|
Log-Analyse und Auswertung: Windows XP spielt verrücktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.04.2010, 13:18 | #1 |
| Windows XP spielt verrückt Hallo ich bin neu hier und befolge gerade die Anweisungen, also hier ist der verlangte Bericht:Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3962 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 07.04.2010 13:40:49 mbam-log-2010-04-07 (13-40-49).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 109450 Laufzeit: 5 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 21 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully. C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Es sind einige viren darunter glaub ich zumindest, mal! Der Fund sagt das mal?'!?! Ich kenne mich wirklich nicht so aus mit PC's, aber bin lernbereit! Bitte helft mir das mein Laptop wieder in einem normalen Zustand ist! Er bringt mir andauernd Fehler/Fundmeldungen auf meinem AntiVira Programm! Jetzt sind auch die beiden anderen Dateien fertig! 1.Log Logfile of random's system information tool 1.06 (written by random/random) Run by charlene at 2010-04-07 13:53:09 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 208 GB (71%) free of 294 GB Total RAM: 3069 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:53:22, on 07.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Users\charlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Windows\explorer.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\conime.exe C:\Users\charlene\Desktop\windows-kb890830-v3.5.exe c:\ca3df64dfcb895cce634f1\mrtstub.exe C:\Windows\system32\MRT.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\PROGRA~1\Bandoo\BndCore.exe C:\ProgramData\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Users\charlene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3RC14U1\RSIT[1].exe C:\Program Files\trend micro\charlene.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=fptb-ober R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\charlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {830690FC-BF2F-47A6-AC2D-330BCB402664} (Skype Class) - hxxp://www.skyecandy.com/skype/Skype4COM.dll O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game10.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - hxxp://pogo.oberon-media.com/online2/pogo/wedding_dash/WeddingDash.1.0.0.47.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 19327 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\HPCeeScheduleForcharlene.job C:\Windows\tasks\User_Feed_Synchronization-{1E5BA7CB-7B9A-4DE1-9EEC-A1BE37F8F5CB}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-29 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-28 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}] BandooIEPlugin Class - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll [2010-01-19 2074048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2010-03-23 160056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll [2010-03-23 940856] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-29 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136] "DVDAgent"=C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200] "TSMAgent"=C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-09-25 1152296] "CLMLServer for HP TouchSmart"=C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-09-25 189736] "UCam_Menu"=C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-10-03 912688] "UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-09-26 210216] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-09-05 206128] "UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752] "TVAgent"=C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [2009-04-22 206120] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552] "MobileConnect"=C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576] "NokiaMusic FastStart"=C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2009-11-06 2090272] "NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [] "NPSStartup"= [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-28 149280] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-29 1086856] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392] "HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-16 39408] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336] "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216] "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-11-28 102400] "Octoshape Streaming Services"=C:\Users\charlene\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\charlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\progra~1\bandoo\bndhook.dll " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableLockWorkstation"=0 "DisableTaskMgr"=0 "DisableChangePassword"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "HideFastUserSwitching"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoLogoff"=0 "NoClose"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21b3f502-4d08-11de-af29-00238b896f0a}] shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{402b0f0c-4d1c-11de-8de2-00238b896f0a}] shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f219050f-51df-11de-92a6-00238b896f0a}] shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence ======List of files/folders created in the last 1 months====== 2010-04-07 13:53:10 ----D---- C:\Program Files\trend micro 2010-04-07 13:53:09 ----D---- C:\rsit 2010-04-07 13:24:35 ----D---- C:\Users\charlene\AppData\Roaming\Malwarebytes 2010-04-07 13:24:19 ----D---- C:\ProgramData\Malwarebytes 2010-04-07 13:24:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-07 12:56:24 ----D---- C:\Program Files\CCleaner 2010-04-07 10:21:34 ----D---- C:\ca3df64dfcb895cce634f1 2010-04-07 09:48:02 ----D---- C:\Users\charlene\AppData\Roaming\PeerNetworking 2010-04-07 01:43:12 ----D---- C:\833c75be8d96f8e7e4644207 2010-04-05 21:39:18 ----D---- C:\Users\charlene\AppData\Roaming\SoftGrid Client 2010-04-04 21:59:47 ----N---- C:\Windows\system32\sshnas21.dll 2010-03-31 10:20:38 ----A---- C:\Windows\system32\mshtml.dll 2010-03-31 10:20:37 ----A---- C:\Windows\system32\wininet.dll 2010-03-31 10:20:37 ----A---- C:\Windows\system32\urlmon.dll 2010-03-31 10:20:35 ----A---- C:\Windows\system32\ieframe.dll 2010-03-31 10:20:33 ----A---- C:\Windows\system32\mshtmled.dll 2010-03-31 10:20:33 ----A---- C:\Windows\system32\ieui.dll 2010-03-31 10:20:32 ----A---- C:\Windows\system32\iepeers.dll 2010-03-31 10:20:32 ----A---- C:\Windows\system32\ieencode.dll 2010-03-31 10:20:31 ----A---- C:\Windows\system32\ieapfltr.dll 2010-03-29 22:30:42 ----D---- C:\Program Files\Microsoft SQL Server 2010-03-29 22:22:09 ----D---- C:\Program Files\Microsoft Visual Studio 2010-03-29 21:58:37 ----D---- C:\Users\charlene\AppData\Roaming\GetRightToGo 2010-03-29 19:17:00 ----D---- C:\Program Files\Microsoft Application Virtualization Client 2010-03-29 19:15:42 ----D---- C:\Users\charlene\AppData\Roaming\TP 2010-03-19 03:07:42 ----D---- C:\Users\charlene\AppData\Roaming\Bandoo 2010-03-19 03:07:07 ----D---- C:\ProgramData\Bandoo 2010-03-19 03:06:59 ----D---- C:\Program Files\Bandoo 2010-03-13 17:04:03 ----D---- C:\Users\charlene\AppData\Roaming\Apple Computer 2010-03-13 17:03:29 ----A---- C:\Windows\system32\GEARAspi.dll 2010-03-13 17:01:53 ----D---- C:\Program Files\iPod 2010-03-13 17:01:49 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-03-13 17:01:47 ----D---- C:\Program Files\iTunes 2010-03-13 17:00:44 ----D---- C:\Program Files\Bonjour 2010-03-13 16:59:47 ----D---- C:\Program Files\QuickTime 2010-03-13 16:59:46 ----D---- C:\ProgramData\Apple Computer 2010-03-13 16:58:51 ----D---- C:\Program Files\Apple Software Update 2010-03-13 16:55:47 ----D---- C:\ProgramData\Apple 2010-03-13 16:55:47 ----D---- C:\Program Files\Common Files\Apple 2010-03-11 04:00:41 ----A---- C:\Windows\system32\nshhttp.dll 2010-03-11 04:00:34 ----A---- C:\Windows\system32\httpapi.dll 2010-03-09 22:27:31 ----D---- C:\ProgramData\Flood Light Games ======List of files/folders modified in the last 1 months====== 2010-04-07 13:53:12 ----D---- C:\Windows\Temp 2010-04-07 13:53:10 ----RD---- C:\Program Files 2010-04-07 13:52:12 ----D---- C:\Windows\Web 2010-04-07 13:52:12 ----D---- C:\Windows\system32\drivers 2010-04-07 13:40:48 ----D---- C:\Windows\Tasks 2010-04-07 13:25:53 ----D---- C:\Users\charlene\AppData\Roaming\Skype 2010-04-07 13:24:19 ----HD---- C:\ProgramData 2010-04-07 13:14:16 ----D---- C:\Windows\Minidump 2010-04-07 13:14:16 ----D---- C:\Windows\Debug 2010-04-07 13:14:16 ----D---- C:\Windows 2010-04-07 13:05:16 ----D---- C:\Windows\tracing 2010-04-07 12:33:11 ----D---- C:\Windows\system32\Tasks 2010-04-07 11:58:08 ----SHD---- C:\System Volume Information 2010-04-07 10:38:11 ----SHD---- C:\Windows\Installer 2010-04-07 10:22:54 ----D---- C:\Windows\System32 2010-04-07 10:22:53 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-04-07 10:22:52 ----D---- C:\Windows\inf 2010-04-07 10:22:31 ----D---- C:\Users\charlene\AppData\Roaming\skypePM 2010-04-07 10:15:36 ----D---- C:\Windows\system32\wbem 2010-04-07 10:14:03 ----D---- C:\Windows\system32\config 2010-04-07 10:13:42 ----D---- C:\Windows\system32\spool 2010-04-07 10:13:42 ----D---- C:\Windows\system32\catroot2 2010-04-07 10:13:32 ----D---- C:\BigFishGamesCache 2010-04-05 22:00:06 ----D---- C:\Users\charlene\AppData\Roaming\Identities 2010-04-05 06:13:26 ----D---- C:\Windows\Prefetch 2010-04-01 14:37:42 ----D---- C:\ProgramData\Yahoo! Companion 2010-04-01 03:04:05 ----D---- C:\Windows\winsxs 2010-03-31 10:18:26 ----D---- C:\Windows\system32\catroot 2010-03-31 03:05:27 ----D---- C:\ProgramData\Microsoft Help 2010-03-31 03:03:09 ----A---- C:\Windows\win.ini 2010-03-31 03:03:06 ----D---- C:\Program Files\Common Files\System 2010-03-29 22:38:17 ----RSD---- C:\Windows\assembly 2010-03-29 22:38:14 ----D---- C:\Program Files\Microsoft.NET 2010-03-29 22:38:14 ----D---- C:\Program Files\Common Files\microsoft shared 2010-03-29 22:22:04 ----D---- C:\Windows\ShellNew 2010-03-29 22:21:21 ----D---- C:\Program Files\Microsoft Office 2010-03-29 22:21:15 ----RSD---- C:\Windows\Fonts 2010-03-29 19:18:07 ----SD---- C:\ProgramData\Microsoft 2010-03-25 11:09:24 ----D---- C:\Users\charlene\AppData\Roaming\muvee Technologies 2010-03-16 17:06:39 ----D---- C:\Program Files\Oberon Media 2010-03-13 17:03:28 ----DC---- C:\Windows\system32\DRVSTORE 2010-03-13 