Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert) (https://www.trojaner-board.de/90034-antimalware-doctor-andere-schaedlinge-entfernt-ordner-suchoptionen-deaktiviert.html)

coolibri 26.08.2010 17:22
Antimalware Doctor und andere Schädlinge entfernt (Ordner- und Suchoptionen deaktiviert)
 
System: Windows Vista Premium Home 64-Bit SP-1
Virenschutz: AVG Anti-Virus Free
Windows Firewall

Hallo zusammen,

ich habe mir gestern den Antimalware Virus eingefangen. Nachdem die Applikation gestartet war, habe ich die Internetverbindung unterbrochen und versucht das Programm im abgesicherten Modus zu deinstallieren (natürlich erfolglos - die Deinstallation hat nur wieder zum Start der Software geführt).

Daraufhin habe ich die newsecureapp70700*32.exe im Taskmanager beendet und im Internet nach einer schnellen Lösung gesucht. Ich bin auf dieses Forum gestossen und habe diese Anleitung abgearbeitet.

Nachdem ich einen Scan mit "Malwarebytes Anti-Malware" durchgeführt habe, war ich recht überrascht, denn es wurden 38 infizierte Dateien auf meinem System identifiziert.

Ich konnte alle Infektionen entfernen, dennoch kann ich die "Ordner- und Suchoptionen" nicht mehr bearbeiten (nicht mehr anwählbar/grau hinterlegt). Hier wäre ein Lösungsvorschlag echt nett. Ansonsten würde ich gerne wissen, wie es nun um mein System steht und ob ich es neu aufsetzen muss.

Malwarebytes Anti-Malware Log (direkt nach dem Bereinigen):
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4479

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

26.08.2010 02:03:02
mbam-log-2010-08-26 (02-03-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 309055
Laufzeit: 2 Stunde(n), 11 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 11
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 38

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b4ba40a2-75f1-51bd-f413-04b15a2c8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4ba40a2-75f1-51bd-f413-04b15a2c8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ba40a2-75f1-51bd-f413-04b15a2c8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\haw389r7uifhdfigdhudf (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trawgd327uhf838jdfdsfdfds (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trawgd327uhf838jdfdsfdfds (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chelhrkl (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\macnweorxs.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b4ba40a2-75f1-51bd-f413-04b15a2c8953} (Trojan.ErtFor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\carisma\AppData\Roaming\90FDCB3FD5D77C447892E331FD7EC42E\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\qh5djqzw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\csrss.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\utpdoxuft\ffmbrskshdw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\macnweorxs.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\w48667.dll (Trojan.ErtFor) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUPO4ED2\mqupjickr[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\1359469261.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\1491399261.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\2863199261.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\Czj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\ecsmoxwran.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\gv51n.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\iexplarer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\knam.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\op92b1.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\r2nbwd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\st_la819_1930.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\svchost.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\sxcfgslr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\gdi32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\iexplarer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\lsass.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\services.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\setup.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\sysedit.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\win32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\winamp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\q9i26j.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\w48667.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\q9i26j.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\carisma\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\carisma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
Malwarebytes Anti-Malware Log (zweiter Scan nach dem Bereinigen):
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4479

