Home » Spyware & Browser Hijacker Support Forum » pop up von drive cleaner » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3

Antworten

pop up von drive cleaner

13.06.2007, 16:21

crassty

...neu hier

Beiträge: 3

#1 Hallo liebe community,
ich bekomme mehrfach pop ups von drive cleaner,
ich hoffe ihr könnt mir da weiterhelfen.

Hier erstmal hoffentlich die relevanten Informationen:

Logfile of HijackThis v1.99.1
Scan saved at 16:15:33, on 13.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\D-Link\AirPlus G\AirGCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Saitek\Software\Profiler.exe
C:\Programme\Saitek\Software\SaiSmart.exe
C:\Programme\Saitek\Software\SaiMfd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\CyberLink\Shared Files\RichVideo.exe
c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\DTV\DVB-T USB 2.0\RC.exe
C:\Programme\Mozilla Firefox\firefox.exe
c:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Dokumente und Einstellungen\Cristian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.draconis-equitis.de/news.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice-dsl.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://de.yahoo.com/fsc/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioDragToDisc] "c:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Profiler] C:\Programme\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Programme\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Programme\Saitek\Software\SaiMfd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration DIE SIEDLER - Das Erbe der Könige.LNK = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - c:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

combofix wird noch nachgereicht.
Ich hoffe ihr könnt mir weiterhelfen.
Bei eventuellen Antworten bitte ich um relativ einfach gehaltende Sprache, bin leider weit davon entfernt Experte in diesen Dingen zu sein.

Vielen Dank für jede Hilfe schon mal im Voraus

hier is das Ergebnis von combofix:

omboFix 07-06-13.3 - C:\Dokumente und Einstellungen\Cristian\Desktop\ComboFix.exe
"Cristian" - 2007-06-13 16:31:08 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\launcher.exe

((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))

2007-06-13 16:30 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 01:01 <DIR> d-------- C:\Programme\ChessBase
2007-06-12 01:01 <DIR> d-------- C:\DOKUME~1\Cristian\ANWEND~1\ChessBase
2007-06-09 13:57 <DIR> d-------- C:\Programme\MAXQDA2007
2007-06-09 13:57 <DIR> d-------- C:\DOKUME~1\Cristian\ANWEND~1\MAXQDA2007
2007-06-04 11:00 <DIR> d-------- C:\Programme\ShotOnline[Deutsch]
2007-06-01 13:59 <DIR> d-------- C:\Programme\Common Files
2007-06-01 13:58 <DIR> d-------- C:\Programme\GamesCampus
2007-05-22 11:21 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-16 16:27 <DIR> d-------- C:\Programme\Joost
2007-05-16 16:26 <DIR> d-------- C:\DOKUME~1\Cristian\ANWEND~1\Joost

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 13:48:50 -------- d-----w C:\DOKUME~1\Cristian\ANWEND~1\Xfire
2007-06-13 12:36:51 -------- d-s---w C:\Programme\Xfire
2007-06-11 23:01:28 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-06-11 23:00:14 -------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-06-11 17:42:44 -------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-06-09 18:22:33 -------- d-----w C:\Programme\ShotOnline International
2007-06-07 14:44:10 -------- d-----w C:\Programme\World of Warcraft
2007-06-03 12:22:41 -------- d-----w C:\DOKUME~1\Cristian\ANWEND~1\Skype
2007-05-31 14:37:54 -------- d-----w C:\DOKUME~1\Cristian\ANWEND~1\teamspeak2
2007-05-17 19:38:07 -------- d-----w C:\Programme\PartyGaming
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-16 14:29:35 155,411 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-05-07 22:39:04 -------- d-----w C:\Programme\OGPlanet
2007-05-04 23:29:42 -------- d-----w C:\Programme\Skype
2007-05-04 23:29:42 -------- d-----w C:\Programme\Gemeinsame Dateien\Skype
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-25 12:03:39 76,886 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 12:03:39 420,482 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-17 19:44:33 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-14 14:58:42 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-03-14 14:58:42 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-03-14 14:58:42 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Programme\Norton AntiVirus\NavShExt.dll [2006-11-22 12:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 18:01 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\ALCMTR.EXE]
"nwiz"="nwiz.exe" [2006-03-02 22:41 C:\WINDOWS\system32\nwiz.exe]
"RoxioDragToDisc"="c:\Programme\Roxio\WinOnCD 8\Drag to Disc\DrgToDsc.exe" [2005-12-23 22:47]
"@"="" []
"RoxWatchTray"="c:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-12-23 08:50]
"ccApp"="C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2006-04-25 12:09]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"D-Link AirPlus G"="C:\Programme\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04]
"ANIWZCS2Service"="C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19]
"Profiler"="C:\Programme\Saitek\Software\Profiler.exe" [2004-08-19 14:08]
"SaiSmart"="C:\Programme\Saitek\Software\SaiSmart.exe" [2004-08-19 14:08]
"SaiMfd"="C:\Programme\Saitek\Software\SaiMfd.exe" [2004-08-19 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Muscbrigade]
c:\Musicbrigade\Musicbrigade.exe check

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

Contents of the 'Scheduled Tasks' folder
2007-05-25 19:21:51 C:\WINDOWS\tasks\Norton AntiVirus - Vollständige Systemprüfung ausführen - Cristian.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 16:34:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-13 16:34:29
C:\ComboFix-quarantined-files.txt ... 2007-06-13 16:34

--- E O F ---

vielleicht hilft euch das mehr weiter als mir

liebe Grüße

Dieser Beitrag wurde am 13.06.2007 um 16:37 Uhr von crassty editiert.

13.06.2007, 17:43

raman

Moderator

Beiträge: 7805

#2 Das sieht eigentlich normal aus. Poste noch ein Datfindbat report bitte.
__________
MfG Ralf
SEO-Spam Hunter

13.06.2007, 18:25

crassty

...neu hier

Themenstarter

Beiträge: 3

#3 so hier der datfindbat report:
hoffe ich zumindest das du das haben wolltest...

Datentr„ger in Laufwerk C: ist Festplatte
Volumeseriennummer: C05D-47FF

Verzeichnis von C:\WINDOWS\system32

13.06.2007 16:25 50.257 nvapps.xml
13.06.2007 16:25 1.158 wpa.dbl
06.06.2007 08:38 15.747.032 MRT.exe
16.05.2007 17:11 683.520 inetcomm.dll
08.05.2007 10:59 3.583.488 mshtml.dll
25.04.2007 16:22 144.896 schannel.dll
25.04.2007 09:42 822.784 wininet.dll
25.04.2007 09:42 232.960 webcheck.dll
25.04.2007 09:42 1.152.000 urlmon.dll
25.04.2007 09:42 105.984 url.dll
25.04.2007 09:42 102.400 occache.dll
25.04.2007 09:42 670.720 mstime.dll
25.04.2007 09:42 193.024 msrating.dll
25.04.2007 09:42 477.696 mshtmled.dll
25.04.2007 09:41 459.264 msfeeds.dll
25.04.2007 09:41 52.224 msfeedsbs.dll
25.04.2007 09:41 1.824.768 inetcpl.cpl
25.04.2007 09:41 27.648 jsproxy.dll
25.04.2007 09:41 267.776 iertutil.dll
25.04.2007 09:41 6.058.496 ieframe.dll
25.04.2007 09:41 44.544 iernonce.dll
25.04.2007 09:41 384.512 iedkcs32.dll
25.04.2007 09:41 383.488 ieapfltr.dll
25.04.2007 09:41 124.928 advpack.dll
25.04.2007 09:41 132.608 extmgr.dll
25.04.2007 09:41 230.400 ieaksie.dll
25.04.2007 09:41 153.088 ieakeng.dll
24.04.2007 16:26 13.824 ieudinit.exe
24.04.2007 11:58 56.832 ie4uinit.exe
24.04.2007 10:37 4.254 jupdate-1.6.0_01-b06.log
24.04.2007 09:34 161.792 ieakui.dll
18.04.2007 18:13 2.854.400 msi.dll
17.04.2007 11:32 2.455.488 ieapfltr.dat
16.04.2007 17:53 1.058.304 kernel32.dll
04.04.2007 10:40 294.864 FNTCACHE.DAT
02.04.2007 14:21 428.032 swreg.exe
02.04.2007 07:58 546.304 hhctrl.ocx
25.03.2007 14:03 405.310 perfh009.dat
25.03.2007 14:03 63.860 perfc009.dat
25.03.2007 14:03 420.482 perfh007.dat
25.03.2007 14:03 76.886 perfc007.dat
25.03.2007 14:03 979.370 PerfStringBackup.INI
17.03.2007 21:44 43.520 CmdLineExt03.dll
17.03.2007 15:44 293.376 winsrv.dll
14.03.2007 16:58 21.840 SIntfNT.dll
14.03.2007 16:58 17.212 SIntf32.dll
14.03.2007 16:58 12.067 SIntf16.dll
14.03.2007 02:04 69.632 javacpl.cpl
14.03.2007 02:04 139.264 javaws.exe
14.03.2007 00:31 135.168 javaw.exe
14.03.2007 00:31 135.168 java.exe
12.03.2007 13:22 48.776 S32EVNT1.DLL
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:32 1.843.712 win32k.sys
05.03.2007 11:53 36.864 GamesCampus.ocx
28.02.2007 18:06 2.140.160 ntoskrnl.exe
28.02.2007 18:06 2.019.840 ntkrnlpa.exe
20.02.2007 12:05 9.857 jupdate-1.5.0_11-b03.log
19.02.2007 00:38 122.142 TZLog.log
12.02.2007 18:22 538.256 SymNeti.dll
12.02.2007 18:22 161.424 SymRedir.dll
05.02.2007 22:18 185.856 upnphost.dll
31.01.2007 16:39 3.284 ANIWZCS{05DD13A7-195E-438C-A42D-CC0C6BF83005}
29.01.2007 10:58 60.416 tzchange.exe
20.01.2007 16:17 9.132 jupdate-1.5.0_10-b03.log
19.01.2007 13:53 51.056 sirenacm.dll
10.01.2007 18:42 1.040.384 ieframe.dll.mui
08.01.2007 20:01 17.408 corpol.dll
04.01.2007 18:04 8.891 jupdate-1.5.0_09-b03.log

