| |
| |||||||
Log-Analyse und Auswertung: Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.08.2010, 17:22
| #1 | ||
| |  Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert) System: Windows Vista Premium Home 64-Bit SP-1 Virenschutz: AVG Anti-Virus Free Windows Firewall Hallo zusammen, ich habe mir gestern den Antimalware Virus eingefangen. Nachdem die Applikation gestartet war, habe ich die Internetverbindung unterbrochen und versucht das Programm im abgesicherten Modus zu deinstallieren (natürlich erfolglos - die Deinstallation hat nur wieder zum Start der Software geführt). Daraufhin habe ich die newsecureapp70700*32.exe im Taskmanager beendet und im Internet nach einer schnellen Lösung gesucht. Ich bin auf dieses Forum gestossen und habe diese Anleitung abgearbeitet. Nachdem ich einen Scan mit " Malwarebytes Anti-Malware " durchgeführt habe, war ich recht überrascht, denn es wurden 38 infizierte Dateien auf meinem System identifiziert. Ich konnte alle Infektionen entfernen, dennoch kann ich die "Ordner- und Suchoptionen" nicht mehr bearbeiten (nicht mehr anwählbar/grau hinterlegt). Hier wäre ein Lösungsvorschlag echt nett. Ansonsten würde ich gerne wissen, wie es nun um mein System steht und ob ich es neu aufsetzen muss. Malwarebytes Anti-Malware Log (direkt nach dem Bereinigen): Zitat:
Zitat:
RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by carisma at 2010-08-26 18:09:39 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 27 GB (18%) free of 150 GB Total RAM: 4086 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:09:42, on 26.08.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe C:\Program Files (x86)\AVG\AVG8\avgtray.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Razer\Diamondback\razerhid.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Razer\Diamondback\razertra.exe C:\Program Files (x86)\Razer\Diamondback\razerofa.exe C:\Program Files (x86)\Alice Software\AliceEinwahl.exe C:\Users\carisma\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\carisma.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback\razerhid.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A12E1963-74AB-481C-833F-2E591956EA6A}: NameServer = 213.191.92.87 62.109.123.6 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Google Update Service (gupdate1c9c2b9e9f04c85) (gupdate1c9c2b9e9f04c85) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7964 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{37FB543E-1C95-45F9-A9CA-0F12DD0296F2}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {AD6E6555-FB2C-47D4-8339-3E2965509877} - TerraTec Home Cinema - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL [2009-05-26 526336] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2010-07-09 2048352] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-11-04 413696] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744] "TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-06-19 198160] "Diamondback"=C:\Program Files (x86)\Razer\Diamondback\razerhid.exe [2007-02-14 147456] "SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968] "Remote Control Editor"=C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [2009-05-26 1449984] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoFolderOptions"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe"="C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe:*:Enabled:UUPlayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\SysWOW64\Notepad.exe %1 .js - open - C:\Windows\SysWOW64\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-26 18:09:39 ----D---- C:\rsit 2010-08-26 17:34:39 ----D---- C:\Program Files (x86)\trend micro 2010-08-26 02:08:07 ----D---- C:\Program Files (x86)\CCleaner 2010-08-25 23:39:09 ----D---- C:\Users\carisma\AppData\Roaming\Malwarebytes 2010-08-25 23:39:00 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys 2010-08-25 23:38:59 ----D---- C:\ProgramData\Malwarebytes 2010-08-25 23:38:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-08-25 23:26:30 ----ASH---- C:\hiberfil.sys 2010-08-25 21:32:44 ----D---- C:\Users\carisma\AppData\Roaming\90FDCB3FD5D77C447892E331FD7EC42E 2010-08-22 07:00:47 ----A---- C:\Windows\dd_ATL90SP1_KB973924MSI1640.txt 2010-08-22 07:00:43 ----A---- C:\Windows\dd_ATL90SP1_KB973924UI1640.txt 2010-08-21 17:31:40 ----D---- C:\Program Files (x86)\Microsoft.NET 2010-08-15 17:39:33 ----D---- C:\Users\carisma\AppData\Roaming\elsterformular 2010-08-15 17:31:59 ----D---- C:\ProgramData\elsterformular 2010-08-13 21:30:54 ----D---- C:\Users\carisma\AppData\Roaming\Mp3tag 2010-08-13 21:30:40 ----D---- C:\Program Files (x86)\Mp3tag 2010-08-13 09:30:58 ----D---- C:\Users\carisma\AppData\Roaming\WinRAR 2010-08-12 22:46:44 ----D---- C:\Program Files (x86)\eMule 2010-08-11 07:53:33 ----D---- C:\Users\carisma\AppData\Roaming\Adobe 2010-08-11 00:37:39 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-11 00:37:32 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-11 00:37:10 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-08-11 00:37:09 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-11 00:37:08 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-11 00:37:06 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-11 00:37:06 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\occache.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\ieUnatt.exe 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iesysprep.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iesetup.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iernonce.