Alles o.k.?

TheChosenOne · 12.12.2009, 13:19

Hi,
vor ein paar tagen hat sich windows defender gemeldet und einen trojaner angezeigt. Ich habe auf löschen gedrückt und seitdem kommt nichts mehr.
da ich aber auf nummer sicher gehen will habe poste ich hier nochmal mein hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:29, on 12.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9138 bytes

und wie siehts aus?

mb pls sam

ps: wenn ihr weitere infos braucht sagts einfach und den namen der datei die der defender gemeldet hat habe ich nicht...
spybot und antivir haben nichts gefunden.

kira · 12.12.2009, 19:58

Hallo und Herzlich Willkommen!

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:
- Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

2.
- Lade dir RSIT - http://filepony.de/download-rsit/:
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von RSIT installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]

gruß
Coverflow

TheChosenOne · 13.12.2009, 19:08

Also hier ist das Zeug:

1.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3353
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.12.2009 18:52:10
mbam-log-2009-12-13 (18-52-10).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 266540
Laufzeit: 1 hour(s), 8 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Margotte (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lt-lt_bf12ba06fdc0c65b_msimsg.dll.mui_72e8994f (Trojan.Dropper) -> Quarantined and deleted successfully.

2.

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-12-13 18:59:21
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 6 GB (4%) free of 148 GB
Total RAM: 3066 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:32, on 13.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Samuel\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9079 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-08 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-08 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"AVMWlanClient"=C:\Program Files\avmwlanstick\wlangui.exe [2008-09-05 1794048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-05 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2004-08-29 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-09 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c192e5-bc99-11dd-bccb-001377a9ed96}]
shell\AutoRun\command - F:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{417d92d9-8314-11dd-9602-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ef0407-698d-11de-8991-93d595dcd58e}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-13 17:14:58 ----D---- C:\rsit
2009-12-13 17:14:22 ----D---- C:\Program Files\CCleaner
2009-12-13 17:09:41 ----D---- C:\Users\Samuel\AppData\Roaming\Malwarebytes
2009-12-13 17:09:34 ----D---- C:\ProgramData\Malwarebytes
2009-12-13 17:09:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 13:08:21 ----D---- C:\Program Files\Trend Micro
2009-12-12 13:05:22 ----D---- C:\Program Files\TrendMicro
2009-12-11 16:16:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-11 16:16:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-10 18:43:40 ----D---- C:\ProgramData\WindowsSearch
2009-12-10 09:29:41 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 09:29:39 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 19:42:08 ----D---- C:\Users\Samuel\AppData\Roaming\OpenOffice.org
2009-12-09 19:06:09 ----D---- C:\Program Files\JRE
2009-12-09 19:05:48 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaws.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaw.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\java.exe
2009-12-09 19:04:51 ----D---- C:\Program Files\Java
2009-12-09 12:44:20 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 12:44:20 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 12:44:19 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 12:44:18 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 12:44:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 12:43:46 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 12:34:37 ----A---- C:\Windows\system32\rastls.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\WrapDino.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxp5.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxmmx.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxam.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Odbctl32.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dmix.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dinoav.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Dino2d.dll
2009-12-06 17:55:00 ----D---- C:\Program Files\Driftwood
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Vb5db.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\MSVBVM50.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrepl35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrd2x35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjter35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjint35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjet35.dll
2009-11-30 16:45:07 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2009-11-29 21:20:11 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-29 20:42:11 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2009-11-26 17:00:34 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 17:29:37 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 17:29:36 ----A---- C:\Windows\system32\msxml3.dll
2009-11-18 18:36:26 ----D---- C:\Program Files\Windows Portable Devices
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\cdd.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\FntCache.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\DWrite.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d2d1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\dxgi.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d11.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-18 16:53:56 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-18 16:53:53 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-18 16:51:13 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\oleacc.dll