Datentr„ger in Laufwerk C: ist Festplatte
Volumeseriennummer: C05D-47FF

Verzeichnis von C:\DOKUME~1\Cristian\LOKALE~1\Temp

13.06.2007 16:35 6.925 log.txt
1 Datei(en) 6.925 Bytes
0 Verzeichnis(se), 175.168.720.896 Bytes frei

Datentr„ger in Laufwerk C: ist Festplatte
Volumeseriennummer: C05D-47FF

Verzeichnis von C:\WINDOWS

13.06.2007 16:24 1.836.857 WindowsUpdate.log
13.06.2007 14:29 0 0.log
13.06.2007 14:29 159 wiadebug.log
13.06.2007 14:29 50 wiaservc.log
13.06.2007 14:28 2.048 bootstat.dat
13.06.2007 11:42 32.644 SchedLgU.Txt
13.06.2007 11:41 155.914 iis6.log
13.06.2007 11:41 336.575 comsetup.log
13.06.2007 11:41 382.746 tsoc.log
13.06.2007 11:41 203.204 ntdtcsetup.log
13.06.2007 11:41 1.374 imsins.log
13.06.2007 11:41 54.438 ocmsn.log
13.06.2007 11:41 20.127 KB929123.log
13.06.2007 11:41 480.956 ocgen.log
13.06.2007 11:41 49.643 msgsocm.log
13.06.2007 11:41 999.179 FaxSetup.log
13.06.2007 11:41 219.999 setupapi.log
13.06.2007 11:41 1.374 imsins.BAK
13.06.2007 11:41 19.433 KB935840.log
13.06.2007 11:40 19.373 KB935839.log
13.06.2007 11:40 24.823 KB933566-IE7.log
13.06.2007 11:40 77.472 updspapi.log
12.06.2007 01:01 667 win.ini
05.06.2007 05:24 87.552 catchme.exe
26.05.2007 13:10 240.227 setupact.log
24.05.2007 18:31 99.806 wmsetup.log
23.05.2007 11:52 9.820 KB927891.log
17.05.2007 21:02 85.129 DirectX.log
09.05.2007 18:16 19.187 KB931768-IE7.log
09.05.2007 18:16 14.120 KB930916.log
16.04.2007 17:48 17.107 WgaNotify.log
12.04.2007 01:19 24.164 KB931784.log
12.04.2007 01:19 9.471 KB935448.log
12.04.2007 01:19 14.727 KB931261.log
12.04.2007 01:19 15.037 KB930178.log
12.04.2007 01:19 19.042 KB932168.log
04.04.2007 09:15 14.705 KB925902.log
16.03.2007 09:45 10.488 KB929399.log
16.03.2007 09:44 19.665 KB929338.log
12.03.2007 13:07 59 wininit.ini
12.03.2007 13:07 5.554 netcfg.log
12.03.2007 12:55 283 awprotoc.txt
12.03.2007 12:55 61 awerror.txt
09.03.2007 17:11 737.280 iun6002.exe
19.02.2007 00:38 21.278 KB927779.log
19.02.2007 00:38 18.285 KB927802.log
19.02.2007 00:38 17.963 KB928255.log
19.02.2007 00:38 7.816 KB923723.log
19.02.2007 00:38 14.689 KB924667.log
19.02.2007 00:38 26.430 KB931836.log
19.02.2007 00:38 15.932 KB926436.log
19.02.2007 00:38 10.176 KB928090-IE7.log
19.02.2007 00:37 13.772 KB918118.log
19.02.2007 00:37 13.606 KB928843.log
12.02.2007 12:45 1.052.617 setupapi.log.0.old
07.02.2007 16:41 9.316 DPINST.LOG
25.01.2007 11:05 15.808 KB929969.log
24.01.2007 13:09 42.686 spupdsvc.log
24.01.2007 13:07 23.221 ie7_main.log
24.01.2007 13:07 58.203 ie7.log
24.01.2007 13:05 9.252 IDNMitigationAPIs.log
24.01.2007 13:05 8.949 NLSDownlevelMapping.log
24.01.2007 13:05 7.241 KB915865.log
24.01.2007 13:04 6.122 KB914440.log
24.01.2007 13:04 12.912 KB904942.log

Datentr„ger in Laufwerk C: ist Festplatte
Volumeseriennummer: C05D-47FF

Verzeichnis von C:\WINDOWS\Temp

13.06.2007 14:29 0 JETF1C2.tmp
13.06.2007 14:28 2.048 sqlite_bGbMkAEZ8MMfEOH
13.06.2007 14:28 0 CLML_AGENT_LOG1.txt
3 Datei(en) 2.048 Bytes
0 Verzeichnis(se), 175.168.688.128 Bytes frei

Datentr„ger in Laufwerk C: ist Festplatte
Volumeseriennummer: C05D-47FF

Verzeichnis von C:\WINDOWS\Downloaded Program Files

13.04.2007 02:14 382.344 GAME_UNO1.dll
05.03.2007 11:56 361 GamesCampus.inf
22.02.2007 23:41 304.544 MessengerStatsPAClient.dll
19.02.2007 11:26 159.128 ZIntro.ocx
17.01.2007 15:44 316 GAME_UNO1.INF

16 Datei(en) 4.676.950 Bytes
0 Verzeichnis(se), 175.168.684.032 Bytes frei

atentr„ger in Laufwerk C: ist Festplatte
Volumeseriennummer: C05D-47FF

Verzeichnis von C:\

13.06.2007 18:09 0 sys.txt
13.06.2007 18:08 1.078 down.txt
13.06.2007 18:07 391 tmp.txt
13.06.2007 18:07 13.732 system.txt
13.06.2007 18:06 289 systemtemp.txt
13.06.2007 18:03 104.440 system32.txt
13.06.2007 16:34 6.925 ComboFix.txt
13.06.2007 16:34 370 ComboFix-quarantined-files.txt
13.06.2007 15:34 13.824 dvb.GRF
13.06.2007 15:33 8.192 dvb4.GRF
13.06.2007 14:28 1.073.270.784 hiberfil.sys
13.06.2007 14:28 1.610.612.736 pagefile.sys
30.03.2007 17:40 244 sqmnoopt18.sqm
30.03.2007 17:40 268 sqmdata18.sqm
29.03.2007 22:09 268 sqmdata17.sqm
29.03.2007 22:09 244 sqmnoopt17.sqm
28.03.2007 17:44 268 sqmdata16.sqm
28.03.2007 17:44 244 sqmnoopt16.sqm
28.03.2007 11:09 268 sqmdata15.sqm
28.03.2007 11:09 244 sqmnoopt15.sqm
27.03.2007 12:19 268 sqmdata14.sqm
27.03.2007 12:19 244 sqmnoopt14.sqm
12.03.2007 12:58 268 sqmdata13.sqm
12.03.2007 12:58 244 sqmnoopt13.sqm
12.03.2007 12:00 268 sqmdata12.sqm
12.03.2007 12:00 244 sqmnoopt12.sqm
11.03.2007 20:55 268 sqmdata11.sqm
11.03.2007 20:55 244 sqmnoopt11.sqm
11.03.2007 20:10 268 sqmdata10.sqm
11.03.2007 20:10 244 sqmnoopt10.sqm
11.03.2007 17:56 268 sqmdata09.sqm
11.03.2007 17:56 244 sqmnoopt09.sqm
11.03.2007 12:19 268 sqmdata08.sqm
11.03.2007 12:19 244 sqmnoopt08.sqm
23.02.2007 19:46 268 sqmdata07.sqm
23.02.2007 19:46 244 sqmnoopt07.sqm
23.02.2007 16:24 268 sqmdata06.sqm
23.02.2007 16:24 244 sqmnoopt06.sqm
22.02.2007 19:38 268 sqmdata05.sqm
22.02.2007 19:38 244 sqmnoopt05.sqm
22.02.2007 05:27 268 sqmdata04.sqm
22.02.2007 05:27 244 sqmnoopt04.sqm
02.02.2007 01:01 232 sqmdata03.sqm
02.02.2007 01:01 244 sqmnoopt03.sqm
02.02.2007 00:45 232 sqmdata02.sqm
02.02.2007 00:45 244 sqmnoopt02.sqm
02.02.2007 00:21 232 sqmdata01.sqm
02.02.2007 00:21 244 sqmnoopt01.sqm
01.02.2007 16:07 268 sqmdata00.sqm
01.02.2007 16:07 244 sqmnoopt00.sqm
01.02.2007 11:00 268 sqmdata19.sqm
01.02.2007 11:00 244 sqmnoopt19.sqm

Vielen Dank übrigens für die kurzfristige Antwort

13.06.2007, 19:40

raman

Moderator

Beiträge: 7805

#4 Das sieht sauber aus. bekommst du denn immer nch diese Popups?
__________
MfG Ralf
SEO-Spam Hunter

13.06.2007, 20:09

crassty

...neu hier

Themenstarter

Beiträge: 3

#5 scheint sich tatsächlich schon erledigt zu haben. (Wie auch immer)

Vielen Dank auf jeden Fall

29.06.2007, 17:43

Chrissie7

...neu hier

Beiträge: 4

#6 Hallo!
Ich hab auch Probleme mit dem drive cleaner.
Wäre über jede Hilfe dankbar!