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\ie4uinit.exe 2010-08-11 00:37:04 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-11 00:37:04 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-11 00:37:01 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-11 00:36:58 ----A---- C:\Windows\SysWOW64\schannel.dll 2010-08-05 20:18:40 ----D---- C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers 2010-08-05 20:17:18 ----D---- C:\Program Files (x86)\Common Files\Skype 2010-08-04 00:37:34 ----A---- C:\Windows\SysWOW64\shell32.dll 2010-07-27 20:54:15 ----D---- C:\ProgramData\Stardock 2010-07-27 03:43:35 ----D---- C:\Program Files (x86)\Stardock 2010-07-27 01:01:55 ----SH---- C:\ProgramData\desktop.ini ======List of files/folders modified in the last 1 months====== 2010-08-26 18:08:43 ----D---- C:\Windows\Prefetch 2010-08-26 18:07:46 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-08-26 17:34:39 ----D---- C:\Program Files (x86) 2010-08-26 17:33:51 ----D---- C:\Windows\Temp 2010-08-26 17:31:21 ----D---- C:\Windows 2010-08-26 17:10:18 ----RD---- C:\ProgramData 2010-08-26 17:10:18 ----D---- C:\Windows\Tasks 2010-08-26 17:10:18 ----D---- C:\Program Files (x86)\Google 2010-08-26 16:53:23 ----D---- C:\Windows\System32 2010-08-26 16:53:23 ----D---- C:\Windows\inf 2010-08-26 09:37:06 ----HD---- C:\$AVG8.VAULT$ 2010-08-26 02:21:27 ----D---- C:\Windows\Debug 2010-08-26 02:03:02 ----D---- C:\Windows\SysWOW64 2010-08-26 02:00:55 ----SHD---- C:\System Volume Information 2010-08-25 23:39:00 ----D---- C:\Windows\SysWOW64\drivers 2010-08-25 22:40:32 ----D---- C:\Windows\WindowsMobile 2010-08-25 20:11:40 ----D---- C:\Program Files (x86)\Warcraft III 2010-08-25 10:22:22 ----A---- C:\Users\carisma\AppData\Roaming\GoodnightTimer.ini 2010-08-22 07:01:18 ----SHD---- C:\Windows\Installer 2010-08-22 07:01:15 ----D---- C:\Windows\winsxs 2010-08-21 17:32:03 ----RSD---- C:\Windows\assembly 2010-08-21 17:31:45 ----D---- C:\ProgramData\Microsoft 2010-08-21 03:51:53 ----D---- C:\Program Files (x86)\Common Files 2010-08-15 17:39:05 ----D---- C:\Program Files (x86)\ElsterFormular 2010-08-15 14:55:26 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe 2010-08-15 14:55:16 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe 2010-08-15 14:55:15 ----A---- C:\Windows\SysWOW64\pbsvc.exe 2010-08-14 21:06:53 ----SD---- C:\Users\carisma\AppData\Roaming\Microsoft 2010-08-13 09:30:05 ----RD---- C:\Program Files 2010-08-13 09:20:37 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-13 09:20:35 ----D---- C:\Program Files (x86)\Windows Mail 2010-08-13 09:20:34 ----D---- C:\Windows\SysWOW64\migration 2010-08-13 09:15:03 ----D---- C:\Windows\Microsoft.NET 2010-08-12 22:02:36 ----D---- C:\Users\carisma\AppData\Roaming\FileZilla 2010-08-05 20:31:07 ----D---- C:\Users\carisma\AppData\Roaming\Skype 2010-08-05 20:18:31 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft 2010-08-05 20:17:41 ----RD---- C:\Program Files (x86)\Skype 2010-08-05 20:17:16 ----D---- C:\ProgramData\Skype 2010-08-05 20:16:28 ----D---- C:\Users\carisma\AppData\Roaming\skypePM ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys [] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys [] R1 AvgTdiA;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdia.sys [] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032e.sys [] R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn64.sys [] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys [] R3 Razerlow;Razer Pro|Solutions; C:\Windows\system32\drivers\Razerlow.sys [] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [] S3 bdacap;PC-DTV Receiver; C:\Windows\system32\drivers\bdacap.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [] S3 mod7700;Cinergy T USB XXS service; C:\Windows\system32\DRIVERS\dvb7700all.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [] S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw3v64.sys [] S3 NETw4v64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw4v64.sys [] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S4 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [] S4 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [] S4 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe [] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-08-15 908056] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-08-15 75064] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 gupdate1c9c2b9e9f04c85;Google Update Service (gupdate1c9c2b9e9f04c85); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-21 133104] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-03-31 68096] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968] -----------------EOF----------------- RSIT info: [QUOTE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-26 18:09:44
======Uninstall list======
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AC3Filter (remove only)-->C:\Program Files (x86)\AC3Filter\uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Alice Software 4.10.0-->C:\Program Files (x86)\Alice Software\AliceUninstall.exe
AVG Free 8.5-->C:\Program Files (x86)\AVG\AVG8\setup.exe /UNINSTALL
bwin Poker (remove only)-->"C:\Program Files (x86)\bwin\uninstall.exe"
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Cinergy T USB XXS V2.03.03.29-->"C:\Program Files (x86)\Common Files\TerraTec\DriverInstall\Cinergy_T_USB_XXS\uninstall.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 deutsch (DeCSS-frei)-->"C:\Program Files (x86)\DVD Shrink DE\unins000.exe"
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly
ElsterFormular-->C:\Program Files (x86)\ElsterFormular\uninstall.exe
eMule-->"C:\Program Files (x86)\eMule\Uninstall.exe"
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files (x86)\ffdshow\unins000.exe"
FileZilla Client 3.2.0-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Flash Slideshow Generator 2.1.4-->"C:\Program Files (x86)\Flash Slideshow Generator\unins000.exe"