======List of files/folders modified in the last 1 months======

2009-12-13 18:59:23 ----D---- C:\Windows\Temp
2009-12-13 18:59:18 ----D---- C:\Windows\Prefetch
2009-12-13 18:53:32 ----D---- C:\Windows\system32\drivers
2009-12-13 18:53:32 ----D---- C:\Windows\Cursors
2009-12-13 18:47:47 ----SHD---- C:\System Volume Information
2009-12-13 17:14:22 ----RD---- C:\Program Files
2009-12-13 17:09:34 ----HD---- C:\ProgramData
2009-12-12 13:05:22 ----SHD---- C:\Windows\Installer
2009-12-12 13:05:22 ----SD---- C:\Users\Samuel\AppData\Roaming\Microsoft
2009-12-11 01:58:14 ----D---- C:\Windows
2009-12-10 23:08:04 ----D---- C:\Program Files\Mozilla Firefox
2009-12-10 22:35:59 ----D---- C:\Windows\system32\catroot2
2009-12-10 22:20:31 ----D---- C:\Windows\System32
2009-12-10 21:29:35 ----D---- C:\Windows\rescache
2009-12-10 21:24:39 ----D---- C:\Windows\winsxs
2009-12-10 21:14:30 ----D---- C:\Windows\system32\catroot
2009-12-10 21:11:34 ----D---- C:\Windows\system32\de-DE
2009-12-10 21:11:34 ----D---- C:\Program Files\Windows Mail
2009-12-10 18:18:53 ----D---- C:\Windows\Tasks
2009-12-10 18:15:52 ----D---- C:\Windows\system32\Tasks
2009-12-09 19:07:13 ----RSD---- C:\Windows\assembly
2009-12-09 19:06:28 ----RSD---- C:\Windows\Fonts
2009-12-09 19:04:56 ----A---- C:\Windows\system32\deploytk.dll
2009-12-07 18:45:16 ----D---- C:\Users\Samuel\AppData\Roaming\vlc
2009-12-06 17:55:27 ----D---- C:\Windows\inf
2009-12-06 17:55:27 ----D---- C:\Windows\Help
2009-12-06 17:55:23 ----HD---- C:\Program Files\Uninstall Information
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 21:24:15 ----D---- C:\Users\Samuel\AppData\Roaming\Skype
2009-11-29 21:08:21 ----D---- C:\Program Files\Electronic Arts
2009-11-29 16:25:34 ----D---- C:\Users\Samuel\AppData\Roaming\skypePM
2009-11-28 16:02:04 ----D---- C:\Windows\system32\WDI
2009-11-28 14:05:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-25 17:27:27 ----D---- C:\Windows\system32\LogFiles
2009-11-18 19:49:58 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-11-18 19:49:55 ----D---- C:\Program Files\DVDVideoSoft
2009-11-18 18:36:25 ----D---- C:\Windows\system32\wbem
2009-11-18 18:36:23 ----D---- C:\Windows\system32\zh-HK
2009-11-18 18:36:23 ----D---- C:\Windows\system32\uk-UA
2009-11-18 18:36:23 ----D---- C:\Windows\system32\tr-TR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\th-TH
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sv-SE
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sl-SI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-PT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-BR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pl-PL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\nl-NL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\ko-KR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\it-IT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hu-HU
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hr-HR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\he-IL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fr-FR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fi-FI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\es-ES
2009-11-18 18:36:23 ----D---- C:\Windows\system32\el-GR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\bg-BG
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-TW
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-CN
2009-11-18 18:36:22 ----D---- C:\Windows\system32\sk-SK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ru-RU
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ro-RO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\nb-NO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lv-LV
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lt-LT
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ja-JP
2009-11-18 18:36:22 ----D---- C:\Windows\system32\et-EE
2009-11-18 18:36:22 ----D---- C:\Windows\system32\en-US
2009-11-18 18:36:22 ----D---- C:\Windows\system32\da-DK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\cs-CZ
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ar-SA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-29 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 MxlW2k;MxlW2k; C:\Windows\system32\drivers\MxlW2k.sys [2009-07-24 28352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-08 7522624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-04-05 242560]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-09 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-05 132424]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2008-09-05 364544]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 819200]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-08 196608]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2006-10-17 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------

3.

Code:

ATTFilter

info.txt logfile of random's system information tool 1.06 2009-12-13 17:15:20

======Uninstall list======

2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Elements-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe SVG Viewer-->C:\Windows\IsUn0407.exe -f"C:\Windows\System32\Adobe\SVG Viewer\Uninst.isu"
Advanced Wheel Mouse 6.0.0.001-->C:\MSI\ADVANC~1\uninst.exe
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Artus-->C:\program files\ARTUS\unwise.exe
Ashampoo WinOptimizer 4 FREE-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9 
Aufstieg des Hexenkönigs™-->C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\EAUninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AVM FRITZ!WLAN-->C:\Program Files\avmwlanstick\instwcli.exe -d1
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bigfoot Networks LagMeter-->C:\Program Files\Bigfoot Networks\LagMeter\uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Business Contact Manager für Outlook 2007-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {4cb9f93c-9edc-4be9-ae61-af128ddbecfa}
Business Contact Manager für Outlook 2007-->MsiExec.exe /X{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cossacks - The Art Of War-->C:\Windows\unasetup.exe
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe"  -uninstall
Die Schlacht um Mittelerde™ II-->C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
Die Sims™ Lebensgeschichten-->C:\Program Files\Electronic Arts\Die Sims Lebensgeschichten\EAUninstall.exe
Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9  -removeonly
Easy Network Manager 3.0-->C:\Program Files\InstallShield Installation Information\{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}\setup.exe -runfromtemp -l0x0407
Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Fraps-->"C:\Fraps\uninstall.exe"
Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe"
Freez FLV to MP3 Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Gaming Mouse-->"C:\Program Files\MSI\Gaming Mouse\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB945282)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946040)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946308)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946344)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947540)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947789)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB948127)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB951708)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
imagine digital freedom - Samsung-->MsiExec.exe /X{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Kabale-->C:\Program Files\Driftwood\Kabale\UNWISE.EXE C:\Program Files\Driftwood\Kabale\INSTALL.LOG
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe"  -uninstall
LightScribe System Software  1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AutoRoute 2002-->MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40407-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Small Basic v0.5.1-->MsiExec.exe /I{6CC02A6E-782C-4F3B-BBA9-32FE7D186091}
Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)-->MsiExec.exe /I{FA440BE8-EC2F-4478-A01A-077DA0606501}
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)-->MsiExec.exe /X{738B0934-6676-44F6-AB52-32F4E60DCA7F}
Microsoft SQL Server Native Client-->MsiExec.exe /I{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - DEU\setup.exe
Microsoft Visual Basic 2008 Express Edition with SP1 - DEU-->MsiExec.exe /X{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu-->MsiExec.exe /X{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 -->MsiExec.exe /I{EDDDC607-91D9-4758-9F57-265FDCD8A772}
Microsoft Works Suite-Add-Ins für Microsoft Word-->MsiExec.exe /I{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}
MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
MobMap 3.03-->"C:\Program Files\MobMapUpdater\unins000.exe"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x7  -uninst 
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}
Play AVStation-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{955597D8-E5E1-474D-B647-60AC44566D24} /l1031 
PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x7 
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe"  -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
Quest Creator - SHAREWARE-->C:\Program Files\DatawareGames\Quest Creator Demo\Uninstal.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
RPG Maker VX-->"C:\Program Files\Enterbrain\RPGVX\unins000.exe"
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0007 -removeonly
Samsung Update Plus-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1031 
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 4.0 beta 2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe

======Security center information======

AS: Spybot - Search and Destroy
AS: Windows Defender

======System event log======

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_62_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58363
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User: 

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_61_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58362
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User: 

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_60_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58361
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User: 

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_59_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58360
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User: 

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_58_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58359
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Samuel-PC
Event Code: 0
Message: 
Record Number: 1320
Source Name: EvtEng
Time Written: 20081025102358.000000-000
Event Type: Informationen
User: 

Computer Name: Samuel-PC
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1319
Source Name: Microsoft-Windows-EventSystem
Time Written: 20081025102355.000000-000
Event Type: Informationen
User: 

Computer Name: Samuel-PC
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 1318
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081025102354.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-E7UK0XVPQ00
Event Code: 17147
Message: SQL Server wird beendet, weil das System heruntergefahren wird. Diese Meldung dient nur zu Informationszwecken. Es ist keine Benutzeraktion erforderlich.
Record Number: 1317
Source Name: MSSQL$MSSMLBIZ
Time Written: 20080915120259.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-E7UK0XVPQ00
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 1316
Source Name: Microsoft-Windows-Search
Time Written: 20080915120256.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: WIN-E7UK0XVPQ00
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 739
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080915120258.040600-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-E7UK0XVPQ00
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		WIN-E7UK0XVPQ00$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x254
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080915120258.040600-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-E7UK0XVPQ00
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		WIN-E7UK0XVPQ00$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x254
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 737
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080915120258.040600-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-E7UK0XVPQ00
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 736
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080915120259.319800-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: WIN-E7UK0XVPQ00
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
	Sicherheits- ID:	S-1-5-21-1790825414-3180962164-626069228-500
	Kontoname:	Administrator
	Domänenname:	WIN-E7UK0XVPQ00
	Logon-ID:	0x2843b
Record Number: 735
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080915120252.315400-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"devmgr_show_nonpresent_devices"=1
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------

und (siehe 2.ter Teil)

TheChosenOne · 13.12.2009, 19:08

2.ter Teil:

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-12-13 18:59:21
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 6 GB (4%) free of 148 GB
Total RAM: 3066 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:32, on 13.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Samuel\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9079 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-08 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-08 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"AVMWlanClient"=C:\Program Files\avmwlanstick\wlangui.exe [2008-09-05 1794048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-05 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2004-08-29 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-09 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c192e5-bc99-11dd-bccb-001377a9ed96}]
shell\AutoRun\command - F:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{417d92d9-8314-11dd-9602-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ef0407-698d-11de-8991-93d595dcd58e}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-13 17:14:58 ----D---- C:\rsit
2009-12-13 17:14:22 ----D---- C:\Program Files\CCleaner
2009-12-13 17:09:41 ----D---- C:\Users\Samuel\AppData\Roaming\Malwarebytes
2009-12-13 17:09:34 ----D---- C:\ProgramData\Malwarebytes
2009-12-13 17:09:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 13:08:21 ----D---- C:\Program Files\Trend Micro
2009-12-12 13:05:22 ----D---- C:\Program Files\TrendMicro
2009-12-11 16:16:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-11 16:16:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-10 18:43:40 ----D---- C:\ProgramData\WindowsSearch
2009-12-10 09:29:41 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 09:29:39 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 19:42:08 ----D---- C:\Users\Samuel\AppData\Roaming\OpenOffice.org
2009-12-09 19:06:09 ----D---- C:\Program Files\JRE
2009-12-09 19:05:48 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaws.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaw.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\java.exe
2009-12-09 19:04:51 ----D---- C:\Program Files\Java
2009-12-09 12:44:20 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 12:44:20 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 12:44:19 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 12:44:18 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 12:44:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 12:43:46 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 12:34:37 ----A---- C:\Windows\system32\rastls.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\WrapDino.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxp5.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxmmx.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxam.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Odbctl32.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dmix.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dinoav.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Dino2d.dll
2009-12-06 17:55:00 ----D---- C:\Program Files\Driftwood
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Vb5db.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\MSVBVM50.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrepl35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrd2x35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjter35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjint35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjet35.dll
2009-11-30 16:45:07 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2009-11-29 21:20:11 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-29 20:42:11 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2009-11-26 17:00:34 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 17:29:37 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 17:29:36 ----A---- C:\Windows\system32\msxml3.dll
2009-11-18 18:36:26 ----D---- C:\Program Files\Windows Portable Devices
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\cdd.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\FntCache.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\DWrite.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d2d1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\dxgi.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d11.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-18 16:53:56 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-18 16:53:53 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-18 16:51:13 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\oleacc.dll