Infos:
1. Hijackthis-Logfiles

Logfile of HijackThis v1.99.1
Scan saved at 16:35:19, on 29.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVirenKit 2004\AVKService.exe
C:\Programme\AntiVirenKit 2004\AVKWCtl.exe
C:\Dokumente und Einstellungen\Christina\Anwendungsdaten\tmp193.tmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\Microsoft Works\WksSb.exe
C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\retadpu2000373.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WinPop\winpop.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Programme\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Christina\Eigene Dateien\HijackThis.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oe3.at/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp73.tmp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: (no name) - {b8485a0b-bf5f-4b4e-9aee-b7f71f6d53c9} - C:\WINDOWS\system32\catrse.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E70CE7C0726B954E1C2832211359826033AAC
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\fcyxvt.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinPop] C:\Programme\WinPop\winpop.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: HP ODLB08.lnk = C:\Programme\Hewlett-Packard\HP PSC 500 NT\scanning\hpodlb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.studivz.net/photouploader/ImageUploader4.cab
O20 - AppInit_DLLs: c:\windows\system32\ljjiffg.dll
O20 - Winlogon Notify: catrse - C:\WINDOWS\SYSTEM32\catrse.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit 2004\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit 2004\AVKWCtl.exe
O23 - Service: DomainService - - C:\Dokumente und Einstellungen\Christina\Anwendungsdaten\tmp193.tmp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

2. CleanUp

3.
combofix

ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\Christina\Eigene Dateien\ComboFix.exe
"Christina" - 2007-06-29 17:21:42 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ljjiffg.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp193.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp194.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp198.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp1AB.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp224.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp2FA.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp30.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp300.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp303.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp3F.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp475.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp476.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp47D.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp485.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp5E.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp61.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp62.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp6A.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp73.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp74.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp75.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp76.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp79.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp7C.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp7D.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp81.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmp88.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmpA0.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmpA1.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmpA2.tmp.exe
C:\DOKUME~1\CHRIST~1\ANWEND~1\tmpDE.tmp.exe
C:\Programme\inetget2
C:\Programme\inetget2\install.exe
C:\Temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\retadpu2000373.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\wr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\core

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))

2007-06-29 17:18 49,152 --a------ C:\Windows\nircmd.exe
2007-06-29 17:09 59,368 --a------ C:\Windows\system32\tmp47D.tmp.dll
2007-06-29 17:09 134,887 --a------ C:\Windows\ddabbx.dll
2007-06-29 16:25 134,887 --a------ C:\Windows\fcyxvt.dll
2007-06-29 16:24 59,368 --a------ C:\Windows\system32\tmp73.tmp.dll
2007-06-27 16:08 59,427 --a------ C:\Windows\system32\tmp2FA.tmp.dll
2007-06-27 16:08 134,917 --a------ C:\Windows\ljkijj.dll
2007-06-27 08:57 59,427 --a------ C:\Windows\system32\tmp81.tmp.dll
2007-06-26 14:22 59,480 --a------ C:\Windows\system32\tmpA1.tmp.dll
2007-06-26 10:57 59,480 --a------ C:\Windows\system32\tmp75.tmp.dll
2007-06-25 09:17 <DIR> d-------- C:\Programme\WinPop
2007-06-24 18:20 59,435 --a------ C:\Windows\system32\tmp62.tmp.dll
2007-06-24 00:07 59,414 --a------ C:\Windows\system32\tmp194.tmp.dll
2007-06-24 00:02 92,554 --a------ C:\Windows\system32\catrse.dll
2007-06-24 00:02 139,287 --a------ C:\Windows\system32\dn84b9ce16.dat
2007-06-13 14:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-06-13 14:12 <DIR> d-------- C:\Programme\Real
2007-06-13 14:12 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2007-06-13 14:11 <DIR> d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\Real
2007-06-13 14:09 <DIR> d-------- C:\Meine Downloads
2007-06-13 13:59 719,872 --a------ C:\Windows\system32\devil.dll
2007-06-13 13:59 70,656 --a------ C:\Windows\system32\yv12vfw.dll
2007-06-13 13:59 70,656 --a------ C:\Windows\system32\i420vfw.dll
2007-06-13 13:59 66,560 --a------ C:\Windows\MOTA113.exe
2007-06-13 13:59 502,784 --a------ C:\Windows\x2.64.exe
2007-06-13 13:59 471,552 --a------ C:\Windows\system32\Smab.dll
2007-06-13 13:59 306,688 --a------ C:\Windows\system32\avisynth.dll
2007-06-13 13:59 27,648 --a------ C:\Windows\system32\AVSredirect.dll
2007-06-13 13:59 240,128 --a------ C:\Windows\system32\x.264.exe
2007-06-13 13:59 217,073 --a------ C:\Windows\meta4.exe
2007-06-13 13:50 31,744 -r-hs---- C:\Windows\system32\msfDX.dll
2007-06-13 13:50 163,328 -r-hs---- C:\Windows\system32\flvDX.dll
2007-06-13 13:46 <DIR> d-------- C:\Programme\eRightSoft
2007-06-05 22:28 79,360 --a------ C:\Windows\system32\lfeps13s.dll
2007-06-05 22:28 74,752 --a------ C:\Windows\system32\lfgif13s.dll
2007-06-05 22:28 466,624 --a------ C:\Windows\system32\LTRPR13n.DLL
2007-06-05 22:28 44,544 --a------ C:\Windows\system32\msxml4a.dll
2007-06-05 22:28 401,408 --a------ C:\Windows\system32\pvmjpg30.dll
2007-06-05 22:28 194,248 --a------ C:\Windows\system32\LTRFD13n.DLL
2007-06-05 22:28 185,856 --a------ C:\Windows\system32\lfpng13s.dll
2007-06-05 22:27 930,992 --------- C:\Windows\system32\Ltr13n.dll
2007-06-05 22:27 884,736 --------- C:\Windows\system32\LMUIRes.dll
2007-06-05 22:27 80,896 --------- C:\Windows\system32\lfwmf13s.dll
2007-06-05 22:27 76,800 --------- C:\Windows\system32\Lfwmf13n.dll
2007-06-05 22:27 73,728 --------- C:\Windows\system32\MMAviAx.dll
2007-06-05 22:27 73,728 --------- C:\Windows\system32\lffax13n.dll
2007-06-05 22:27 70,144 --------- C:\Windows\system32\lfbmp13s.dll
2007-06-05 22:27 65,536 --------- C:\Windows\system32\lfpcx13s.dll
2007-06-05 22:27 65,536 --------- C:\Windows\system32\Lfpct13n.dll
2007-06-05 22:27 64,512 --------- C:\Windows\system32\lftga13s.dll
2007-06-05 22:27 59,904 --------- C:\Windows\system32\lfpcd13s.dll
2007-06-05 22:27 453,120 --------- C:\Windows\system32\ltkrn13n.dll
2007-06-05 22:27 409,600 --------- C:\Windows\system32\LFCMP13s.DLL
2007-06-05 22:27 393,216 --------- C:\Windows\system32\LFCMP13n.DLL
2007-06-05 22:27 306,352 --------- C:\Windows\system32\Ltrio13n.dll
2007-06-05 22:27 30,208 --------- C:\Windows\system32\lfbmp13n.dll
2007-06-05 22:27 283,648 --------- C:\Windows\system32\LFJ2K13s.dll
2007-06-05 22:27 278,016 --------- C:\Windows\system32\LFJ2K13n.dll
2007-06-05 22:27 24,576 --------- C:\Windows\system32\lftga13n.dll
2007-06-05 22:27 2,079,232 --------- C:\Windows\system32\LTCLR13s.dll
2007-06-05 22:27 167,936 --------- C:\Windows\system32\lftif13s.dll
2007-06-05 22:27 153,088 --------- C:\Windows\system32\ltfil13n.DLL
2007-06-05 22:27 143,360 --------- C:\Windows\system32\lftif13n.dll
2007-06-05 22:27 126,976 --------- C:\Windows\system32\AVIPrAx.dll
2007-06-05 22:27 12,288 --------- C:\Windows\system32\LMLRes.dll
2007-06-05 22:27 116,224 --------- C:\Windows\system32\lffax13s.dll
2007-06-05 22:27 110,080 --------- C:\Windows\system32\lfpsd13s.dll
2007-06-05 22:27 105,984 --------- C:\Windows\system32\lfpct13s.dll
2007-06-05 22:27 1,693,696 --------- C:\Windows\system32\LTCLR13n.dll
2007-06-05 22:27 1,013,248 --------- C:\Windows\system32\Ltwvc13n.dll
2007-06-05 22:14 <DIR> d-------- C:\Programme\SmartSound Software
2007-06-05 22:14 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SmartSound Software Inc
2007-06-05 22:11 57,856 --a------ C:\Windows\system32\masd32.dll
2007-06-05 22:11 27,648 --a------ C:\Windows\system32\ma32.dll
2007-06-05 22:11 196,096 --a------ C:\Windows\system32\macd32.dll
2007-06-05 22:11 138,752 --a------ C:\Windows\system32\mase32.dll
2007-06-05 22:11 136,192 --a------ C:\Windows\system32\mamc32.dll
2007-06-05 22:10 41,219 --a------ C:\Windows\RSETPATH.exe
2007-06-05 22:08 49,152 --a------ C:\Windows\system32\PCLEGetGuid.dll
2007-06-05 22:07 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle Studio
2007-06-05 21:17 <DIR> d-------- C:\Programme\Digital Photo Navigator 1.5
2007-06-05 21:17 <DIR> d-------- C:\MyWorks
2007-06-05 21:17 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\CyberLink
2007-06-05 20:55 90,112 --a------ C:\Windows\unvise32.exe
2007-06-05 20:36 87 --a------ C:\AUTOEXEC.BAT
2007-06-05 20:36 84,992 --a------ C:\Windows\system32\ATL70.DLL
2007-06-05 20:35 171,008 --a------ C:\Windows\system32\drivers\MarvinBus.sys
2007-06-05 20:32 65,536 --a------ C:\Windows\system32\MFC71DEU.DLL
2007-06-05 20:32 61,440 --a------ C:\Windows\system32\MFC71ITA.DLL
2007-06-05 20:32 61,440 --a------ C:\Windows\system32\MFC71FRA.DLL
2007-06-05 20:32 61,440 --a------ C:\Windows\system32\MFC71ESP.DLL
2007-06-05 20:32 57,344 --a------ C:\Windows\system32\MFC71ENU.DLL
2007-06-05 20:32 49,152 --a------ C:\Windows\system32\MFC71KOR.DLL
2007-06-05 20:32 49,152 --a------ C:\Windows\system32\MFC71JPN.DLL
2007-06-05 20:32 45,056 --a------ C:\Windows\system32\MFC71CHT.DLL
2007-06-05 20:32 40,960 --a------ C:\Windows\system32\MFC71CHS.DLL
2007-06-05 20:32 1,060,864 --a------ C:\Windows\system32\MFC71.DLL
2007-06-05 20:32 1,047,552 --a------ C:\Windows\system32\MFC71u.DLL
2007-06-05 20:18 <DIR> d-------- C:\Programme\Pinnacle
2007-06-05 20:18 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 13:43:46 63,976 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-06-29 13:43:46 391,574 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-06-14 16:31:14 -------- d-----w C:\Programme\Microsoft Picture It! PhotoPub
2007-06-05 20:14:40 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-06-05 20:06:24 -------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-06-05 19:47:46 -------- d-----w C:\DOKUME~1\CHRIST~1\ANWEND~1\CyberLink
2007-06-05 19:19:04 -------- d-----w C:\Programme\CyberLink
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}=C:\WINDOWS\system32\tmp47D.tmp.dll [2007-06-29 17:09]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar3.dll [2007-01-20 00:55]
{b8485a0b-bf5f-4b4e-9aee-b7f71f6d53c9}=C:\WINDOWS\system32\catrse.dll [2007-06-24 00:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 05:59 C:\Windows\AGRSMMSG.exe]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2004-05-10 17:27]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2004-05-10 17:27]
"Microsoft Works Update Detection"="C:\Programme\Microsoft Works\WkDetect.exe" [2000-07-21 16:39]
"Microsoft Works Portfolio"="C:\Programme\Microsoft Works\WksSb.exe" [2002-06-26 18:07]
"LWBMOUSE"="C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 12:51]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-06-13 14:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]
"WinPop"="C:\Programme\WinPop\winpop.exe" [2007-06-25 09:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catrse]
catrse.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\ljjiffg.dll