Free Audio CD Burner version 1.4-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.7-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Goodnight Timer 1.1-->"C:\Program Files (x86)\Goodnight Timer\unins000.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.71-->"C:\Program Files (x86)\gs\uninstgs.exe" "C:\Program Files (x86)\gs\gs8.71\uninstal.txt"
HijackThis 2.0.2-->"C:\Users\carisma\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
IETester v0.3.3 (remove only)-->"C:\Program Files (x86)\Core Services\IETester\uninstall.exe"
IZArc 3.81-->"C:\Program Files (x86)\IZArc\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Keycraft (remove only)-->"C:\Program Files (x86)\Warcraft III\Keycraft\uninstall.exe"
LogonStudio-->C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\UNWISE.EXE C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x7 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x7 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Mozilla Firefox (3.0.19)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.46a-->C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.EXE
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe
PhonerLite 1.61-->"C:\Program Files (x86)\PhonerLite\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Quake Live Internet Explorer Plugin-->MsiExec.exe /I{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}
Quake Live Mozilla Plugin-->MsiExec.exe /I{2BEB102E-F9CD-4881-984B-E288F66FD394}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Razer Diamondback-->C:\Program Files (x86)\InstallShield Installation Information\{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Samsung Master-->C:\Program Files (x86)\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0007 -removeonly
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0007 -removeonly
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.0.3-->C:\Program Files (x86)\SopCast\uninst.exe
SoundMAX-->C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe -runfromtemp -l0x0007 -removeonly
TerraTec Home Cinema-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Xvid 1.2.2 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe"
======Security center information======
AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows-Defender
======System event log======
Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195849
Source Name: Service Control Manager
Time Written: 20100826151017.000000-000
Event Type: Informationen
User:
Computer Name: carisma-PC
Event Code: 7040
Message: Der Starttyp des Diensts "Google Software Updater" wurde von Automatisch starten in Deaktiviert geändert.
Record Number: 195850
Source Name: Service Control Manager
Time Written: 20100826151017.000000-000
Event Type: Informationen
User: carisma-PC\carisma
Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet".
Record Number: 195851
Source Name: Service Control Manager
Time Written: 20100826151018.000000-000
Event Type: Informationen
User:
Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195852
Source Name: Service Control Manager
Time Written: 20100826152252.000000-000
Event Type: Informationen
User:
Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 195853
Source Name: Service Control Manager
Time Written: 20100826153922.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: carisma-PC
Event Code: 0
Message:
Record Number: 29844
Source Name: gusvc
Time Written: 20100826113711.000000-000
Event Type: Informationen
User:
Computer Name: carisma-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 29845
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100826145323.000000-000
Event Type: Informationen
User:
Computer Name: carisma-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 29846
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100826145323.000000-000
Event Type: Informationen
User:
Computer Name: carisma-PC
Event Code: 0
Message:
Record Number: 29847
Source Name: gusvc
Time Written: 20100826151017.000000-000
Event Type: Informationen
User:
Computer Name: carisma-PC
Event Code: 0
Message:
Record Number: 29848
Source Name: gusvc
Time Written: 20100826151018.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: carisma-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: CARISMA-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x264
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 56955
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093930.571559-000
Event Type: Überwachung erfolgreich
User:
Computer Name: carisma-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 56956
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093930.571559-000
Event Type: Überwachung erfolgreich
User:
Computer Name: carisma-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: CARISMA-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x264
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 56957
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093931.232559-000
Event Type: Überwachung erfolgreich
User:
Computer Name: carisma-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: CARISMA-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x264
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 56958
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093931.232559-000
Event Type: Überwachung erfolgreich
User:
Computer Name: carisma-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 56959
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093931.232559-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Vielen Dank für jegliche Hilfe! Geändert von coolibri (26.08.2010 um 17:24 Uhr) Grund: fehlender Link |
|
26.08.2010, 20:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert) Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
26.08.2010, 21:12
| #3 |
| | Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert) Hier die beiden logs...