======List of files/folders modified in the last 1 months======

2009-12-13 18:59:23 ----D---- C:\Windows\Temp
2009-12-13 18:59:18 ----D---- C:\Windows\Prefetch
2009-12-13 18:53:32 ----D---- C:\Windows\system32\drivers
2009-12-13 18:53:32 ----D---- C:\Windows\Cursors
2009-12-13 18:47:47 ----SHD---- C:\System Volume Information
2009-12-13 17:14:22 ----RD---- C:\Program Files
2009-12-13 17:09:34 ----HD---- C:\ProgramData
2009-12-12 13:05:22 ----SHD---- C:\Windows\Installer
2009-12-12 13:05:22 ----SD---- C:\Users\Samuel\AppData\Roaming\Microsoft
2009-12-11 01:58:14 ----D---- C:\Windows
2009-12-10 23:08:04 ----D---- C:\Program Files\Mozilla Firefox
2009-12-10 22:35:59 ----D---- C:\Windows\system32\catroot2
2009-12-10 22:20:31 ----D---- C:\Windows\System32
2009-12-10 21:29:35 ----D---- C:\Windows\rescache
2009-12-10 21:24:39 ----D---- C:\Windows\winsxs
2009-12-10 21:14:30 ----D---- C:\Windows\system32\catroot
2009-12-10 21:11:34 ----D---- C:\Windows\system32\de-DE
2009-12-10 21:11:34 ----D---- C:\Program Files\Windows Mail
2009-12-10 18:18:53 ----D---- C:\Windows\Tasks
2009-12-10 18:15:52 ----D---- C:\Windows\system32\Tasks
2009-12-09 19:07:13 ----RSD---- C:\Windows\assembly
2009-12-09 19:06:28 ----RSD---- C:\Windows\Fonts
2009-12-09 19:04:56 ----A---- C:\Windows\system32\deploytk.dll
2009-12-07 18:45:16 ----D---- C:\Users\Samuel\AppData\Roaming\vlc
2009-12-06 17:55:27 ----D---- C:\Windows\inf
2009-12-06 17:55:27 ----D---- C:\Windows\Help
2009-12-06 17:55:23 ----HD---- C:\Program Files\Uninstall Information
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 21:24:15 ----D---- C:\Users\Samuel\AppData\Roaming\Skype
2009-11-29 21:08:21 ----D---- C:\Program Files\Electronic Arts
2009-11-29 16:25:34 ----D---- C:\Users\Samuel\AppData\Roaming\skypePM
2009-11-28 16:02:04 ----D---- C:\Windows\system32\WDI
2009-11-28 14:05:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-25 17:27:27 ----D---- C:\Windows\system32\LogFiles
2009-11-18 19:49:58 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-11-18 19:49:55 ----D---- C:\Program Files\DVDVideoSoft
2009-11-18 18:36:25 ----D---- C:\Windows\system32\wbem
2009-11-18 18:36:23 ----D---- C:\Windows\system32\zh-HK
2009-11-18 18:36:23 ----D---- C:\Windows\system32\uk-UA
2009-11-18 18:36:23 ----D---- C:\Windows\system32\tr-TR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\th-TH
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sv-SE
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sl-SI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-PT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-BR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pl-PL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\nl-NL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\ko-KR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\it-IT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hu-HU
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hr-HR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\he-IL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fr-FR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fi-FI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\es-ES
2009-11-18 18:36:23 ----D---- C:\Windows\system32\el-GR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\bg-BG
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-TW
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-CN
2009-11-18 18:36:22 ----D---- C:\Windows\system32\sk-SK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ru-RU
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ro-RO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\nb-NO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lv-LV
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lt-LT
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ja-JP
2009-11-18 18:36:22 ----D---- C:\Windows\system32\et-EE
2009-11-18 18:36:22 ----D---- C:\Windows\system32\en-US
2009-11-18 18:36:22 ----D---- C:\Windows\system32\da-DK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\cs-CZ
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ar-SA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-29 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 MxlW2k;MxlW2k; C:\Windows\system32\drivers\MxlW2k.sys [2009-07-24 28352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-08 7522624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-04-05 242560]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-09 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-05 132424]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2008-09-05 364544]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 819200]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-08 196608]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2006-10-17 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------

4.