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 17:27:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 17:31:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-29 17:31

--- E O F ---

30.06.2007, 00:55

Argus

Ehrenmitglied

Beiträge: 6028

#7 Hi,Christina
Wenn ich die Anleitung von Sabina lese http://board.protecus.de/t23188.htm
Ist es so:
1.Cleanup/ATF
2.ComboFix
3.Hijack This
Also fangen wir von vorne an

Entferne von C:\Qoobox
Entferne ComboFix
Danach Papierkorb leeren

2.
Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Kopiere den Inhalt des Berichts C:/Combofix/combofix.txt in dein folgender Bericht

3.
Download: RemoveVideoActiveXObject by Smeenk,zum Desktop
Danach dopplelklicken
Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun
Rechner neu starten und nochmals RemoveVideoActiveXObject.exe Doppelklicken
Poste nachher den logfile C:\RVAXO-results.log in dein folgender Bericht
4.
ein (neues)log von HijackThis
__________
MfG Argus

Dieser Beitrag wurde am 30.06.2007 um 01:00 Uhr von Arnold editiert.

01.07.2007, 12:44

...neu hier

Beiträge: 9

#8 Hallo zusammen,
bin neu hier, aber die Einträge lesen sich so, dass ihr mir vermutlich helfen könnt. Ich habe die Anweisungen für combofix ausgeführt und folgende log file erhalten. Könnt ihr mir weiterhelfen?

ComboFix 07-06-18.2 - C:\Dokumente und Einstellungen\TDB\Desktop\ComboFix.exe
"TDB" - 2007-07-01 12:25:17 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\kdjrp.exe

((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))

2007-07-01 12:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-27 21:36 <DIR> d-------- C:\Programme\Lavasoft
2007-06-27 21:36 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Lavasoft
2007-06-27 21:30 <DIR> d-------- C:\WINDOWS\privacy_danger
2007-06-25 22:48 87,552 --a------ C:\WINDOWS\msdde.dll
2007-06-25 22:48 76,800 --a------ C:\WINDOWS\msole.dll
2007-06-25 22:48 30,720 --a------ C:\WINDOWS\main_uninstaller.exe
2007-06-25 22:48 270,336 --a------ C:\WINDOWS\ddesupport.dll
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 19:36:08 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-16 14:21:11 -------- d-----w C:\Programme\Dl_cats
2007-06-12 16:12:39 -------- d-----w C:\Programme\PokerStars.NET
2007-05-29 18:55:27 -------- d-----w C:\DOKUME~1\TDB\ANWEND~1\temp
2007-05-18 19:31:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-18 19:31:01 104 --sh--r C:\WINDOWS\system32\0E9B6BE253.sys
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 12:09:12 65,424 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-05-15 12:09:12 395,956 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-05-06 16:03:21 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll [2007-06-25 11:08]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar2.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"DMXLauncher"="C:\Programme\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"CTSysVol"="C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 09:54 C:\WINDOWS\system32\CTMBHA.DLL]
"VoiceCenter"="C:\Programme\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 08:42]
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"Corel Photo Downloader"="C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"MSKDetectorExe"="C:\Programme\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 22:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{8E98B230-D7F4-4B03-94D5-B68F57F9926E}"="C:\WINDOWS\msole.dll" [2007-06-25 11:08]
"{8E47B4AA-E122-498D-B442-1D59AE11CD80}"="C:\WINDOWS\msdde.dll" [2007-06-25 11:08]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

Contents of the 'Scheduled Tasks' folder
2006-09-22 18:02:11 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-04-13 21:45:12 C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job
2007-05-18 16:30:00 C:\WINDOWS\tasks\McAfee.com - Virenscan - Mein Computer (Höllenmaschine-TDB).job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 12:33:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 12:34:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 12:34

--- E O F ---

01.07.2007, 12:58

Argus

Ehrenmitglied

Beiträge: 6028

#9 Hallo,MK
Von wo hast du denn diesen ComboFix runtergeladen?
__________
MfG Argus

01.07.2007, 13:04

...neu hier

Beiträge: 9

#10 Hallo Arnold,
hm, ich glaube über einen Link dieser Seite. Ist damit etwas nicht in Ordnung?

01.07.2007, 13:09

Argus

Ehrenmitglied

Beiträge: 6028

#11 Ist eine alte Version
C:\Qoobox – loeschen und Papierkorb leeren
Entferne Combofix

Download ComboFix zum Desktop
Doppelklick combofix.exe
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile(combofix.txt).
Kopiere den Inhalt des Berichts C:/Combofix/combofix.txt in dein folgender Bericht

Download: RemoveVideoActiveXObject by Smeenk,zum Desktop
Danach dopplelklicken
Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun
Rechner neu starten und nochmals RemoveVideoActiveXObject.exe Doppelklicken
Poste nachher den logfile C:\RVAXO-results.log in dein folgender Bericht
zusammen mit ein log von HijackThis
__________
MfG Argus

01.07.2007, 13:23

...neu hier

Beiträge: 9

#12 Hier ist der Beicht nach Ausführen der neuen Combofix version. Muss ich den 2. Schritt auch jetzt schon machen oder musst Du dir erst den Bericht anschauen? Danke schon mal vorab!