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.08.2010 21:58:43 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\carisma\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,18 Gb Total Space | 27,12 Gb Free Space | 18,56% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CARISMA-PC Current User Name: carisma Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\carisma\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (NOXON Media GmbH) PRC - C:\Program Files (x86)\Alice Software\AliceEinwahl.exe (Hansenet) PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Program Files (x86)\Razer\Diamondback\razerhid.exe () PRC - C:\Program Files (x86)\Razer\Diamondback\razerofa.exe (Razer Inc.) PRC - C:\Program Files (x86)\Razer\Diamondback\razertra.exe () ========== Modules (SafeList) ========== MOD - C:\Users\carisma\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe () SRV:64bit: - (vysidsai) -- C:\Windows\SysNative\svchost.exe () SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (mod7700) -- C:\Windows\SysNative\DRIVERS\dvb7700all.sys () DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys () DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys () DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys () DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys () DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys () DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys () DRV:64bit: - (NETw4v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys () DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys () DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys () DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys () DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys () DRV:64bit: - (bdacap) -- C:\Windows\SysNative\drivers\bdacap.sys () DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys () DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\Razerlow.sys () DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys () DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys () DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/ig" FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4 FF - prefs.js..extensions.enabledItems: QLDP@peol:1.3.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.32 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.19 21:04:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.21 03:56:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.21 03:56:27 | 000,000,000 | ---D | M] [2009.01.11 02:20:54 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Extensions [2010.08.25 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions [2009.09.07 08:07:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.31 17:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.08.05 20:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.12.29 00:57:45 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2009.04.27 20:09:13 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008} [2009.12.29 00:59:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009.12.07 01:03:32 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\illimitux@illimitux.net [2010.02.01 22:41:38 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\QLDP@peol [2010.08.25 23:38:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2009.09.11 01:07:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.09.11 01:07:51 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2009.09.11 01:07:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.09.11 01:07:52 | 000,000,986 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.09.11 01:07:52 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe () O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe () O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe () O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\razerhid.exe () O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (NOXON Media GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h**p://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll () O24 - Desktop WallPaper: C:\Users\carisma\Pictures\Wallpaper\1224299804_dc97beefea_o.jpg O24 - Desktop BackupWallPaper: C:\Users\carisma\Pictures\Wallpaper\1224299804_dc97beefea_o.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{284cfc97-df26-11dd-b28b-001cbf242f22}\Shell\AutoRun\command - "" = G:\rEcycLER\dRiVER.EXe -- File not found O33 - MountPoints2\{284cfc97-df26-11dd-b28b-001cbf242f22}\Shell\eXPLORe\cOmmANd - "" = G:\rECyCLeR\drIvER.eXe -- File not found O33 - MountPoints2\{284cfc97-df26-11dd-b28b-001cbf242f22}\Shell\oPEn\coMMaNd - "" = G:\RECYCler\DrIVER.ExE -- File not found O33 - MountPoints2\{5f33a48f-ade5-11df-83a7-001a4b6ab0f9}\Shell\AutoRun\command - "" = wdsync.exe O33 - MountPoints2\{6872d818-a1db-11de-80d3-001a4b6ab0f9}\Shell - "" = AutoRun O33 - MountPoints2\{6872d818-a1db-11de-80d3-001a4b6ab0f9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.26 21:56:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\carisma\Desktop\OTL.exe [2010.08.26 18:34:05 | 000,000,000 | ---D | C] -- C:\Users\carisma\Desktop\Anti Viren [2010.08.26 18:09:39 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.26 17:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.08.26 02:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.08.25 23:39:09 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\Malwarebytes [2010.08.25 23:39:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.25 23:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.25 23:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.25 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Local\utpdoxuft [2010.08.25 21:32:44 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\90FDCB3FD5D77C447892E331FD7EC42E [2010.08.22 21:10:07 | 000,000,000 | ---D | C] -- C:\Users\carisma\Desktop\HTC HD [2010.08.21 17:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010.08.15 17:39:33 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\elsterformular [2010.08.15 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2010.08.13 21:30:54 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\Mp3tag [2010.08.13 21:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag [2010.08.13 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\WinRAR [2010.08.13 09:30:05 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2010.08.12 22:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule [2010.08.11 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Local\Adobe [2010.08.11 07:53:33 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\Adobe [2010.08.11 00:37:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.11 00:37:32 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.11 00:37:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.08.11 00:37:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.08.11 00:37:05 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.08.11 00:37:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.11 00:37:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.08.11 00:37:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.11 00:37:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.08.11 00:37:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.08.11 00:37:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.08.11 00:37:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.08.11 00:37:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.05 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.05 20:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\Users\carisma\Desktop\*.tmp files -> C:\Users\carisma\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.26 21:58:59 | 003,932,160 | -HS- | M] () -- C:\Users\carisma\NTUSER.DAT [2010.08.26 21:56:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\carisma\Desktop\OTL.exe [2010.08.26 21:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.26 21:23:27 | 000,005,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.26 21:23:27 | 000,005,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.26 19:57:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37FB543E-1C95-45F9-A9CA-0F12DD0296F2}.job [2010.08.26 16:53:23 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.26 16:53:23 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.26 16:53:23 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.26 16:53:23 | 000,122,648 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.26 16:53:23 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.26 15:40:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.26 09:23:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.26 09:23:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.26 09:23:21 | 4285,849,600 | -HS- | M] () -- C:\hiberfil.sys [2010.08.26 09:22:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.26 09:22:19 | 000,524,288 | -HS- | M] () -- C:\Users\carisma\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010.08.26 09:22:19 | 000,065,536 | -HS- | M] () -- C:\Users\carisma\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.08.26 09:22:18 | 002,583,830 | -H-- | M] () -- C:\Users\carisma\AppData\Local\IconCache.db [2010.08.26 01:13:38 | 063,880,571 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.08.25 21:35:30 | 000,000,005 | ---- | M] () -- C:\zrpt.xml [2010.08.25 10:22:22 | 000,000,059 | ---- | M] () -- C:\Users\carisma\AppData\Roaming\GoodnightTimer.ini [2010.08.23 16:03:23 | 000,342,385 | ---- | M] () -- C:\Users\carisma\Documents\HTC-Arvato Anleitung+Anschreiben.pdf [2010.08.23 15:46:22 | 000,027,136 | ---- | M] () -- C:\Users\carisma\Documents\HTC Garantie.doc [2010.08.22 22:17:56 | 000,243,712 | ---- | M] () -- C:\Users\carisma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.15 18:35:58 | 000,023,897 | ---- | M] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_USt_2009.pdf [2010.08.15 18:35:48 | 000,036,055 | ---- | M] () -- C:\Users\carisma\Documents\2.elfo [2010.08.15 18:34:26 | 000,039,327 | ---- | M] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_ESt_2009_1.pdf [2010.08.15 18:34:04 | 000,003,808 | ---- | M] () -- C:\Users\carisma\Documents\Komprimierte Steuererklaerung_ESt_2009.pdf [2010.08.15 18:32:53 | 000,057,531 | ---- | M] () -- C:\Users\carisma\Documents\1.elfo [2010.08.15 14:55:26 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.08.15 14:55:16 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.08.15 14:55:15 | 002,373,712 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.14 14:03:17 | 000,008,993 | -HS- | M] () -- C:\Users\carisma\Desktop\Folder.jpg [2010.08.14 14:03:17 | 000,002,031 | -HS- | M] () -- C:\Users\carisma\Desktop\AlbumArtSmall.jpg [2010.08.13 09:22:41 | 000,247,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.10 07:11:11 | 005,772,429 | ---- | M] () -- C:\Users\carisma\Documents\Zen V series manual.pdf [1 C:\Users\carisma\Desktop\*.tmp files -> C:\Users\carisma\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.25 23:38:59 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.25 23:26:30 | 4285,849,600 | -HS- | C] () -- C:\hiberfil.sys [2010.08.25 21:35:26 | 000,000,005 | ---- | C] () -- C:\zrpt.xml [2010.08.23 16:03:23 | 000,342,385 | ---- | C] () -- C:\Users\carisma\Documents\HTC-Arvato Anleitung+Anschreiben.pdf [2010.08.23 15:46:16 | 000,027,136 | ---- | C] () -- C:\Users\carisma\Documents\HTC Garantie.doc [2010.08.21 04:01:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.08.17 20:46:46 | 000,195,960 | ---- | C] () -- C:\Users\carisma\Desktop\Schwerpunktstudium incl Biotechnologie-13-01-10.pdf [2010.08.15 18:37:21 | 000,039,327 | ---- | C] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_ESt_2009_1.pdf [2010.08.15 18:37:21 | 000,023,897 | ---- | C] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_USt_2009.pdf [2010.08.15 18:33:59 | 000,003,808 | ---- | C] () -- C:\Users\carisma\Documents\Komprimierte Steuererklaerung_ESt_2009.pdf [2010.08.15 18:28:13 | 000,036,055 | ---- | C] () -- C:\Users\carisma\Documents\2.elfo [2010.08.15 18:17:08 | 000,057,531 | ---- | C] () -- C:\Users\carisma\Documents\1.elfo [2010.08.15 17:30:17 | 000,409,502 | ---- | C] () -- C:\Users\carisma\AppData\Local\dd_vcredistMSI5528.txt [2010.08.15 17:30:16 | 000,011,374 | ---- | C] () -- C:\Users\carisma\AppData\Local\dd_vcredistUI5528.txt [2010.08.14 14:03:12 | 000,008,993 | -HS- | C] () -- C:\Users\carisma\Desktop\Folder.jpg [2010.08.14 14:03:12 | 000,002,031 | -HS- | C] () -- C:\Users\carisma\Desktop\AlbumArtSmall.jpg [2010.08.11 00:37:41 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys [2010.08.11 00:37:39 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll [2010.08.11 00:37:37 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2010.08.11 00:37:37 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2010.08.11 00:37:34 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2010.08.11 00:37:27 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.11 00:37:12 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2010.08.11 00:37:12 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2010.08.11 00:37:10 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2010.08.11 00:37:06 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2010.08.11 00:37:06 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2010.08.11 00:37:06 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2010.08.11 00:37:06 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2010.08.11 00:37:06 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2010.08.11 00:37:05 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2010.08.11 00:37:05 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2010.08.11 00:37:05 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2010.08.11 00:37:05 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2010.08.11 00:37:05 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2010.08.11 00:37:05 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2010.08.11 00:37:05 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2010.08.11 00:37:05 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2010.08.11 00:37:05 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2010.08.11 00:37:05 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2010.08.11 00:37:04 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2010.08.11 00:37:04 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2010.08.11 00:37:04 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2010.08.11 00:37:01 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll [2010.08.11 00:36:58 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll [2010.08.10 07:09:48 | 005,772,429 | ---- | C] () -- C:\Users\carisma\Documents\Zen V series manual.pdf [2010.08.04 00:37:36 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll [2010.03.26 03:35:53 | 000,000,680 | ---- | C] () -- C:\Users\carisma\AppData\Local\d3d9caps.dat [2010.03.11 17:38:20 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.01.08 02:28:36 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.10.25 00:39:58 | 000,013,846 | ---- | C] () -- C:\Users\carisma\AppData\Local\dd_vcredistUI14CE.txt [2009.01.28 18:15:27 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.01.15 20:50:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.12 02:12:40 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.01.12 02:10:54 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2009.01.11 06:11:35 | 000,000,059 | ---- | C] () -- C:\Users\carisma\AppData\Roaming\GoodnightTimer.ini [2009.01.11 01:05:31 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.01.11 01:05:31 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.10 19:21:25 | 000,243,712 | ---- | C] () -- C:\Users\carisma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.10 16:59:20 | 000,000,732 | ---- | C] () -- C:\Users\carisma\AppData\Local\d3d9caps64.dat [2007.09.13 23:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll [2007.09.13 23:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll [2004.07.29 01:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll ========== LOP Check ========== [2010.08.26 02:03:02 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\90FDCB3FD5D77C447892E331FD7EC42E [2010.01.29 23:35:28 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\avidemux [2010.08.05 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.15 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\elsterformular [2010.02.15 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Facebook [2010.08.12 22:02:36 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\FileZilla [2010.06.30 21:16:20 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Hansenet [2010.08.13 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Mp3tag [2009.10.25 00:42:10 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\supertuxkart [2010.06.07 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\TerraTec [2009.01.11 03:30:00 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Weaverslave [2010.03.20 15:32:31 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Youtube Downloader HD [2010.08.26 09:22:23 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.08.26 19:57:01 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37FB543E-1C95-45F9-A9CA-0F12DD0296F2}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0A8E2C33 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.08.2010 21:58:43 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\carisma\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,18 Gb Total Space | 27,12 Gb Free Space | 18,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CARISMA-PC
Current User Name: carisma
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C0 E6 D0 F0 B5 75 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-798022246-3101898770-1844465478-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe" = C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe" = C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0303F02B-2A71-47F4-8DBA-274DE284C514}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28D7591B-8D33-441D-90B6-41C25A3CBE9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D49BE2C-9342-4C47-80FC-FBBCEAD221A0}" = rport=138 | protocol=17 | dir=out | app=system |
"{524BBF9F-A624-44D5-8E33-08EC0E8E85AC}" = lport=4662 | protocol=6 | dir=in | name=emule |
"{6DA16867-4611-4C35-A88C-718FDBE53872}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A4A0B1F4-3281-4A17-BB27-DB2813824B4B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B91F4FC5-2C87-457F-BA0C-023B21304242}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA680F9C-E4B1-46ED-9C0A-95D494CEEFB1}" = lport=4672 | protocol=17 | dir=in | name=emule |