16:55:47 ----D---- C:\Program Files\Common Files 2010-03-12 15:18:23 ----AD---- C:\ProgramData\Temp 2010-03-11 04:19:07 ----D---- C:\Program Files\Windows Mail 2010-03-11 04:19:07 ----D---- C:\Program Files\Movie Maker 2010-03-09 14:27:53 ----A---- C:\Windows\system32\ezsvc7x.dll 2010-03-08 00:31:22 ----N---- C:\Windows\Setup1.exe 2010-03-08 00:31:21 ----A---- C:\Windows\ST6UNST.EXE ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-08-04 934400] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-09-17 3930112] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-09-04 54784] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 sftfs;sftfs; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064] R3 sftplay;sftplay; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848] R3 sftvol;sftvol; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-09-11 389120] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112] R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632] S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [] S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe [2008-06-27 77824] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-09-17 704512] R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Bandoo\Bandoo.exe [2010-01-19 1678272] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600] R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-04-07 233472] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-06-30 241734] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe [2008-09-11 237650] R2 TVCapSvc;TV Background Capture Service (TVBCS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-04-22 296320] R2 TVSched;TV Task Scheduler (TVTS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-04-22 116104] R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-09-08 193840] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-08-27 165192] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29 135664] S2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208] S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 fsssvc;Windows Live Family Safety-Dienst; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2010-02-08 238328] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-16 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840] -----------------EOF----------------- und dann Info 2. info.txt logfile of random's system information tool 1.06 2010-04-07 13:53:28 ======Uninstall list====== -->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe" -->"C:\Program Files\HP Games\Ancient Hearts\Uninstall.exe" -->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe" -->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe" -->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe" -->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe" -->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe" -->"C:\Program Files\HP Games\Dora's Carnival Adventure\Uninstall.exe" -->"C:\Program Files\HP Games\Escape the Museum\Uninstall.exe" -->"C:\Program Files\HP Games\FATE\Uninstall.exe" -->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe" -->"C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe" -->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe" -->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe" -->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe" -->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe" -->"C:\Program Files\HP Games\Peggle\Uninstall.exe" -->"C:\Program Files\HP Games\Penguins!\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe" -->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Snowy - Treasure Hunter 2\Uninstall.exe" -->"C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe" -->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe" -->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe" -->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe" -->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe" -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE 32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA} Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001} Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11} AMD USB Audio Driver Filter-->MsiExec.exe /X{A3AB35FA-943E-4799-99DC-46EFD59E998F} AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe" Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0007 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bandoo-->C:\Program Files\Bandoo\PreUninstall.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Carnet d'activités À plus! 1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8895A6B-1A5A-4754-AE70-70432DA6C6D6}\setup.exe" -l0x7 Catalyst Control Center - Branding-->MsiExec.exe /I{558FF444-F562-4E4C-98BD-7B20EE184D2E} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3} Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560} Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E} CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43} Free Studio version 4.2-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe" Free YouTube Download 2.3-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F} HP Document Manager 1.