 ----D---- C:\Windows\servicing 2010-01-19 12:44:13 ----D---- C:\Windows\ehome 2010-01-19 12:43:49 ----D---- C:\Windows\system32\XPSViewer 2010-01-19 12:43:47 ----D---- C:\Windows\system32\oobe 2010-01-19 12:43:43 ----D---- C:\Windows\system32\SLUI 2010-01-19 12:43:43 ----D---- C:\Windows\system32\setup 2010-01-19 12:43:43 ----D---- C:\Windows\system32\manifeststore 2010-01-19 12:43:43 ----D---- C:\Windows\system32\AdvancedInstallers 2010-01-19 12:43:41 ----D---- C:\Windows\system32\migwiz 2010-01-19 12:43:20 ----D---- C:\Windows\IME 2010-01-19 12:42:39 ----RSD---- C:\Windows\Fonts 2010-01-19 12:42:38 ----D---- C:\Windows\AppPatch 2010-01-15 14:04:16 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft 2010-01-14 13:02:52 ----D---- C:\Program Files (x86)\BrainSpeeder ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows XP/Vista x64; C:\Windows\system32\DRIVERS\Apfiltr.sys [] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [] R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys [] R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA009Ufd.sys [] R3 OA009Vid;Creative Camera OA009 Function Driver; C:\Windows\system32\DRIVERS\OA009Vid.sys [] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [] S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032e.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [] S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-05 28152] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [] S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS [] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [2008-12-17 206064] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe [] R2 yksvc;Marvell Yukon Service; ykx64coinst,serviceStartProc [] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 660256] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-18 133104] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968] S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384] -----------------EOF----------------- |
12.02.2010, 19:49 | #11 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt anCode:
ATTFilter info.txt logfile of random's system information tool 1.06 2010-02-12 19:38:59 ======Uninstall list====== -->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Windows\CtDrvIns.exe -uninstall -script OA009.uns -unsext NTamd64 -plugin OA009Pin.dll -pluginres OA009Pin.crl -nodisconprompt -langid 0x0407 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7 -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x7 Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7 /remove Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Citavi 2.5-->C:\Program Files (x86)\Citavi\Deinstallieren.exe Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045} Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Dell Video Chat-->C:\Program Files (x86)\Dell Video Chat\uninst.exe Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x7 /remove Die Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Plus Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN EA Download Manager UI-->msiexec /qb /x {C4FFCD8D-3A06-E243-2747-2CE771A8B7D4} EA Download Manager UI-->MsiExec.exe /I{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4} EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe Free Studio version 4.2-->"C:\Program Files (x86)\DVDVideoSoft\Free Studio\unins000.exe" Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT="" HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70} HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1} HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3} ICQ6.5-->"C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A} Live! Cam Avatar Creator-->C:\Program Files (x86)\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0007 -removeonly /remove Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mozilla Firefox (3.5.7)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93} Peggle Deluxe 1.01-->C:\Program Files (x86)\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files (x86)\PopCap Games\Peggle Deluxe\Install.log" PokerStars-->"C:\Program Files (x86)\PokerStars\PokerStarsUninstall.exe" /u:PokerStars PowerDVD DX-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x7 -cluninstall Prism Video Converter-->C:\Program Files (x86)\NCH Software\Prism\uninst.exe ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693} Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3} Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB} Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} ScummVM 0.13.0-->"C:\Program Files (x86)\ScummVM\unins000.exe" Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SlimDX Redistributable (March 2009)-->MsiExec.exe /X{D5395E5F-4D45-4665-8F00-234FA33678AF} SPORE™-->"C:\Program Files (x86)\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly TSR Workshop-->MsiExec.exe /I{69656F80-EC05-4FF4-915C-AE417CAB7226} Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Warner Bros. Digital Copy Manager-->msiexec /qb /x {0E6EC2D7-5C9B-28B7-C848-171EDACB9625} Warner Bros. Digital Copy Manager-->MsiExec.exe /I{0E6EC2D7-5C9B-28B7-C848-171EDACB9625} Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60} Windows Live Call-->MsiExec.exe /I{835686C5-8650-49EB-8CA0-4528B4035495} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{DF5F687F-8018-4542-9F98-7084E9022917} Windows Live Fotogalerie-->MsiExec.exe /X{6B96DADA-1A27-4A04-8CB2-CC45168D05FA} Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Live Sync-->MsiExec.exe /X{8C1E2925-14F8-45AA-B999-1E2A74BF5607} Windows Live Toolbar-->MsiExec.exe /X{566BAEC0-74CB-4ACC-9E18-8779AC974FB0} Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Zylom Games Player Plugin-->"C:\Program Files (x86)\Zylom Games\UninstallPlugin.exe" --uninstall ======Security