"{CB69BB51-54D9-495A-8A41-8B9770F18CC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC48B4E3-7CFA-42BB-9137-BD00C9B6DF8A}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDAE9023-293E-4E5A-ACC4-FD6CB839D827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CEE58323-3CA5-467D-94C9-8AA0C3C8AE09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EDFA2FF9-6B73-4CA6-9C73-D3E194BE0915}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9FC8AC9-3A3C-4882-890F-0DA3A5648EAA}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201FFC5-0436-4CDA-A1B1-46063D44654B}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{02560820-1C41-4BA4-960E-4B51358C42F3}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{038D45CD-1756-4524-AFE9-81C92FFCCEE9}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{083AC072-B745-443A-9C4D-6D052829F6A2}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{17849BEF-045E-4F86-922E-44A45DBC55E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{27804793-386B-4A98-9304-21404B8D3343}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{309410D7-805D-46AA-89AA-7DECDF81410E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{31523A84-4BF2-4B42-939A-8F53821C8C2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36DB44F8-FF9E-43CA-8F6A-5E9AFEA3C083}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{40595233-C2B8-44D3-9A0E-FBE86A0364C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{466217C7-701F-472C-ACBE-D84BCE3B4B70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46D57F7B-F25D-4E0B-96B2-A145A06E041E}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{49EAED30-C9F8-4481-A1BF-80B14FC339F3}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{5D3F374B-7F5A-40D9-A6F1-DC970B7034FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6FEAA722-A926-4460-9DFD-42B3BE1F2FA3}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{774FEA87-72F1-476A-8C95-8CE24CAD74D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78497D2E-F526-40AC-B369-69EBF5B7D1AB}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{8D01BD93-6888-4FEA-A174-698C7D283218}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{90DF2D5B-0AEF-4722-9243-11DBC4EE7577}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{97ABBCDB-4528-4654-94B0-89A3CF135DBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AC872A40-A9A8-4252-88A2-A38E781A541A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AE64069A-2661-491C-8494-258CC160DCF1}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{C6DCF7B2-B3BC-432B-AEB8-C3ADF7E06CC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2B6C5FE-1E0D-4CDB-A5DC-CB34E5A636C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F45DAC8A-E0C8-4FF0-8BFA-023CB1C79F82}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{F93FAA98-23FE-4027-9B04-DFF7FA391610}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{1753595C-E3E3-48A4-9EEB-C7C8075320D4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{22D0F94F-DB2E-402B-89E2-E53B6203545C}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{28E7CDB1-0B87-40EB-90CF-3FB28A2A5B0D}F:\emule\emule.exe" = protocol=6 | dir=in | app=f:\emule\emule.exe |
"TCP Query User{2AD8DE3A-4266-4588-8B47-B7CC030B9114}E:\institut\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=e:\institut\fiji.app\fiji-win32.exe |
"TCP Query User{3F183A6D-5F3A-4BA3-94D5-F0FB25A95E3C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{5C283E32-F18E-4ECA-8F99-2F0257DDB8DF}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{5DA0A03D-DC78-43BB-B377-6AE51F2485C3}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{5FE3689A-0C4F-4A62-8BAB-4945518AC0FE}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{60FAB6DE-53C3-47C5-84C6-653D1A1DE5B3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{759CB01C-2A32-4FA1-AC65-4100AF09CCA6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7E725739-5E37-4E06-BD49-321A41D26E1B}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"TCP Query User{89BAA7B5-7366-47F4-9427-1E9875E2770A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{8F7D3826-4B42-4588-A664-6F56B4F1A411}C:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe |
"TCP Query User{97092A4A-DC09-4966-A5FF-48BCD7D3FB8C}F:\emule\emule.exe" = protocol=6 | dir=in | app=f:\emule\emule.exe |
"TCP Query User{9863B2F9-70C4-44D5-9753-7FD3D1844306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{9F836239-7EC9-4E96-8C1E-C2CA15934BEE}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"TCP Query User{AE6B2ADD-FEFB-412C-9F1A-5E6E2AA1FDEA}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{B0623A47-808C-430C-A62C-A061F27F12BF}E:\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule\emule.exe |
"TCP Query User{B86E908B-76F3-4F07-B72E-509618D8178C}C:\users\carisma\documents\institut\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\documents\institut\fiji.app\fiji-win32.exe |
"TCP Query User{B93F026F-8BB8-4F6E-AB33-C5A14A11EDA0}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"TCP Query User{BE16EDC0-746F-432C-904F-8C17745880DE}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"TCP Query User{C09145C3-C5CB-40F3-8D66-4160F52A5687}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"TCP Query User{CA55017C-DFFB-4C46-BB28-503D2CC8370F}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"TCP Query User{D0A665D5-95CE-4EB4-9C35-CA7635C21933}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{F81DC666-F92D-474B-B60C-FA0BB55248A2}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{0466939A-90A5-4ECB-8C62-D6E310D322BC}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"UDP Query User{06ABDA15-D84A-4C22-8376-346E20DA46B9}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{0D7BE5C3-D009-4CE0-A525-DD73191BBE1D}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{13286A44-E252-452E-9333-623588FC3857}E:\institut\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=e:\institut\fiji.app\fiji-win32.exe |