Code:

ATTFilter

2007 Microsoft Office system	Microsoft Corporation	07.07.2008	491,2MB	12.0.4518.1014
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	14.09.2008	13,5MB	
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	09.09.2009		10.0.32.18
Adobe Flash Player 9 ActiveX	Adobe Systems Incorporated	14.09.2008		9
Adobe Photoshop Elements	Adobe Systems, Inc.	18.11.2008	68,3MB	1.0
Adobe Reader 8.1.3 - Deutsch	Adobe Systems Incorporated	10.08.2009	99,8MB	8.1.3
Adobe SVG Viewer	Adobe Systems, Inc.	18.11.2008	3,38MB	1.0
Advanced Wheel Mouse 6.0.0.001		27.11.2008	0,39MB	
Agere Systems HDA Modem	Agere Systems	07.07.2008		
Apple Mobile Device Support	Apple Inc.	29.03.2009	38,3MB	2.4.0.27
Apple Software Update	Apple Inc.	07.02.2009	2,16MB	2.1.1.116
Artus		10.10.2009	3,33MB	
Ashampoo WinOptimizer 4 FREE	Ashampoo GmbH & Co. KG	25.06.2009	27,2MB	4.5.1
Ask Toolbar	Ask.com	29.03.2009	1,11MB	4.1.0.2
Atheros WLAN Client		14.09.2008	0,86MB	1.00.000
Aufstieg des Hexenkönigs™		28.11.2009	2.923,7MB	
Avira AntiVir Personal - Free Antivirus	Avira GmbH	19.03.2009	71,4MB	
AVM FRITZ!WLAN	AVM Berlin	28.11.2008		
AVS Update Manager 1.0	Online Media Technologies Ltd.	27.08.2009	9,55MB	
AVS Video Converter 6	Online Media Technologies Ltd.	27.08.2009	22,9MB	
AVS4YOU Software Navigator 1.3	Online Media Technologies Ltd.	27.08.2009	8,84MB	
Bigfoot Networks LagMeter		28.09.2009	1,66MB	
Bonjour	Apple Inc.	29.03.2009	0,49MB	1.0.106
Business Contact Manager für Outlook 2007	Microsoft Corporation	07.07.2008	29,0MB	3.0.5828.0
CCleaner	Piriform	12.12.2009	2,80MB	
Cossacks - The Art Of War		05.12.2008	309,6MB	
CyberLink DVD Suite	CyberLink Corp.	14.09.2008	9,64MB	5.0.2403
CyberLink Power2Go	CyberLink Corp.	14.09.2008	52,4MB	5.0.3825
Die Schlacht um Mittelerde™ II		03.10.2009	5.243,0MB	
Die Sims™ Lebensgeschichten		24.07.2009	2.630,3MB	
Easy Battery Manager		14.09.2008	7,89MB	3.2.1.7
Easy Display Manager	Samsung	07.07.2008	12,4MB	2.0.0.0
Easy Network Manager 3.0	Ihr Firmenname	07.07.2008	36,9MB	3.0.0.0
Easy SpeedUp Manager		14.09.2008	4,00MB	2.0.1.0
FLV Player 2.0 (build 25)	Martijn de Visser	07.03.2009	1,95MB	2.0 (build 25)
Fraps		28.09.2009	1,47MB	
Free Audio CD Burner version 1.2	DVDVideoSoft Limited.	17.11.2009	2,60MB	
Free YouTube to MP3 Converter version 3.2	DVDVideoSoft Limited.	17.11.2009	2,20MB	
Freez FLV to MP3 Converter	www.smallvideosoft.com	29.11.2008	5,46MB	1.2
Gaming Mouse		27.11.2008	14,1MB	
HiJackThis	Trend Micro	11.12.2009	0,36MB	1.0.0
HijackThis 2.0.2	TrendMicro	11.12.2009	0,77MB	2.0.2
ICQ Toolbar	ICQ	27.10.2008		3.0.0
ICQ6.5	ICQ	12.10.2009	48,1MB	6.5
imagine digital freedom - Samsung	Samsung Electronics Co., LTD	07.07.2008	7,50MB	1.0.2.0
Intel(R) PROSet/Wireless WiFi-Software	Intel(R) Corporation	07.07.2008	78,3MB	12.00.2000
Intel® Matrix Storage Manager	Intel Corporation	14.09.2008	0,79MB	
iTunes	Apple Inc.	29.03.2009	106,0MB	8.1.0.52
Java(TM) 6 Update 16	Sun Microsystems, Inc.	08.12.2009	97,7MB	6.0.160
Kabale		05.12.2009	0,31MB	
LabelPrint	CyberLink Corp.	14.09.2008	106,4MB	.2406
LightScribe System Software  1.12.37.1	LightScribe	07.07.2008	20,9MB	1.12.37.1
Malwarebytes' Anti-Malware	Malwarebytes Corporation	12.12.2009	4,11MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	20.05.2009	37,4MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	20.05.2009	37,4MB	
Microsoft AutoRoute 2002	Microsoft	22.11.2008	192,5MB	9.00.17.0200
Microsoft Office 2003 Web Components	Microsoft Corporation	07.07.2008	21,7MB	11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies	Microsoft Corporation	07.07.2008	7,23MB	12.0.4518.1014
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	07.03.2009	34,7MB	12.0.4518.1014
Microsoft Office Small Business Connectivity Components	Microsoft Corporation	07.07.2008	0,15MB	2.0.7024.0