"TDB" - 2007-07-01 13:18:54 - ComboFix 07-06-27.7 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOKUME~1\TDB\Desktop.\Error Cleaner.url
C:\DOKUME~1\TDB\Desktop.\Privacy Protector.url
C:\DOKUME~1\TDB\Desktop.\Spyware&Malware Protection.url
C:\DOKUME~1\TDB\FAVORI~1.\Error Cleaner.url
C:\DOKUME~1\TDB\FAVORI~1.\Privacy Protector.url
C:\DOKUME~1\TDB\FAVORI~1.\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))

2007-07-01 12:24 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-27 21:36 <DIR> d-------- C:\Programme\Lavasoft
2007-06-27 21:36 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Lavasoft
2007-06-27 21:30 <DIR> d-------- C:\WINDOWS\privacy_danger
2007-06-25 22:48 87,552 --a------ C:\WINDOWS\msdde.dll
2007-06-25 22:48 76,800 --a------ C:\WINDOWS\msole.dll
2007-06-25 22:48 30,720 --a------ C:\WINDOWS\main_uninstaller.exe
2007-06-25 22:48 270,336 --a------ C:\WINDOWS\ddesupport.dll
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-27 19:36:08 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-16 14:21:11 -------- d-----w C:\Programme\Dl_cats
2007-06-12 16:12:39 -------- d-----w C:\Programme\PokerStars.NET
2007-05-29 18:55:27 -------- d-----w C:\DOKUME~1\TDB\ANWEND~1\temp
2007-05-18 19:31:04 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-18 19:31:01 104 --sh--r C:\WINDOWS\system32\0E9B6BE253.sys
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 12:09:12 65,424 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-05-15 12:09:12 395,956 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-05-06 16:03:21 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{49CF52D7-8D58-4E22-A874-AAD721F5B523}=C:\WINDOWS\ddesupport.dll [2007-06-25 11:08]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar2.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"DMXLauncher"="C:\Programme\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"CTSysVol"="C:\Programme\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 10:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 09:54 C:\WINDOWS\system32\CTMBHA.DLL]
"VoiceCenter"="C:\Programme\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 08:42]
"ISUSPM Startup"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"Corel Photo Downloader"="C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"MSKDetectorExe"="C:\Programme\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 18:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 22:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{8E98B230-D7F4-4B03-94D5-B68F57F9926E}"="C:\WINDOWS\msole.dll" [2007-06-25 11:08]
"{8E47B4AA-E122-498D-B442-1D59AE11CD80}"="C:\WINDOWS\msdde.dll" [2007-06-25 11:08]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

Contents of the 'Scheduled Tasks' folder
2006-09-22 18:02:11 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-04-13 21:45:12 C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job
2007-05-18 16:30:00 C:\WINDOWS\tasks\McAfee.com - Virenscan - Mein Computer (Höllenmaschine-TDB).job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 13:20:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 13:20:24
C:\ComboFix-quarantined-files.txt ... 2007-07-01 13:20
C:\ComboFix2.txt ... 2007-07-01 12:34