"UDP Query User{1CF138F2-3C09-4F16-846C-79B258C31724}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1FA3068E-5E0F-43AC-9609-869C50CDA009}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{31A92D8A-2283-4BDE-B649-8F61E8588B07}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"UDP Query User{34EFC64A-AFCF-4A7A-B4F3-4F95853A4949}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{3F15C443-0604-42AC-8ADD-A67980629FC6}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{499E5B63-6F13-48B3-963A-C830A7494C46}C:\users\carisma\documents\institut\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\documents\institut\fiji.app\fiji-win32.exe |
"UDP Query User{63ADA674-8B18-47CB-8F13-C0FC0C701053}F:\emule\emule.exe" = protocol=17 | dir=in | app=f:\emule\emule.exe |
"UDP Query User{6F2E549E-5195-4754-995F-37B2B7277503}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{711741D7-94F2-44F6-B694-4C5E1A6FE528}C:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe |
"UDP Query User{A7E5F8AB-34E8-44E7-8A2D-7BEF8B01E214}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"UDP Query User{A8EC7A8A-AAE6-48A5-9403-4C4F44097C93}F:\emule\emule.exe" = protocol=17 | dir=in | app=f:\emule\emule.exe |
"UDP Query User{B466F197-3D57-4028-B1F1-DD9EFF943792}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{BAEC4D57-B0AD-40FB-BB58-223C6C4605BA}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{BC107EB5-8B19-4636-8021-B8CD77F959F2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{BC781F09-A9E8-4FF2-9CA1-228D4284045D}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"UDP Query User{C0BDD428-B7B5-40BF-8A76-92381B2F3DAD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C29E0E5B-1A16-49E4-9441-A4647947FC24}E:\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule\emule.exe |
"UDP Query User{C6518C1B-F06E-4A58-839E-8E6013D62284}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{D09C4387-7112-4DF8-914D-C4A41D8C4B56}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{F0D07171-9C24-4CE7-A2AB-BC3F0AF591EA}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{F453942A-9E13-49BE-8168-D6A6A7B10861}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{3A8386F4-A9CC-4395-B9D2-C7E864260B51}" = Windows Mobile-Gerätecenter: Treiberupdate
"{52784483-7088-4A4C-81E2-808303AD98F5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFA48C6E-A32B-4FC6-8170-4212DDCF7284}" = Microsoft LifeChat
"{F44F6BAB-6988-4E61-A4B2-73E749F56A65}" = Windows Mobile-Gerätecenter
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSet" = Intel(R) Network Connections Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}" = Quake Live Internet Explorer Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice Software" = Alice Software 4.10.0
"AVG8Uninstall" = AVG Free 8.5
"bwin" = bwin Poker (remove only)
"CCleaner" = CCleaner
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ElsterFormular 11.5.0.4546" = ElsterFormular
"eMule" = eMule
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.2.0
"Flash Slideshow Generator_is1" = Flash Slideshow Generator 2.1.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Goodnight Timer_is1" = Goodnight Timer 1.1
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HijackThis" = HijackThis 2.0.2
"IETester" = IETester v0.3.3 (remove only)
"Keycraft" = Keycraft (remove only)
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mp3tag" = Mp3tag v2.46a
"PhonerLite_is1" = PhonerLite 1.61
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 3.0.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.08.2010 15:32:50 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.08.2010 15:39:13 | Computer Name = carisma-PC | Source = EventSystem | ID = 4609
Description =
Error - 25.08.2010 17:28:33 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.08.2010 17:28:45 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.08.2010 19:14:13 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.08.2010 20:00:25 | Computer Name = carisma-PC | Source = VSS | ID = 8194
Description =
Error - 25.08.2010 20:09:06 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.08.2010 20:09:23 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.08.2010 03:34:03 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.08.2010 03:34:06 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 25.08.2010 17:26:40 | Computer Name = carisma-PC | Source = HTTP | ID = 15016
Description =
Error - 25.08.2010 17:28:08 | Computer Name = carisma-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 25.08.2010 17:28:45 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 25.08.2010 17:28:49 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 25.08.2010 20:05:31 | Computer Name = carisma-PC | Source = HTTP | ID = 15016
Description =
Error - 25.08.2010 20:09:06 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 25.08.2010 20:09:25 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 26.08.2010 03:23:29 | Computer Name = carisma-PC | Source = HTTP | ID = 15016
Description =
Error - 26.08.2010 03:34:09 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 26.08.2010 03:34:12 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
< End of report >
Geändert von coolibri (26.08.2010 um 21:18 Uhr) Grund: OTL + Extras |
|
26.08.2010, 21:47
| #4 | ||
| | Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert) Hallo nochmal, ich habe nun mein Problem mit den deaktivierten "Ordner- und Suchoptionen" lösen können. Nachdem ich Anti-Malware nach der Bereinigung erneut laufen liess gab es ja noch diesen Eintrag: Zitat:
Ich glaube, dass mein System nun eigentlich "sauber" sein dürfte, wäre aber trotzdem nett wenn ihr noch einmal in die Logs schaut und mir ggfs. noch andere Scan-Software empfehlen könntet. Hier die Anleitung: Zitat:
 |
|
27.08.2010, 08:52
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert) |
| .vault, 64-bit, adware.adrotator, adware.bho, agere systems, applikation, avg free, browser, converter, desktop, device driver, e-mail, entfernen, excel, flash player, hdaudio.sys, helper, hijack.folderoptions, hijackthis, home, home premium, infizierte dateien, launch, local\temp, logfile, mozilla, mp3, msiexec.exe, neu aufsetzen, notepad.exe, programdata, programm, registry, remote control, rogue.antimalwaredoctor, rogue.securitysuite, scan, software, start menu, starten, svchost.exe, system, syswow64, taskmanager, trojan.agent.ge, usb, usbvideo.sys, vista, windows, wscript.exe |
Linear-Darstellung