Microsoft Silverlight	Microsoft Corporation	20.05.2009	3,14MB	1.0.30401.0
Microsoft Small Basic v0.5.1	Microsoft Corporation	10.08.2009	5,11MB	0.5.1
Microsoft SQL Server 2005	Microsoft Corporation	07.07.2008	42,7MB	
Microsoft SQL Server 2008 Management Objects	Microsoft Corporation	20.05.2009	11,5MB	10.0.1600.22
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)	Microsoft Corporation	20.05.2009	2,87MB	3.5.5692.0
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)	Microsoft Corporation	20.05.2009	9,10MB	3.5.5692.0
Microsoft SQL Server Native Client	Microsoft Corporation	07.07.2008	2,59MB	9.00.2047.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	07.07.2008	0,68MB	9.00.2047.00
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU	Microsoft Corporation	20.05.2009	163,4MB	
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.07.2008	0,41MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	20.05.2009	0,57MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	19.03.2009	0,58MB	9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu	Microsoft Corporation	20.05.2009	5,74MB	3.5.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32	Microsoft Corporation	20.05.2009	2,61MB	6.1.5295.17011
Microsoft Word 2002	Microsoft Corporation	22.11.2008	105,0MB	10.0.2701.01
Microsoft Works 7.0 	Microsoft Corporation	22.11.2008	195,3MB	07.02.0702
Microsoft Works Suite-Add-Ins für Microsoft Word	Microsoft Corporation	22.11.2008	37,3MB	2.0.0.0000
MobileMe Control Panel	Apple Inc.	29.03.2009	6,74MB	2.4.0.27
MobMap 3.03	Slarti on EU-Blackhand	15.11.2008	5,70MB	
Mozilla Firefox (3.5.5)	Mozilla	12.11.2009	30,1MB	3.5.5 (de)
Musicmatch® Jukebox		23.07.2009	30,4MB	9.00.0156
NVIDIA Drivers		14.09.2008		
OpenOffice.org 3.1	OpenOffice.org	08.12.2009	371,1MB	3.1.9420
Play AVStation	Ihr Firmenname	07.07.2008	91,1MB	4.1.20.50
PlayCamera		24.10.2008	363,3MB	1.0.1.7
PowerDirector	CyberLink Corp.	14.09.2008	129,4MB	5.0.3927
PowerDVD	CyberLink Corp.	14.09.2008	114,4MB	7.0.3118.0
PowerProducer	CyberLink Corp.	14.09.2008	297,7MB	085120(3.7)_Vista_SSPC
Quest Creator - SHAREWARE		28.08.2009	4,22MB	
QuickTime	Apple Inc.	07.02.2009	74,4MB	7.60.92.0
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	07.07.2008	11,4MB	6.0.1.5605
RGSS-RTP Standard	Enterbrain	28.08.2009	22,5MB	1.0.0
RPG Maker VX	Enterbrain	05.09.2009	9,84MB	1.02
RPG Maker VX RTP	Enterbrain	05.09.2009	43,1MB	1.02
RPGXP	Enterbrain	28.08.2009	4,11MB	1.0.0
Samsung Magic Doctor	Samsung Electronics Co., LTD	14.09.2008	15,4MB	5.00
Samsung Recovery Solution III	Samsung	07.07.2008	36,5MB	3.0.0.5
Samsung Update Plus	Samsung Electronics Co., LTD	07.07.2008	5,64MB	1.3.0.11
Skype web features	Skype Technologies S.A.	24.10.2009	4,34MB	1.0.3971
Skype™ 4.1	Skype Technologies S.A.	24.10.2009	31,1MB	4.1.179
Spybot - Search & Destroy	Safer Networking Limited	10.12.2009	52,1MB	1.6.2
SQL Server System CLR Types	Microsoft Corporation	20.05.2009	0,81MB	10.0.1600.22
Synaptics Pointing Device Driver	Synaptics	07.07.2008	13,6MB	10.1.2.0
TeamSpeak 2 RC2	Dominating Bytes Design	08.11.2008		2.0.32.60
Uninstall 1.0.0.1		17.11.2009	27,2MB	
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	07.07.2008	23,2MB	9.00.2047.00
User Guide		14.09.2008	152,0MB	1.0
Vimicro UVC Camera	Vimicro Corporation	07.07.2008	2,15MB	1.00.0000
VLC media player 1.0.1	VideoLAN Team	27.08.2009	60,4MB	1.0.1
WIDCOMM Bluetooth Software 6.0.1.6300	WIDCOMM, Inc.	07.07.2008	35,5MB	6.0.1.6300
Windows Media Player Firefox Plugin	Microsoft Corp	20.05.2009	0,29MB	1.0.0.8
WinPcap 4.0 beta 2	CACE Technologies	28.09.2009	0,18MB	4.0.0.655
WinRAR		15.11.2008	3,68MB	
World of Warcraft	Blizzard Entertainment	10.12.2009		3.3.0.10958