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

26.08.2010 09:21:45
mbam-log-2010-08-26 (09-21-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 302851
Laufzeit: 1 Stunde(n), 48 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
RSIT Log (1 Monat):
RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by carisma at 2010-08-26 18:09:39
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 27 GB (18%) free of 150 GB
Total RAM: 4086 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:09:42, on 26.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Razer\Diamondback\razerhid.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Razer\Diamondback\razertra.exe
C:\Program Files (x86)\Razer\Diamondback\razerofa.exe
C:\Program Files (x86)\Alice Software\AliceEinwahl.exe
C:\Users\carisma\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\carisma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Diamondback] "C:\Program Files (x86)\Razer\Diamondback\razerhid.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A12E1963-74AB-481C-833F-2E591956EA6A}: NameServer = 213.191.92.87 62.109.123.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate1c9c2b9e9f04c85) (gupdate1c9c2b9e9f04c85) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7964 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{37FB543E-1C95-45F9-A9CA-0F12DD0296F2}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{AD6E6555-FB2C-47D4-8339-3E2965509877} - TerraTec Home Cinema - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL [2009-05-26 526336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2010-07-09 2048352]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-11-04 413696]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-06-19 198160]
"Diamondback"=C:\Program Files (x86)\Razer\Diamondback\razerhid.exe [2007-02-14 147456]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1555968]
"Remote Control Editor"=C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [2009-05-26 1449984]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe"="C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe:*:Enabled:UUPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-26 18:09:39 ----D---- C:\rsit
2010-08-26 17:34:39 ----D---- C:\Program Files (x86)\trend micro
2010-08-26 02:08:07 ----D---- C:\Program Files (x86)\CCleaner
2010-08-25 23:39:09 ----D---- C:\Users\carisma\AppData\Roaming\Malwarebytes
2010-08-25 23:39:00 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-08-25 23:38:59 ----D---- C:\ProgramData\Malwarebytes
2010-08-25 23:38:59 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-25 23:26:30 ----ASH---- C:\hiberfil.sys
2010-08-25 21:32:44 ----D---- C:\Users\carisma\AppData\Roaming\90FDCB3FD5D77C447892E331FD7EC42E
2010-08-22 07:00:47 ----A---- C:\Windows\dd_ATL90SP1_KB973924MSI1640.txt
2010-08-22 07:00:43 ----A---- C:\Windows\dd_ATL90SP1_KB973924UI1640.txt
2010-08-21 17:31:40 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-08-15 17:39:33 ----D---- C:\Users\carisma\AppData\Roaming\elsterformular
2010-08-15 17:31:59 ----D---- C:\ProgramData\elsterformular
2010-08-13 21:30:54 ----D---- C:\Users\carisma\AppData\Roaming\Mp3tag
2010-08-13 21:30:40 ----D---- C:\Program Files (x86)\Mp3tag
2010-08-13 09:30:58 ----D---- C:\Users\carisma\AppData\Roaming\WinRAR
2010-08-12 22:46:44 ----D---- C:\Program Files (x86)\eMule
2010-08-11 07:53:33 ----D---- C:\Users\carisma\AppData\Roaming\Adobe
2010-08-11 00:37:39 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-11 00:37:32 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-11 00:37:10 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-08-11 00:37:09 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-11 00:37:08 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-11 00:37:06 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-11 00:37:06 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\occache.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-11 00:37:05 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-08-11 00:37:04 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-11 00:37:04 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-11 00:37:01 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-11 00:36:58 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-08-05 20:18:40 ----D---- C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-05 20:17:18 ----D---- C:\Program Files (x86)\Common Files\Skype
2010-08-04 00:37:34 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-07-27 20:54:15 ----D---- C:\ProgramData\Stardock
2010-07-27 03:43:35 ----D---- C:\Program Files (x86)\Stardock
2010-07-27 01:01:55 ----SH---- C:\ProgramData\desktop.ini