--- E O F ---

01.07.2007, 13:27

Argus

Ehrenmitglied

Beiträge: 6028

#13 Gleich das andere auch mal reinkopieren

__________
MfG Argus

01.07.2007, 13:34

...neu hier

Beiträge: 9

#14 ich habe deine Anweisung befolgt, aber ich habe den angegebenen Ordner nicht, aber einen anderen Ordner, in dem diese Textdatei eingefügt war. Kann es die sein:
=== Verbose logging started: 26.11.2006 20:08:45 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe ===
MSI (c) (F8:98) [20:08:45:437]: Resetting cached policy values
MSI (c) (F8:98) [20:08:45:437]: Machine policy value 'Debug' is 0
MSI (c) (F8:98) [20:08:45:437]: ******* RunEngine:
******* Product: c:\bd82fc7b7bd2188ee6ff034df0ff\msxml.msi
******* Action:
******* CommandLine: **********
MSI (c) (F8:98) [20:08:45:437]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (F8:98) [20:08:45:437]: Grabbed execution mutex.
MSI (c) (F8:98) [20:08:45:453]: Cloaking enabled.
MSI (c) (F8:98) [20:08:45:453]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (F8:98) [20:08:45:468]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (F8:2C) [20:08:45:468]: Grabbed execution mutex.
MSI (s) (F8:F8) [20:08:45:468]: Resetting cached policy values
MSI (s) (F8:F8) [20:08:45:468]: Machine policy value 'Debug' is 0
MSI (s) (F8:F8) [20:08:45:468]: ******* RunEngine:
******* Product: c:\bd82fc7b7bd2188ee6ff034df0ff\msxml.msi
******* Action:
******* CommandLine: **********
MSI (s) (F8:F8) [20:08:45:468]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (F8:F8) [20:08:45:484]: File will have security applied from OpCode.
MSI (s) (F8:F8) [20:08:45:515]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'c:\bd82fc7b7bd2188ee6ff034df0ff\msxml.msi' against software restriction policy
MSI (s) (F8:F8) [20:08:45:515]: SOFTWARE RESTRICTION POLICY: c:\bd82fc7b7bd2188ee6ff034df0ff\msxml.msi has a digital signature
MSI (s) (F8:F8) [20:08:45:921]: SOFTWARE RESTRICTION POLICY: c:\bd82fc7b7bd2188ee6ff034df0ff\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (F8:F8) [20:08:45:921]: End dialog not enabled
MSI (s) (F8:F8) [20:08:45:921]: Original package ==> c:\bd82fc7b7bd2188ee6ff034df0ff\msxml.msi
MSI (s) (F8:F8) [20:08:45:921]: Package we're running from ==> c:\WINDOWS\Installer\32c3cb.msi
MSI (s) (F8:F8) [20:08:45:921]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F8:F8) [20:08:45:921]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F8:F8) [20:08:45:921]: MSCOREE not loaded loading copy from system32
MSI (s) (F8:F8) [20:08:45:937]: Machine policy value 'TransformsSecure' is 0
MSI (s) (F8:F8) [20:08:45:937]: User policy value 'TransformsAtSource' is 0
MSI (s) (F8:F8) [20:08:45:937]: Machine policy value 'DisablePatch' is 0
MSI (s) (F8:F8) [20:08:45:937]: Machine policy value 'AllowLockdownPatch' is 0
MSI (s) (F8:F8) [20:08:45:937]: Machine policy value 'DisableLUAPatching' is 0
MSI (s) (F8:F8) [20:08:45:937]: Machine policy value 'DisableFlyWeightPatching' is 0
MSI (s) (F8:F8) [20:08:45:937]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F8:F8) [20:08:45:937]: APPCOMPAT: no matching ProductCode found in database.
MSI (s) (F8:F8) [20:08:45:937]: Transforms are not secure.
MSI (s) (F8:F8) [20:08:45:937]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\bd82fc7b7bd2188ee6ff034df0ff CLIENTUILEVEL=3 CLIENTPROCESSID=2808
MSI (s) (F8:F8) [20:08:45:937]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'.
MSI (s) (F8:F8) [20:08:45:937]: Product Code passed to Engine.Initialize: ''
MSI (s) (F8:F8) [20:08:45:937]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (F8:F8) [20:08:45:937]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'
MSI (s) (F8:F8) [20:08:45:937]: Product not registered: beginning first-time install
MSI (s) (F8:F8) [20:08:45:937]: PROPERTY CHANGE: Adding ProductState property. Its value is '-1'.
MSI (s) (F8:F8) [20:08:45:937]: Entering CMsiConfigurationManager::SetLastUsedSource.
MSI (s) (F8:F8) [20:08:45:937]: User policy value 'SearchOrder' is 'nmu'
MSI (s) (F8:F8) [20:08:45:937]: Adding new sources is allowed.
MSI (s) (F8:F8) [20:08:45:937]: PROPERTY CHANGE: Adding PackagecodeChanging property. Its value is '1'.
MSI (s) (F8:F8) [20:08:45:937]: Package name extracted from package path: 'msxml.msi'
MSI (s) (F8:F8) [20:08:45:937]: Package to be registered: 'msxml.msi'
MSI (s) (F8:F8) [20:08:45:937]: Note: 1: 2729
MSI (s) (F8:F8) [20:08:45:953]: Note: 1: 2729
MSI (s) (F8:F8) [20:08:45:953]: Note: 1: 2262 2: AdminProperties 3: -2147287038
MSI (s) (F8:F8) [20:08:45:953]: Machine policy value 'DisableMsi' is 0
MSI (s) (F8:F8) [20:08:45:953]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:F8) [20:08:45:953]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:F8) [20:08:45:953]: Product installation will be elevated because user is admin and product is being installed per-machine.
MSI (s) (F8:F8) [20:08:45:953]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned.
MSI (s) (F8:F8) [20:08:45:953]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'.
MSI (s) (F8:F8) [20:08:45:953]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\bd82fc7b7bd2188ee6ff034df0ff'.
MSI (s) (F8:F8) [20:08:45:953]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'.
MSI (s) (F8:F8) [20:08:45:953]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '2808'.
MSI (s) (F8:F8) [20:08:45:953]: TRANSFORMS property is now:
MSI (s) (F8:F8) [20:08:45:953]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'.
MSI (s) (F8:F8) [20:08:45:953]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten
MSI (s) (F8:F8) [20:08:45:968]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favoriten
MSI (s) (F8:F8) [20:08:45:968]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Netzwerkumgebung
MSI (s) (F8:F8) [20:08:45:968]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Eigene Dateien
MSI (s) (F8:F8) [20:08:45:984]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Druckumgebung
MSI (s) (F8:F8) [20:08:45:984]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent
MSI (s) (F8:F8) [20:08:46:000]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo
MSI (s) (F8:F8) [20:08:46:000]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Vorlagen
MSI (s) (F8:F8) [20:08:46:015]: SHELL32::SHGetFolderPath returned: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
MSI (s) (F8:F8) [20:08:46:015]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten
MSI (s) (F8:F8) [20:08:46:015]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Eigene Dateien\Eigene Bilder
MSI (s) (F8:F8) [20:08:46:015]: SHELL32::SHGetFolderPath returned: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Verwaltung
MSI (s) (F8:F8) [20:08:46:031]: SHELL32::SHGetFolderPath returned: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
MSI (s) (F8:F8) [20:08:46:031]: SHELL32::SHGetFolderPath returned: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
MSI (s) (F8:F8) [20:08:46:046]: SHELL32::SHGetFolderPath returned: C:\Dokumente und Einstellungen\All Users\Startmenü
MSI (s) (F8:F8) [20:08:46:046]: SHELL32::SHGetFolderPath returned: C:\Dokumente und Einstellungen\All Users\Desktop
MSI (s) (F8:F8) [20:08:46:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Verwaltung
MSI (s) (F8:F8) [20:08:46:046]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme\Autostart
MSI (s) (F8:F8) [20:08:46:062]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Startmenü\Programme
MSI (s) (F8:F8) [20:08:46:062]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Startmenü
MSI (s) (F8:F8) [20:08:46:078]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop
MSI (s) (F8:F8) [20:08:46:078]: SHELL32::SHGetFolderPath returned: C:\Dokumente und Einstellungen\All Users\Vorlagen
MSI (s) (F8:F8) [20:08:46:078]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts
MSI (s) (F8:F8) [20:08:46:078]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16
MSI (s) (F8:F8) [20:08:46:078]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'.
MSI (s) (F8:F8) [20:08:46:078]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (F8:F8) [20:08:46:078]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'TDB'.
MSI (s) (F8:F8) [20:08:46:078]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2
MSI (s) (F8:F8) [20:08:46:078]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\32c3cb.msi'.
MSI (s) (F8:F8) [20:08:46:078]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\bd82fc7b7bd2188ee6ff034df0ff\msxml.msi'.
MSI (s) (F8:F8) [20:08:46:078]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (F8:F8) [20:08:46:078]: Machine policy value 'DisableRollback' is 0
MSI (s) (F8:F8) [20:08:46:078]: User policy value 'DisableRollback' is 0
MSI (s) (F8:F8) [20:08:46:078]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'.
=== Logging started: 26.11.2006 20:08:46 ===
MSI (s) (F8:F8) [20:08:46:078]: PROPERTY CHANGE: Adding ACTION property. Its value is 'INSTALL'.
MSI (s) (F8:F8) [20:08:46:078]: Doing action: INSTALL
MSI (s) (F8:F8) [20:08:46:078]: Running ExecuteSequence
MSI (s) (F8:F8) [20:08:46:078]: Doing action: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action start 20:08:46: INSTALL.
MSI (s) (F8:F8) [20:08:46:078]: PROPERTY CHANGE: Adding DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Dokumente und Einstellungen\All Users\Desktop\'.
Action start 20:08:46: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (F8:F8) [20:08:46:078]: Doing action: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901
Action ended 20:08:46: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\'.
Action start 20:08:46: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 20:08:46: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 20:08:46: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
Action ended 20:08:46: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 20:08:46: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 20:08:46: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 20:08:46: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537
Action ended 20:08:46: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 20:08:46: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 20:08:46: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\'.
Action start 20:08:46: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
Action ended 20:08:46: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'C:\WINDOWS\system32\'.
Action start 20:08:46: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB
Action ended 20:08:46: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537. Return value 1.
MSI (s) (F8:F8) [20:08:46:093]: PROPERTY CHANGE: Adding SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its value is 'C:\WINDOWS\system32\'.
Action start 20:08:46: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB.
MSI (s) (F8:F8) [20:08:46:093]: Doing action: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1
Action ended 20:08:46: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB. Return value 1.
MSI (s) (F8:F8) [20:08:46:109]: PROPERTY CHANGE: Adding SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its value is 'C:\WINDOWS\system32\'.
Action start 20:08:46: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1.
MSI (s) (F8:F8) [20:08:46:109]: Doing action: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7
Action ended 20:08:46: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1. Return value 1.
MSI (s) (F8:F8) [20:08:46:109]: PROPERTY CHANGE: Adding SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its value is 'C:\WINDOWS\system32\'.
Action start 20:08:46: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7.
MSI (s) (F8:F8) [20:08:46:109]: Doing action: LaunchConditions
Action ended 20:08:46: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7. Return value 1.
Action start 20:08:46: LaunchConditions.
MSI (s) (F8:F8) [20:08:46:109]: Doing action: FindRelatedProducts
Action ended 20:08:46: LaunchConditions. Return value 1.
Action start 20:08:46: FindRelatedProducts.
MSI (s) (F8:F8) [20:08:46:109]: Doing action: AppSearch
Action ended 20:08:46: FindRelatedProducts. Return value 1.
Action start 20:08:46: AppSearch.
MSI (s) (F8:F8) [20:08:46:109]: Note: 1: 2262 2: Signature 3: -2147287038
MSI (s) (F8:F8) [20:08:46:109]: PROPERTY CHANGE: Adding WINHTTP_51 property. Its value is 'WinHttpRequest Component version 5.1'.
MSI (s) (F8:F8) [20:08:46:109]: Skipping action: CCPSearch (condition is false)
MSI (s) (F8:F8) [20:08:46:109]: Skipping action: RMCCPSearch (condition is false)