Das wärs...
Und nachdem der Malwarebytes Anti-Malware Scan und Verschiebung in die Quarantäne abgeschlossen hat, ist mein PC runtergefahren. Ist das normal???

mfg Samuel

PS: Ist das wirklich nötig das ganze Zeug zu posten? War mir da unsicher, ist ja ziemlich viel Info...

kira · 13.12.2009, 19:39

hi

Ohne Informationen über dein System, können wir Dir nicht helfen..?!
Wenn du deinen PC mit dem Inet verbindest, er ist sowieso wie ein *offene Buchbindewerkstatt*
Aber Deine persönlichen Angaben/Daten (die persönliche Merkmale enthalten, wie Name, Seriennummer etc) kannst Du aus dem geposteten Logs heraus löschen

ansonsten nur zu Hause formatieren u neu installieren hilft...

1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`

Code:

ATTFilter

Ask Toolbar - Adware -Toolbar

2.
Falls noch vorhanden:
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

3.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.

`Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
`Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
für jedes Benutzerkonto bitte durchführen
anschließend den Papierkorb leeren

4.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 17 schon fällig!)
danach deinstalliere:
`Systemsteuerung → Software → Ändern/Entfernen...`

Code:

ATTFilter

Java(TM) 6 Update 16 (falls noch existiert)

um die neueste Version von Adobe zu erhalten klick hier: Adobe Reader

6.
Bitte unbedingt alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner - wähle hier "My computer" aus und das Logergebnis speichern "Save as" dann posten
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

TheChosenOne · 13.12.2009, 20:08

Also ich hab hier noch den Bericht von dem Antivir Rootkit Tool:

Code:

ATTFilter

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
 - Scan started Sonntag, 13. Dezember 2009 - 19:31:31
========================================================================================================

--------------------------------------------------------------------------------------------------------
   Configuration:
--------------------------------------------------------------------------------------------------------
 - [X] Scan files
 - [X] Scan registry
 - [X] Scan processes
 - [ ] Fast scan
 - Working disk total size : 144.09 GB
 - Working disk free size : 5.49 GB (3 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing\eventthrottlelastreported
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing\eventthrottlestate
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottleflushperiodms
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottlemaxevents
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottleblockperiodms
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottlemaxcontrolperiodms
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet001\Control\WMI\Autologger\SQMLogger\{2ff3e6b7-cb90-4700-9621-443f389734ed}
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet003\Control\WMI\Autologger\SQMLogger\{2ff3e6b7-cb90-4700-9621-443f389734ed}