======List of files/folders modified in the last 1 months======

2010-08-26 18:08:43 ----D---- C:\Windows\Prefetch
2010-08-26 18:07:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-08-26 17:34:39 ----D---- C:\Program Files (x86)
2010-08-26 17:33:51 ----D---- C:\Windows\Temp
2010-08-26 17:31:21 ----D---- C:\Windows
2010-08-26 17:10:18 ----RD---- C:\ProgramData
2010-08-26 17:10:18 ----D---- C:\Windows\Tasks
2010-08-26 17:10:18 ----D---- C:\Program Files (x86)\Google
2010-08-26 16:53:23 ----D---- C:\Windows\System32
2010-08-26 16:53:23 ----D---- C:\Windows\inf
2010-08-26 09:37:06 ----HD---- C:\$AVG8.VAULT$
2010-08-26 02:21:27 ----D---- C:\Windows\Debug
2010-08-26 02:03:02 ----D---- C:\Windows\SysWOW64
2010-08-26 02:00:55 ----SHD---- C:\System Volume Information
2010-08-25 23:39:00 ----D---- C:\Windows\SysWOW64\drivers
2010-08-25 22:40:32 ----D---- C:\Windows\WindowsMobile
2010-08-25 20:11:40 ----D---- C:\Program Files (x86)\Warcraft III
2010-08-25 10:22:22 ----A---- C:\Users\carisma\AppData\Roaming\GoodnightTimer.ini
2010-08-22 07:01:18 ----SHD---- C:\Windows\Installer
2010-08-22 07:01:15 ----D---- C:\Windows\winsxs
2010-08-21 17:32:03 ----RSD---- C:\Windows\assembly
2010-08-21 17:31:45 ----D---- C:\ProgramData\Microsoft
2010-08-21 03:51:53 ----D---- C:\Program Files (x86)\Common Files
2010-08-15 17:39:05 ----D---- C:\Program Files (x86)\ElsterFormular
2010-08-15 14:55:26 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2010-08-15 14:55:16 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe
2010-08-15 14:55:15 ----A---- C:\Windows\SysWOW64\pbsvc.exe
2010-08-14 21:06:53 ----SD---- C:\Users\carisma\AppData\Roaming\Microsoft
2010-08-13 09:30:05 ----RD---- C:\Program Files
2010-08-13 09:20:37 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-13 09:20:35 ----D---- C:\Program Files (x86)\Windows Mail
2010-08-13 09:20:34 ----D---- C:\Windows\SysWOW64\migration
2010-08-13 09:15:03 ----D---- C:\Windows\Microsoft.NET
2010-08-12 22:02:36 ----D---- C:\Users\carisma\AppData\Roaming\FileZilla
2010-08-05 20:31:07 ----D---- C:\Users\carisma\AppData\Roaming\Skype
2010-08-05 20:18:31 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-08-05 20:17:41 ----RD---- C:\Program Files (x86)\Skype
2010-08-05 20:17:16 ----D---- C:\ProgramData\Skype
2010-08-05 20:16:28 ----D---- C:\Users\carisma\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx64;AVG Free AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
R1 AvgTdiA;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdia.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032e.sys []
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn64.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 Razerlow;Razer Pro|Solutions; C:\Windows\system32\drivers\Razerlow.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
S3 bdacap;PC-DTV Receiver; C:\Windows\system32\drivers\bdacap.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
S3 mod7700;Cinergy T USB XXS service; C:\Windows\system32\DRIVERS\dvb7700all.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw3v64.sys []
S3 NETw4v64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw4v64.sys []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys []
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys []
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys []
S4 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys []
S4 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-08-15 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-08-15 297752]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-08-15 75064]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 gupdate1c9c2b9e9f04c85;Google Update Service (gupdate1c9c2b9e9f04c85); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-03-31 68096]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]

-----------------EOF-----------------
--- --- ---


RSIT info:
[QUOTE]info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.08 2010-08-26 18:09:44

======Uninstall list======

-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AC3Filter (remove only)-->C:\Program Files (x86)\AC3Filter\uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Alice Software 4.10.0-->C:\Program Files (x86)\Alice Software\AliceUninstall.exe
AVG Free 8.5-->C:\Program Files (x86)\AVG\AVG8\setup.exe /UNINSTALL
bwin Poker (remove only)-->"C:\Program Files (x86)\bwin\uninstall.exe"
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Cinergy T USB XXS V2.03.03.29-->"C:\Program Files (x86)\Common Files\TerraTec\DriverInstall\Cinergy_T_USB_XXS\uninstall.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2 deutsch (DeCSS-frei)-->"C:\Program Files (x86)\DVD Shrink DE\unins000.exe"
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7  -removeonly
ElsterFormular-->C:\Program Files (x86)\ElsterFormular\uninstall.exe
eMule-->"C:\Program Files (x86)\eMule\Uninstall.exe"
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files (x86)\ffdshow\unins000.exe"
FileZilla Client 3.2.0-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Flash Slideshow Generator 2.1.4-->"C:\Program Files (x86)\Flash Slideshow Generator\unins000.exe"
Free Audio CD Burner version 1.4-->"C:\Program Files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.7-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Goodnight Timer 1.1-->"C:\Program Files (x86)\Goodnight Timer\unins000.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.71-->"C:\Program Files (x86)\gs\uninstgs.exe" "C:\Program Files (x86)\gs\gs8.71\uninstal.txt"
HijackThis 2.0.2-->"C:\Users\carisma\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
IETester v0.3.3 (remove only)-->"C:\Program Files (x86)\Core Services\IETester\uninstall.exe"
IZArc 3.81-->"C:\Program Files (x86)\IZArc\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Keycraft (remove only)-->"C:\Program Files (x86)\Warcraft III\Keycraft\uninstall.exe"
LogonStudio-->C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\UNWISE.EXE C:\PROGRA~2\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x7 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x7 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Mozilla Firefox (3.0.19)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.46a-->C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.EXE
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe
PhonerLite 1.61-->"C:\Program Files (x86)\PhonerLite\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Quake Live Internet Explorer Plugin-->MsiExec.exe /I{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}
Quake Live Mozilla Plugin-->MsiExec.exe /I{2BEB102E-F9CD-4881-984B-E288F66FD394}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Razer Diamondback-->C:\Program Files (x86)\InstallShield Installation Information\{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Samsung Master-->C:\Program Files (x86)\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0007 -removeonly
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0007 -removeonly
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.0.3-->C:\Program Files (x86)\SopCast\uninst.exe
SoundMAX-->C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe -runfromtemp -l0x0007 -removeonly
TerraTec Home Cinema-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Xvid 1.2.2 final uninstall-->"C:\Program Files (x86)\Xvid\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows-Defender