MSI (s) (F8:F8) [20:08:46:109]: Doing action: ValidateProductID
Action ended 20:08:46: AppSearch. Return value 1.
Action start 20:08:46: ValidateProductID.
MSI (s) (F8:F8) [20:08:46:109]: Doing action: CostInitialize
Action ended 20:08:46: ValidateProductID. Return value 1.
MSI (s) (F8:F8) [20:08:46:109]: Machine policy value 'MaxPatchCacheSize' is 10
Action start 20:08:46: CostInitialize.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding ROOTDRIVE property. Its value is 'c:\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding CostingComplete property. Its value is '0'.
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2205 2: 3: Patch
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2205 2: 3: MsiPatchHeaders
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2205 2: 3: __MsiPatchFileList
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2205 2: 3: PatchPackage
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2228 2: 3: PatchPackage 4: SELECT `DiskId`, `PatchId`, `LastSequence` FROM `Media`, `PatchPackage` WHERE `Media`.`DiskId`=`PatchPackage`.`Media_` ORDER BY `DiskId`
MSI (s) (F8:F8) [20:08:46:125]: Doing action: FileCost
Action ended 20:08:46: CostInitialize. Return value 1.
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2262 2: Extension 3: -2147287038
Action start 20:08:46: FileCost.
MSI (s) (F8:F8) [20:08:46:125]: Doing action: CostFinalize
Action ended 20:08:46: FileCost. Return value 1.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding OutOfDiskSpace property. Its value is '0'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding OutOfNoRbDiskSpace property. Its value is '0'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceAvailable property. Its value is '0'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRequired property. Its value is '0'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding PrimaryVolumeSpaceRemaining property. Its value is '0'.
MSI (s) (F8:F8) [20:08:46:125]: Note: 1: 2205 2: 3: Patch
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding TARGETDIR property. Its value is 'c:\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying WindowsFolder property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying CommonFilesFolder property. Its current value is 'C:\Programme\Gemeinsame Dateien\'. Its new value: 'c:\Programme\Gemeinsame Dateien\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Programme\Gemeinsame Dateien\Microsoft Shared\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 property. Its value is 'c:\Programme\Gemeinsame Dateien\Microsoft Shared\MSDN\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\'. Its new value: 'c:\WINDOWS\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\Manifests\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 property. Its value is 'c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 property. Its current value is 'C:\WINDOWS\system32\'. Its new value: 'c:\WINDOWS\system32\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying DesktopFolder property. Its current value is 'C:\Dokumente und Einstellungen\All Users\Desktop\'. Its new value: 'c:\Dokumente und Einstellungen\All Users\Desktop\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying ProgramFilesFolder property. Its current value is 'C:\Programme\'. Its new value: 'c:\Programme\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding MSXML property. Its value is 'c:\Programme\MSXML 4.0\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding INC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Programme\MSXML 4.0\inc\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding LIB.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Programme\MSXML 4.0\lib\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding DOC.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Programme\MSXML 4.0\doc\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\'. Its new value: 'c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Adding MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 property. Its value is 'c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSXML 4.0\'.
MSI (s) (F8:F8) [20:08:46:125]: PROPERTY CHANGE: Modifying DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 property. Its current value is 'C:\Dokumente und Einstellungen\All Users\Desktop\'. Its new value: 'c:\Dokumente und Einstellungen\All Users\Desktop\'.
MSI (s) (F8:F8) [20:08:46:125]: Target path resolution complete. Dumping Directory table...
MSI (s) (F8:F8) [20:08:46:125]: Note: target paths subject to change (via custom actions or browsing)
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: TARGETDIR , Object: c:\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WindowsFolder , Object: c:\WINDOWS\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: CommonFilesFolder , Object: c:\Programme\Gemeinsame Dateien\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Programme\Gemeinsame Dateien\Microsoft Shared\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\Programme\Gemeinsame Dateien\Microsoft Shared\MSDN\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_ff05e224\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-ww_88e8eab8\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2R_6bd6b9abf345378f_x-ww_f529d679\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\system32\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Policies\x86_Microsoft.MSXML2_6bd6b9abf345378f_x-ww_b261cf09\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\Manifests\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\WINDOWS\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\WINDOWS\system32\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\WINDOWS\system32\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\WINDOWS\system32\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: DesktopFolder , Object: c:\Dokumente und Einstellungen\All Users\Desktop\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: ProgramFilesFolder , Object: c:\Programme\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: MSXML , Object: c:\Programme\MSXML 4.0\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Programme\MSXML 4.0\inc\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Programme\MSXML 4.0\lib\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Programme\MSXML 4.0\doc\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSXML 4.0\
MSI (s) (F8:F8) [20:08:46:125]: Dir (target): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\Dokumente und Einstellungen\All Users\Desktop\
Action start 20:08:46: CostFinalize.
MSI (s) (F8:F8) [20:08:46:140]: Doing action: SetODBCFolders
Action ended 20:08:46: CostFinalize. Return value 1.
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCDriver`, `Component` WHERE `ODBCDriver`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `ComponentId`,`Description`,`Directory_`, `ActionRequest`, `Installed`, `Attributes` FROM `ODBCTranslator`, `Component` WHERE `ODBCTranslator`.`Component_` = `Component` AND (`ActionRequest` = 1 OR `ActionRequest` = 2)
Action start 20:08:46: SetODBCFolders.
MSI (s) (F8:F8) [20:08:46:140]: Doing action: MigrateFeatureStates
Action ended 20:08:46: SetODBCFolders. Return value 0.
Action start 20:08:46: MigrateFeatureStates.
MSI (s) (F8:F8) [20:08:46:140]: Doing action: InstallValidate
Action ended 20:08:46: MigrateFeatureStates. Return value 0.
MSI (s) (F8:F8) [20:08:46:140]: Feature: MSXML; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Feature: MSXMLSYS; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Feature: MSXMLSUPP; Installed: Absent; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Feature: MSXMLSUPP2; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Feature: MSXMLSXS; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Feature: XMLSDK; Installed: Absent; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: RememberInstallFolder; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: QKBKEY; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: MSXML4_System.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: MSXML4_SystemRes.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: MSXML4_ANSI.246EB7AD_459A_4FA8_83D1_41A46D7634B7; Installed: Absent; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: WINHTTP50_COMPONENT.781A0624_31FF_4712_BFFD_31C829FFDBF1; Installed: Absent; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: PROXYCFG_COMPONENT.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB; Installed: Absent; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537; Installed: Absent; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: XMLSDK_LIB.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: XMLSDK_INC.4576A2F1_959E_4BCA_94A9_596523761901; Installed: Absent; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: CookDoc_dll.3FB7DAB3_19E7_40A0_8730_4482CE77AC59; Installed: Absent; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: __uplevel.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: __uplevel.DA6654F6_456F_3658_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: __uplevel.0E9F98FC_A692_A6DF_FF6B_D6B9ABF365; Installed: Null; Request: Local; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: __QKBKEY65; Installed: Null; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: __MSXML4_System.246EB7AD_459A_4FA8_83D1_4165; Installed: Null; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: __downlevel_payload.7B2FCEFF_0F22_B7E1_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: __downlevel_manifest.7B2FCEFF_0F22_B7E1_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: __downlevel_payload.DA6654F6_456F_3658_FF665; Installed: Null; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: __downlevel_manifest.DA6654F6_456F_3658_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: __downlevel_manifest.0E9F98FC_A692_A6DF_FF65; Installed: Null; Request: Local; Action: Local
MSI (s) (F8:F8) [20:08:46:140]: Component: __CookDoc_dll.3FB7DAB3_19E7_40A0_8730_448265; Installed: Null; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Component: __XMLSDK_Docs.4576A2F1_959E_4BCA_94A9_596565; Installed: Null; Request: Null; Action: Null
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2205 2: 3: BindImage
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2205 2: 3: Font
Action start 20:08:46: InstallValidate.
MSI (s) (F8:F8) [20:08:46:140]: Note: 1: 2205 2: 3: _RemoveFilePath
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: PROPERTY CHANGE: Modifying CostingComplete property. Its current value is '0'. Its new value: '1'.
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2205 2: 3: BindImage
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: PublishComponent 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2262 2: Extension 3: -2147287038
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2205 2: 3: Font
MSI (s) (F8:F8) [20:08:46:265]: Note: 1: 2727 2:
Info 1603. The file c:\WINDOWS\system32\msxml4.dll is being held in use by the following process: Name: mclogsrv, Id: 984, Window Title: '(not determined yet)'. Close that application and retry.
Info 1603. The file c:\WINDOWS\system32\msxml4.dll is being held in use by the following process: Name: mcupdmgr, Id: 1112, Window Title: '(not determined yet)'. Close that application and retry.
MSI (s) (F8:F8) [20:08:50:562]: 3 application(s) had been reported to have files in use.
Info 1603. The file c:\WINDOWS\system32\msxml4.dll is being held in use by the following process: Name: mcpromgr, Id: 1304, Window Title: '(not determined yet)'. Close that application and retry.
MSI (c) (F8:78) [20:08:50:562]: File In Use: -mclogsrv- Window could not be found. Process ID: 984
MSI (c) (F8:78) [20:08:50:562]: File In Use: -mcupdmgr- Window could not be found. Process ID: 1112
MSI (c) (F8:78) [20:08:50:562]: File In Use: -mcpromgr- Window could not be found. Process ID: 1304
MSI (c) (F8:78) [20:08:50:562]: No window with title could be found for FilesInUse
MSI (s) (F8:F8) [20:08:50:562]: Note: 1: 2727 2:
MSI (s) (F8:F8) [20:08:50:562]: Doing action: InstallInitialize
Action ended 20:08:50: InstallValidate. Return value 1.
MSI (s) (F8:F8) [20:08:50:562]: Machine policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:F8) [20:08:50:562]: User policy value 'AlwaysInstallElevated' is 0
MSI (s) (F8:F8) [20:08:50:562]: BeginTransaction: Locking Server
MSI (s) (F8:F8) [20:08:50:562]: SRSetRestorePoint skipped for this transaction.