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat HP Games-->"C:\Program Files\HP Games\Uninstall.exe" HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E} HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS HP MediaSmart SmartMenu-->MsiExec.exe /I{D8BB0945-B990-47DC-BFE3-3FDE1E165B30} HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\Setup.exe" /z-uninstall HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\Setup.exe" /z-uninstall HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall HP Officejet All-In-One Series-->C:\Program Files\HP\Digital Imaging\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}\setup\hpzscr01.exe -datfile hpwscr20.dat -forcereboot HP Quick Launch Buttons 6.40 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3} HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F} HP User Guides 0128-->MsiExec.exe /X{07A5026D-5F9F-43D1-9073-C2F882D417E7} HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50} HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4} HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{846DDADA-0239-4B67-A6B1-33658863793B}\setup.exe" -l0x9 -removeonly IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x7 -remove -removeonly iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Click-to-Run 2010 (Beta)-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall Microsoft Office Click-to-Run 2010 (Beta)-->MsiExec.exe /I{20140000-006D-0407-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE} Microsoft Office Professional 2007-Testversion-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00B4-0407-0000-0000000FF1CE} /uninstall {16809599-3C53-4A9A-A7E2-74A6D0D2C007} Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {9E73617F-2F38-4864-BD61-BB2DDFE43323} Microsoft Office Project MUI (German) 2007-->MsiExec.exe /X{90120000-00B4-0407-0000-0000000FF1CE} Microsoft Office Project Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPROR /dll OSETUP.DLL Microsoft Office Project Professional 2007-->MsiExec.exe /X{91120000-003B-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E} Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC} |
07.04.2010, 13:19 | #2 |
| Windows XP spielt verrückt hier ist Teil 2. des ganzen! Hat nich alles auf eine Seite gepasst
__________________neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Ovi Player-->MsiExec.exe /I{A528306A-C5EC-481C-A619-6106334E6800} Nokia_Multimedia_Common_Components_2_5-->MsiExec.exe /I{3762698E-E9DF-4DD8-99F1-8192D0F8EE06} OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585} PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} Posh Boutique 2-->"C:\Program Files\HP Games\Posh Boutique 2\Uninstall.exe" Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall ProtectSmart Hard Drive Protection-->MsiExec.exe /X{CB71A20E-B1B4-4562-81FA-33E1DBD0342F} QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0407 -removeonly Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A} SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF} Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1D53FB73-9826-4541-B2E0-A239C6EBA718} Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {34726474-50D6-49FC-B8AC-35411459D27A} Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D53FB73-9826-4541-B2E0-A239C6EBA718} Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {34726474-50D6-49FC-B8AC-35411459D27A} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421} Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860} Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Family Safety-->MsiExec.exe /X{994223F3-A99B-4DDD-9E1D-0190A17C6860} Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF} Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018} Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC} Windows Live Toolbar-->MsiExec.exe /X{70B7A167-0B88-445D-A3EA-97C73AA88CAC} Windows Live Writer-->MsiExec.exe /X{E0A4805D-280A-4DD7-9E74-3A5F85E302A1} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_1a3c82dd\enecir.inf Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE ======System event log====== Computer Name: charlene-PC Event Code: 7036 Message: Dienst "Windows Installer" befindet sich jetzt im Status "Ausgeführt". Record Number: 132404 Source Name: Service Control Manager Time Written: 20091217125805.000000-000 Event Type: Informationen User: Computer Name: charlene-PC Event Code: 10029 Message: DCOM hat den Dienst MSIServer mit den Argumenten "" gestartet, um den Server auszuführen: {000C101C-0000-0000-C000-000000000046} Record Number: 132403 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20091217125805.000000-000 Event Type: Informationen User: Computer Name: charlene-PC Event Code: 7036 Message: Dienst "Peer Name Resolution-Protokoll" befindet sich jetzt im Status "Ausgeführt". Record Number: 132402 Source Name: Service Control Manager Time Written: 20091217125749.000000-000 Event Type: Informationen User: Computer Name: charlene-PC Event Code: 7036 Message: Dienst "Com4QLBEx" befindet sich jetzt im Status "Ausgeführt". Record Number: 132401 Source Name: Service Control Manager Time Written: 20091217125748.000000-000 Event Type: Informationen User: Computer