======System event log======

Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195849
Source Name: Service Control Manager
Time Written: 20100826151017.000000-000
Event Type: Informationen
User:

Computer Name: carisma-PC
Event Code: 7040
Message: Der Starttyp des Diensts "Google Software Updater" wurde von Automatisch starten in Deaktiviert geändert.
Record Number: 195850
Source Name: Service Control Manager
Time Written: 20100826151017.000000-000
Event Type: Informationen
User: carisma-PC\carisma

Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet".
Record Number: 195851
Source Name: Service Control Manager
Time Written: 20100826151018.000000-000
Event Type: Informationen
User:

Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 195852
Source Name: Service Control Manager
Time Written: 20100826152252.000000-000
Event Type: Informationen
User:

Computer Name: carisma-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 195853
Source Name: Service Control Manager
Time Written: 20100826153922.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: carisma-PC
Event Code: 0
Message:
Record Number: 29844
Source Name: gusvc
Time Written: 20100826113711.000000-000
Event Type: Informationen
User:

Computer Name: carisma-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 29845
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100826145323.000000-000
Event Type: Informationen
User:

Computer Name: carisma-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 29846
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100826145323.000000-000
Event Type: Informationen
User:

Computer Name: carisma-PC
Event Code: 0
Message:
Record Number: 29847
Source Name: gusvc
Time Written: 20100826151017.000000-000
Event Type: Informationen
User:

Computer Name: carisma-PC
Event Code: 0
Message:
Record Number: 29848
Source Name: gusvc
Time Written: 20100826151018.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: carisma-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                CARISMA-PC$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7

Anmeldetyp:                        5

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x264
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Arbeitsstationsname:       
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                Advapi 
        Authentifizierungspaket:        Negotiate
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 56955
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093930.571559-000
Event Type: Überwachung erfolgreich
User:

Computer Name: carisma-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7

Berechtigungen:                SeAssignPrimaryTokenPrivilege
                        SeTcbPrivilege
                        SeSecurityPrivilege
                        SeTakeOwnershipPrivilege
                        SeLoadDriverPrivilege
                        SeBackupPrivilege
                        SeRestorePrivilege
                        SeDebugPrivilege
                        SeAuditPrivilege
                        SeSystemEnvironmentPrivilege
                        SeImpersonatePrivilege
Record Number: 56956
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093930.571559-000
Event Type: Überwachung erfolgreich
User:

Computer Name: carisma-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                CARISMA-PC$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Zielserver:
        Zielservername:        localhost
        Weitere Informationen:        localhost

Prozessinformationen:
        Prozess-ID:                0x264
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Netzwerkadresse:        -
        Port:                        -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 56957
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093931.232559-000
Event Type: Überwachung erfolgreich
User:

Computer Name: carisma-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                CARISMA-PC$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7

Anmeldetyp:                        5

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x264
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Arbeitsstationsname:       
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                Advapi 
        Authentifizierungspaket:        Negotiate
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 56958
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093931.232559-000
Event Type: Überwachung erfolgreich
User:

Computer Name: carisma-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7

Berechtigungen:                SeAssignPrimaryTokenPrivilege
                        SeTcbPrivilege
                        SeSecurityPrivilege
                        SeTakeOwnershipPrivilege
                        SeLoadDriverPrivilege
                        SeBackupPrivilege
                        SeRestorePrivilege
                        SeDebugPrivilege
                        SeAuditPrivilege
                        SeSystemEnvironmentPrivilege
                        SeImpersonatePrivilege
Record Number: 56959
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100826093931.232559-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
--- --- ---


Vielen Dank für jegliche Hilfe!

cosinus 26.08.2010 20:48
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

coolibri 26.08.2010 21:12
Hier die beiden logs...