center information====== AS: Windows Defender ======System event log====== Computer Name: **************** Event Code: 10029 Message: DCOM hat den Dienst BITS mit den Argumenten "" gestartet, um den Server auszuführen: {4991D34B-80A1-4291-83B6-3328366B9097} Record Number: 52673 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20091013155518.000000-000 Event Type: Informationen User: Computer Name: **************** Event Code: 7036 Message: Dienst "Google Update Service (gupdate)" befindet sich jetzt im Status "Beendet". Record Number: 52672 Source Name: Service Control Manager Time Written: 20091013155506.000000-000 Event Type: Informationen User: Computer Name: **************** Event Code: 7036 Message: Dienst "Windows Search" befindet sich jetzt im Status "Ausgeführt". Record Number: 52671 Source Name: Service Control Manager Time Written: 20091013155506.000000-000 Event Type: Informationen User: Computer Name: **************** Event Code: 7036 Message: Dienst "Avira AntiVir Guard" befindet sich jetzt im Status "Ausgeführt". Record Number: 52670 Source Name: Service Control Manager Time Written: 20091013155506.000000-000 Event Type: Informationen User: Computer Name: **************** Event Code: 7036 Message: Dienst "IPsec-Richtlinien-Agent" befindet sich jetzt im Status "Ausgeführt". Record Number: 52669 Source Name: Service Control Manager Time Written: 20091013155506.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: **************** Event Code: 0 Message: Consent #2 Handled Record Number: 587 Source Name: DellStart Time Written: 20090721103705.000000-000 Event Type: Informationen User: Computer Name: **************** Event Code: 0 Message: Provider ID: DellSupportCenter Record Number: 586 Source Name: DellStart Time Written: 20090721103705.000000-000 Event Type: Informationen User: Computer Name: **************** Event Code: 0 Message: Administrator verified Record Number: 585 Source Name: DellStart Time Written: 20090721103705.000000-000 Event Type: Informationen User: Computer Name: **************** Event Code: 5000 Message: Record Number: 584 Source Name: McLogEvent Time Written: 20090721103330.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: **************** Event Code: 1 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 583 Source Name: SecurityCenter Time Written: 20090721103234.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: **************** Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: D5S8TVJ1$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x254 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 1107 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090721105222.006958-000 Event Type: Überwachung erfolgreich User: Computer Name: **************** Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 1106 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090721105221.804158-000 Event Type: Überwachung erfolgreich User: Computer Name: **************** Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: D5S8TVJ1$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x254 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 1105 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090721105221.804158-000 Event Type: Überwachung erfolgreich User: Computer Name: **************** Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: D5S8TVJ1$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x254 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 1104 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090721105221.804158-000 Event Type: Überwachung erfolgreich User: Computer Name: *************** Event Code: 1102 Message: Das Überwachungsprotokoll wurde gelöscht. Subjekt: Sicherheits- ID: ****************** Kontoname: ************** Domänenname: *********** Logon-ID: ************** Record Number: 1103 Source Name: Microsoft-Windows-Eventlog Time Written: 20090721103204.325758-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat "DFSTRACINGON"=FALSE "RoxioCentral"=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\ "CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- |
12.02.2010, 19:51 | #12 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Werde gleich nach dem Log schauen. Scanne nun mit Avira, falls schon konfiguriert wie in der Anleitung. Poste dann das Ergebnis komplett hier hinein |
12.02.2010, 20:09 | #13 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Hey, bitte tu noch folgendes: Öffne HiJackThis, scanne und fixe folgendes: Code:
ATTFilter O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) Code:
ATTFilter R3 - URLSearchHook: (no name) - - (no file) Hast du Avira wie hier ( http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html ) eingestellt ? Dann scanne folgendermaßen: Öffne Avira, updaten, lokaler Schutz und dann auf lokale Laufwerke. Vista und Win 7 User bitte rechtsklick auf lokale Laufwerk und als admin ausführen |
12.02.2010, 20:32 | #14 | |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an Ich habe die Einstellungen bei Avira vorgenommen, dann aber auf normalen Scan gedrückt, ohne Update usw. Werde es aber wie beschrieben gleich noch durchführen. Zitat:
Danke! |
12.02.2010, 20:53 | #15 |
| TR/Agent.AN.1033 Malware gefunden, Antivir springt an mach erstmal den Avira - Scan wenn du den hast kümmern wir um uns um den rest Geändert von Kiyoshi (12.02.2010 um 20:59 Uhr) Grund: Deutsche Sprache, schwere Sprache ;) |
Themen zu TR/Agent.AN.1033 Malware gefunden, Antivir springt an |
adobe, antivir, antivir guard, avg, avira, bho, browser, central, defender, desktop, explorer, gupdate, hijackthis, icq, internet, internet explorer, local\temp, logfile, lsass.exe, malware, malware gefunden, microsoft, plug-in, rundll, senden, software, syswow64, temp, vista, windows, wmp |