Name: charlene-PC Event Code: 10029 Message: DCOM hat den Dienst Com4QLBEx mit den Argumenten "" gestartet, um den Server auszuführen: {DB536E5D-10F7-4B34-B443-140161048E2E} Record Number: 132400 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20091217125748.000000-000 Event Type: Informationen User: =====Application event log===== Computer Name: charlene-PC Event Code: 0 Message: conflictManagerTypeValue Record Number: 48785 Source Name: VMCService Time Written: 20091118194101.000000-000 Event Type: Fehler User: Computer Name: charlene-PC Event Code: 0 Message: CreateEventSource -> 10 ms Record Number: 48784 Source Name: VMCService Time Written: 20091118194101.000000-000 Event Type: Informationen User: Computer Name: charlene-PC Event Code: 102 Message: Windows (2452) Windows: Das Datenbankmodul (6.00.6001.0000) hat eine neue Instanz gestartet (0). Record Number: 48783 Source Name: ESENT Time Written: 20091118194101.000000-000 Event Type: Informationen User: Computer Name: charlene-PC Event Code: 0 Message: Record Number: 48782 Source Name: Bandoo Coordinator Time Written: 20091118194101.000000-000 Event Type: Informationen User: Computer Name: charlene-PC Event Code: 0 Message: Record Number: 48781 Source Name: YahooAUService Time Written: 20091118194101.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: charlene-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Berechtigungen: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 17759 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090819194928.316380-000 Event Type: Überwachung erfolgreich User: Computer Name: charlene-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: CHARLENE-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 5 Neue Anmeldung: Sicherheits-ID: S-1-5-18 Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x298 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Arbeitsstationsname: Quellnetzwerkadresse: - Quellport: - Detaillierte Authentifizierungsinformationen: Anmeldeprozess: Advapi Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 17758 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090819194928.316380-000 Event Type: Überwachung erfolgreich User: Computer Name: charlene-PC Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: CHARLENE-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: SYSTEM Kontodomäne: NT-AUTORITÄT Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x298 Prozessname: C:\Windows\System32\services.exe Netzwerkinformationen: Netzwerkadresse: - Port: - Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 17757 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090819194928.316380-000 Event Type: Überwachung erfolgreich User: Computer Name: charlene-PC Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-21-2381905232-2841575821-3117080464-1000 Kontoname: charlene Kontodomäne: charlene-PC Anmelde-ID: 0x6f0a1 Berechtigungen: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 17756 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090819194519.173380-000 Event Type: Überwachung erfolgreich User: Computer Name: charlene-PC Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: CHARLENE-PC$ Kontodomäne: WORKGROUP Anmelde-ID: 0x3e7 Anmeldetyp: 2 Neue Anmeldung: Sicherheits-ID: S-1-5-21-2381905232-2841575821-3117080464-1000 Kontoname: charlene Kontodomäne: charlene-PC Anmelde-ID: 0x6f0ba Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0x2e4 Prozessname: C:\Windows\System32\winlogon.exe Netzwerkinformationen: Arbeitsstationsname: CHARLENE-PC Quellnetzwerkadresse: 127.0.0.1 Quellport: 0 Detaillierte Authentifizierungsinformationen: Anmeldeprozess: User32 Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 17755 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090819194519.173380-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=17 "PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0301 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "OnlineServices"=Online Services "Platform"=MCD "PCBRAND"=Pavilion "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Danke im vorraus für die Hilfe! |
07.04.2010, 18:24 | #3 | |
| Windows XP spielt verrückt 1. http://www.trojaner-board.de/74908-a...t-scanner.html
__________________Log posten. 2. Hol dir OTL Starte OTL Kopiere unten in das Skript-Feld rein: Zitat:
Schließe alle anderen Programme. Klicke auf Quick Scan. Poste die beiden Logs - OTL.txt und Extras.txt |
Themen zu Windows XP spielt verrückt |
32 bit, adware.mywebsearch, adware.shopperreports, adware.zango, antivir guard, antivirus, antivirus scan, avgntflt.sys, avira, bandoo, bereit, bho, components, content.ie5, desktop, device driver, diagnostics, diner dash, disabletaskmgr, document, error, flash player, flood, fontcache, google, gupdate, hdaudio.sys, hijack, hijackthis, home, home premium, install.exe, installation, launch, malwarebytes' anti-malware, mp3, msiexec.exe, object, office 2007, officejet, plug-in, programdata, programm, realtek, registry, seaport.exe, senden, software, start menu, studio, svchost.exe, symantec, system, trojan.downloader, usbvideo.sys, viren, vista 32, vista 32 bit, vodafone, windows, windows xp, wireless lan |