--------------------------------------------------------------------------------------------------------
Files: 0/155473
Registry items: 8/465044
Processes: 0/81
Scan time: 00:31:31
--------------------------------------------------------------------------------------------------------
Active processes:
  - System           (PID 4)
  - spoolsv.exe      (PID 1648)
  - avguard.exe      (PID 568)
  - svchost.exe      (PID 1068)
  - svchost.exe      (PID 1108)
  - svchost.exe      (PID 1768)
  - smss.exe         (PID 456)
  - lsass.exe        (PID 700)
  - svchost.exe      (PID 984)
  - SearchIndexer.exe (PID 2468)
  - wh_exec.exe      (PID 1304)
  - unsecapp.exe     (PID 2776)
  - firefox.exe      (PID 4132)
  - WLanNetService.exe (PID 576)
  - AppleMobileDeviceService.exe (PID 12)
  - csrss.exe        (PID 588)
  - mDNSResponder.exe (PID 704)
  - svchost.exe      (PID 2360)
  - wininit.exe      (PID 640)
  - WmiPrvSE.exe     (PID 3580)
  - taskeng.exe      (PID 1656)
  - services.exe     (PID 684)
  - lsm.exe          (PID 708)
  - csrss.exe        (PID 652)
  - RtHDVCpl.exe     (PID 2436)
  - svchost.exe      (PID 848)
  - nvvsvc.exe       (PID 916)
  - svchost.exe      (PID 944)
  - svchost.exe      (PID 1032)
  - sidebar.exe      (PID 2372)
  - svchost.exe      (PID 992)
  - explorer.exe     (PID 3936)
  - svchost.exe      (PID 1236)
  - audiodg.exe      (PID 1160)
  - consent.exe      (PID 2980)
  - SLsvc.exe        (PID 1188)
  - msiexec.exe      (PID 4768)
  - EvtEng.exe       (PID 1224)
  - winlogon.exe     (PID 1332)
  - svchost.exe      (PID 1388)
  - ICQ Service.exe  (PID 1396)
  - sqlservr.exe     (PID 2116)
  - mbam.exe         (PID 5568)
  - avgnt.exe        (PID 3752)
  - mm_tray.exe      (PID 1644)
  - iTunesHelper.exe (PID 4036)
  - msiexec.exe      (PID 972)
  - rundll32.exe     (PID 1696)
  - MSASCui.exe      (PID 3972)
  - sched.exe        (PID 1744)
  - SynTPEnh.exe     (PID 2876)
  - TeaTimer.exe     (PID 1896)
  - ICQ.exe          (PID 3048)
  - PDVDServ.exe     (PID 2944)
  - LSSrvc.exe       (PID 2096)
  - svchost.exe      (PID 2200)
  - dwm.exe          (PID 3416)
  - RegSrvc.exe      (PID 2232)
  - RichVideo.exe    (PID 2284)
  - taskeng.exe      (PID 3348)
  - svchost.exe      (PID 2428)
  - msiexec.exe      (PID 504)
  - msiexec.exe      (PID 2448)
  - SDWinSec.exe     (PID 2708)
  - VSSVC.exe        (PID 5836)
  - iPodService.exe  (PID 4836)
  - taskeng.exe      (PID 3408)
  - msiexec.exe      (PID 5408)
  - EasyBatteryMgr3.exe (PID 3432)
  - avirarkd.exe     (PID 1664)
  - MagicDoctorKbdHk.exe (PID 3492)
  - dmhkcore.exe     (PID 3572)
  - EasySpeedUpManager.exe (PID 3720)
  - HijackThis.exe   (PID 4396)
  - LightScribeControlPanel.exe (PID 3924)
  - rundll32.exe     (PID 4004)
  - jre-6u17-windows-i586-iftw-rv.exe (PID 5800)
  - THGuard.exe      (PID 5968)
  - svchost.exe      (PID 5380)
  - naxsuvaq.exe     (PID 3848) (Avira AntiRootkit Tool)
  - SynTPHelper.exe  (PID 5040)
========================================================================================================
 - Scan finished  Sonntag, 13. Dezember 2009 - 20:03:03
========================================================================================================

Falls das was hilft....

und atm hab ich das Problem, das Bei HijackThis immer die meldung "Hijackthis is already running"

Außerdem habe ich noch eine Frage zu Schritt 3.
Wo finde ich den ordner etc...
eine genauere erklärung wäre nett.
mfg Sam

kira · 13.12.2009, 20:28

nein, sorry hast Du Vista...also Punkt 3. (http://www.trojaner-board.de/80311-a...ost486776)gilt nicht für dich, aber:
- alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
- c:\windows\temp
- anschließend den Papierkorb leeren

oder auch zusätzliche Ordner bereinigen lassen mit Ccleaner :
CCleaner als Admin starten→ gehe auf den Button links oben "Cleaner", setze Häkchen unter Reiter "Windows" (alle außer "Eingabefeld Verlauf" und bei "Erweitert" nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner").
Einstellungen → Benutzerdefiniert → Zu bereinigende Dateien und Ordner → Ordner hinzufügen :

Code:

ATTFilter

C:\Users\<DeinBenutzername>\AppData\Local\Temp\*.*
C:\Users\Default\AppData\Local\Temp\*.*
C:\Windows\Temp\*.*

Systemreinigung mit ccleaner

- CCleaner richtig und gefahrlos einsetzen
- Anleitung 1.
- Anleitung 2.
- Manual:CCleaner Handbuch

TheChosenOne · 16.12.2009, 17:12

Ok. Vielen Dank.
Mach mich mal an die Arbeit mit dem Kaspersky online Teil...
Bei meinem Internet ist das ne Sache von Stunden.

TheChosenOne · 30.12.2009, 14:58

noch ne frage:
ist mein pc jetzt in gefahr oder nicht?

konnte nämlich länger nicht ran...

versuche den online scan schon öfters aber dank meinem internet das häufig abbricht funktioniert das sehr schlecht...

ist das dringend?

mfg Sam

Alles o.k.?

Log-Analyse und Auswertung: Alles o.k.?

Alles o.k.?

Alles o.k.?

Alles o.k.?

Alles o.k.?

Alles o.k.?

Alles o.k.?

Alles o.k.?

Alles o.k.?

Alles o.k.?

Ähnliche Themen: Alles o.k.?

16.12.2009, 17:12	#8
TheChosenOne	Alles o.k.? Ok. Vielen Dank. Mach mich mal an die Arbeit mit dem Kaspersky online Teil... Bei meinem Internet ist das ne Sache von Stunden.

30.12.2009, 14:58	#9
TheChosenOne	Alles o.k.? noch ne frage: ist mein pc jetzt in gefahr oder nicht? konnte nämlich länger nicht ran... versuche den online scan schon öfters aber dank meinem internet das häufig abbricht funktioniert das sehr schlecht... ist das dringend? mfg Sam