MSI (s) (F8:F8) [20:08:50:562]: Server not locked: locking for product {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Action start 20:08:50: InstallInitialize.
MSI (s) (F8:F8) [20:08:50:593]: Doing action: SxsInstallCA
Action ended 20:08:50: InstallInitialize. Return value 1.
MSI (s) (F8:E8) [20:08:50:609]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI99.tmp, Entrypoint: CustomAction_SxsMsmInstall
MSI (s) (F8:8C) [20:08:50:609]: Generating random cookie.
MSI (s) (F8:8C) [20:08:50:609]: Created Custom Action Server with PID 544 (0x220).
MSI (s) (F8:CC) [20:08:50:687]: Running as a service.
MSI (s) (F8:CC) [20:08:50:687]: Hello, I'm your 32bit Elevated custom action server.
Action start 20:08:50: SxsInstallCA.
1: sxsdelca 2: traceop 3: 1256 4: 0
1: sxsdelca 2: traceop 3: 1257 4: 0
1: sxsdelca 2: traceop 3: 1258 4: 0
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 1306 4: 0
1: sxsdelca 2: traceop 3: 1307 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 0
1: sxsdelca 2: traceop 3: 1288 4: 0
1: sxsdelca 2: traceop 3: 1289 4: 0
1: sxsdelca 2: traceop 3: 1290 4: 0
1: sxsdelca 2: traceop 3: 1292 4: 0
1: sxsdelca 2: traceop 3: 796 4: 0
1: sxsdelca 2: traceop 3: 801 4: 0
1: sxsdelca 2: traceop 3: 802 4: 0
1: sxsdelca 2: traceop 3: 803 4: 0
1: sxsdelca 2: traceop 3: 805 4: 0
1: sxsdelca 2: traceop 3: 812 4: 0
1: sxsdelca 2: traceop 3: 813 4: 0
1: sxsdelca 2: traceop 3: 814 4: 0
1: sxsdelca 2: traceop 3: 819 4: 0
1: sxsdelca 2: traceop 3: 820 4: 0
1: sxsdelca 2: traceop 3: 821 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 0
1: sxsdelca 2: traceop 3: 831 4: 0
1: sxsdelca 2: traceop 3: 827 4: 259
1: sxsdelca 2: traceop 3: 1311 4: 0
1: sxsdelca 2: traceop 3: 1312 4: 0
1: sxsdelca 2: traceop 3: 1077 4: 0
1: sxsdelca 2: traceop 3: 1081 4: 0
1: sxsdelca 2: traceop 3: 1083 4: 0
1: sxsdelca 2: traceop 3: 1087 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1097 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1101 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1105 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1109 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1113 4: 0
1: sxsdelca 2: traceop 3: 1093 4: 0
1: sxsdelca 2: traceop 3: 1117 4: 0
1: sxsdelca 2: traceop 3: 1121 4: 0
1: sxsdelca 2: traceop 3: 1313 4: 0
1: sxsdelca 2: traceop 3: 1314 4: 0
1: sxsdelca: Added reg value for 2: downlevel_manifest.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537
1: sxsdelca 2: traceop 3: 1284 4: 259
1: sxsdelca 2: SxsMsmInstall completed 3: 0 4: 0
MSI (s) (F8:F8) [20:08:50:875]: Doing action: AllocateRegistrySpace
Action ended 20:08:50: SxsInstallCA. Return value 1.
Action start 20:08:50: AllocateRegistrySpace.
MSI (s) (F8:F8) [20:08:50:875]: Doing action: ProcessComponents
Action ended 20:08:50: AllocateRegistrySpace. Return value 1.
MSI (s) (F8:F8) [20:08:50:875]: Note: 1: 2205 2: 3: MsiPatchCertificate
MSI (s) (F8:F8) [20:08:50:875]: LUA patching is disabled: missing MsiPatchCertificate table
MSI (s) (F8:F8) [20:08:50:875]: Resolving source.
MSI (s) (F8:F8) [20:08:50:875]: Resolving source to launched-from source.
MSI (s) (F8:F8) [20:08:50:875]: Setting launched-from source as last-used.
MSI (s) (F8:F8) [20:08:50:875]: PROPERTY CHANGE: Adding SourceDir property. Its value is 'c:\bd82fc7b7bd2188ee6ff034df0ff\'.
MSI (s) (F8:F8) [20:08:50:875]: PROPERTY CHANGE: Adding SOURCEDIR property. Its value is 'c:\bd82fc7b7bd2188ee6ff034df0ff\'.
MSI (s) (F8:F8) [20:08:50:875]: PROPERTY CHANGE: Adding SourcedirProduct property. Its value is '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'.
MSI (s) (F8:F8) [20:08:50:875]: SOURCEDIR ==> c:\bd82fc7b7bd2188ee6ff034df0ff\
MSI (s) (F8:F8) [20:08:50:875]: SOURCEDIR product ==> {37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSI (s) (F8:F8) [20:08:50:875]: Determining source type
MSI (s) (F8:F8) [20:08:50:875]: Source type from package 'msxml.msi': 2
Action start 20:08:50: ProcessComponents.
MSI (s) (F8:F8) [20:08:50:875]: Source path resolution complete. Dumping Directory table...
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: TARGETDIR , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WindowsFolder , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: CommonFilesFolder , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: MicrosoftShared.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Microsoft Shared\ , ShortSubPath: MICROS~1\
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: MSDN.3FB7DAB3_19E7_40A0_8730_4482CE77AC59 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Microsoft Shared\MSDN\ , ShortSubPath: MICROS~1\MSDN\
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WindowsFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: SystemFolder.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsDirectory.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: policydir_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\k0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: payload.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\h0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsManifests.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsPolicies.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: policydir.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Policies\i0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: payload_ul.0E9F98FC_A692_A6DF_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\j0r1wg7y.dqe\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WindowsFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: SystemFolder.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsDirectory.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: policydir_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\8n0mtfut.k85\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsPolicies.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: policydir.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Policies\6n0mtfut.k85\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsManifests.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: payload.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\5n0mtfut.k85\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: payload_ul.DA6654F6_456F_3658_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\7n0mtfut.k85\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WindowsFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: SystemFolder.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\system32\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsDirectory.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: policydir_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\wl34x2va.rt8\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsPolicies.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Policies\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: policydir.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Policies\ul34x2va.rt8\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: WinSxsManifests.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\Manifests\ , ShortSubPath: Windows\winsxs\manifest\
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: payload.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\tl34x2va.rt8\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: payload_ul.7B2FCEFF_0F22_B7E1_FF6B_D6B9ABF34537 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: Windows\winsxs\vl34x2va.rt8\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: SystemFolder.FA0F135B_0C6B_485B_9A27_5A4A5044D5AB , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: SystemFolder.781A0624_31FF_4712_BFFD_31C829FFDBF1 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: SystemFolder.246EB7AD_459A_4FA8_83D1_41A46D7634B7 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: System\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: DesktopFolder , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: ProgramFilesFolder , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: MSXML , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: INC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: redist\inc\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: LIB.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: redist\lib\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: DOC.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: redist\doc\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: ProgramMenuFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: MenuMSXML.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: redist\MSXML 4.0\ , ShortSubPath: redist\MSXML4\
MSI (s) (F8:F8) [20:08:50:875]: Dir (source): Key: DesktopFolder.4576A2F1_959E_4BCA_94A9_596523761901 , Object: c:\bd82fc7b7bd2188ee6ff034df0ff\ , LongSubPath: redist\ , ShortSubPath:
MSI (s) (F8:F8) [20:08:50:890]: Doing action: UnpublishComponents
Action ended 20:08:50: ProcessComponents. Return value 1.
MSI (s) (F8:F8) [20:08:50:890]: Note: 1: 2262 2: PublishComponent 3: -2147287038
Action start 20:08:50: UnpublishComponents.
MSI (s) (F8:F8) [20:08:50:890]: Doing action: MsiUnpublishAssemblies
Action ended 20:08:50: UnpublishComponents. Return value 1.
Action start 20:08:50: MsiUnpublishAssemblies.
MSI (s) (F8:F8) [20:08:50:890]: Doing action: UnpublishFeatures
Action ended 20:08:50: MsiUnpublishAssemblies. Return value 1.
Action start 20:08:50: UnpublishFeatures.
MSI (s) (F8:F8) [20:08:50:890]: Doing action: StopServices
Action ended 20:08:50: UnpublishFeatures. Return value 1.
MSI (s) (F8:F8) [20:08:50:890]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (F8:F8) [20:08:50:890]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 20:08:50: StopServices.
MSI (s) (F8:F8) [20:08:50:890]: Doing action: DeleteServices
Action ended 20:08:50: StopServices. Return value 1.
MSI (s) (F8:F8) [20:08:50:890]: Note: 1: 2205 2: 3: ServiceControl
MSI (s) (F8:F8) [20:08:50:890]: Note: 1: 2228 2: 3: ServiceControl 4: SELECT `Name`,`Wait`,`Arguments`,`Event`, `Action` FROM `ServiceControl`, `Component` WHERE `Component_` = `Component` AND (`Action` = 0 OR `Action` = 1 OR `Action` = 2)
Action start 20:08:50: DeleteServices.
MSI (s) (F8:F8) [20:08:50:890]: Doing action: UnregisterComPlus
Action ended 20:08:50: DeleteServices. Return value 1.
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2205 2: 3: Complus
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2228 2: 3: Complus 4: SELECT `ComponentId`, `FileName`, `Component`.`Directory_`, `ExpType`, `Component`.`Action`, `Component`.`Installed` FROM `Complus`, `Component`, `File` WHERE `Complus`.`Component_` = `Component` AND `Component`.`KeyPath` = `File`.`File` AND `Action` = 0
Action start 20:08:50: UnregisterComPlus.
MSI (s) (F8:F8) [20:08:50:906]: Doing action: SelfUnregModules
Action ended 20:08:50: UnregisterComPlus. Return value 0.
Action start 20:08:50: SelfUnregModules.
MSI (s) (F8:F8) [20:08:50:906]: Doing action: UnregisterTypeLibraries
Action ended 20:08:50: SelfUnregModules. Return value 1.
Action start 20:08:50: UnregisterTypeLibraries.
MSI (s) (F8:F8) [20:08:50:906]: Doing action: RemoveODBC
Action ended 20:08:50: UnregisterTypeLibraries. Return value 1.
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2205 2: 3: ODBCDataSource
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2228 2: 3: ODBCDataSource 4: SELECT `DataSource`,`ComponentId`,`DriverDescription`,`Description`,`Registration` FROM `ODBCDataSource`, `Component` WHERE `Component_` = `Component` AND `Component`.`Action` = 0 AND `BinaryType` = ?
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2205 2: 3: ODBCTranslator
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2228 2: 3: ODBCTranslator 4: SELECT `Translator`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCTranslator`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2205 2: 3: ODBCDriver
MSI (s) (F8:F8) [20:08:50:906]: Note: 1: 2228 2: 3: ODBCDriver 4: SELECT `Driver`,`ComponentId`,`Description`, `RuntimeFlags`, `Component`.`Attributes` FROM `ODBCDriver`, `Component` WHERE `Component_` = `Component` AND `Component`.`ActionRequest` = 0 AND `BinaryType` = ?
MSI (s) (F8:F8)

01.07.2007, 13:39

Argus

Ehrenmitglied

Beiträge: 6028

#15 Entferne bitte diese Datei
Ich brauch das log von C:\RVAXO-results.log
Und ein Log von Hijack This Punkt 3. von http://board.protecus.de/t23188.htm
__________
MfG Argus

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3