OTL Logfile:
Code:
OTL logfile created on: 26.08.2010 21:58:43 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\carisma\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,18 Gb Total Space | 27,12 Gb Free Space | 18,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CARISMA-PC
Current User Name: carisma
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\carisma\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (NOXON Media GmbH)
PRC - C:\Program Files (x86)\Alice Software\AliceEinwahl.exe (Hansenet)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Razer\Diamondback\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback\razerofa.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Razer\Diamondback\razertra.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\carisma\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (vysidsai) -- C:\Windows\SysNative\svchost.exe ()
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\DRIVERS\dvb7700all.sys ()
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys ()
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys ()
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (NETw4v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys ()
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys ()
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys ()
DRV:64bit: - (bdacap) -- C:\Windows\SysNative\drivers\bdacap.sys ()
DRV:64bit: - (NETw3v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\DRIVERS\cpqbttn64.sys ()
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\Razerlow.sys ()
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys ()
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.4
FF - prefs.js..extensions.enabledItems: QLDP@peol:1.3.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.32
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.06.19 21:04:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.21 03:56:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.21 03:56:27 | 000,000,000 | ---D | M]
 
[2009.01.11 02:20:54 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Extensions
[2010.08.25 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions
[2009.09.07 08:07:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.31 17:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.08.05 20:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.12.29 00:57:45 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2009.04.27 20:09:13 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009.12.29 00:59:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.12.07 01:03:32 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\illimitux@illimitux.net
[2010.02.01 22:41:38 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\mozilla\Firefox\Profiles\qago9me3.default\extensions\QLDP@peol
[2010.08.25 23:38:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.09.11 01:07:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.09.11 01:07:51 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.09.11 01:07:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.11 01:07:52 | 000,000,986 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.09.11 01:07:52 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (NOXON Media GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} h**p://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\carisma\Pictures\Wallpaper\1224299804_dc97beefea_o.jpg
O24 - Desktop BackupWallPaper: C:\Users\carisma\Pictures\Wallpaper\1224299804_dc97beefea_o.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{284cfc97-df26-11dd-b28b-001cbf242f22}\Shell\AutoRun\command - "" = G:\rEcycLER\dRiVER.EXe -- File not found
O33 - MountPoints2\{284cfc97-df26-11dd-b28b-001cbf242f22}\Shell\eXPLORe\cOmmANd - "" = G:\rECyCLeR\drIvER.eXe -- File not found
O33 - MountPoints2\{284cfc97-df26-11dd-b28b-001cbf242f22}\Shell\oPEn\coMMaNd - "" = G:\RECYCler\DrIVER.ExE -- File not found
O33 - MountPoints2\{5f33a48f-ade5-11df-83a7-001a4b6ab0f9}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{6872d818-a1db-11de-80d3-001a4b6ab0f9}\Shell - "" = AutoRun
O33 - MountPoints2\{6872d818-a1db-11de-80d3-001a4b6ab0f9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.26 21:56:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\carisma\Desktop\OTL.exe
[2010.08.26 18:34:05 | 000,000,000 | ---D | C] -- C:\Users\carisma\Desktop\Anti Viren
[2010.08.26 18:09:39 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.26 17:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.08.26 02:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.08.25 23:39:09 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\Malwarebytes
[2010.08.25 23:39:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.25 23:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.25 23:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.25 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Local\utpdoxuft
[2010.08.25 21:32:44 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\90FDCB3FD5D77C447892E331FD7EC42E
[2010.08.22 21:10:07 | 000,000,000 | ---D | C] -- C:\Users\carisma\Desktop\HTC HD
[2010.08.21 17:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.08.15 17:39:33 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\elsterformular
[2010.08.15 17:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2010.08.13 21:30:54 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\Mp3tag
[2010.08.13 21:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2010.08.13 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\WinRAR
[2010.08.13 09:30:05 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.08.12 22:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2010.08.11 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Local\Adobe
[2010.08.11 07:53:33 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\Adobe
[2010.08.11 00:37:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 00:37:32 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.11 00:37:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.08.11 00:37:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.08.11 00:37:05 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.08.11 00:37:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.11 00:37:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.08.11 00:37:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.11 00:37:05 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.08.11 00:37:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.08.11 00:37:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.08.11 00:37:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.08.11 00:37:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.05 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.05 20:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Users\carisma\Desktop\*.tmp files -> C:\Users\carisma\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.26 21:58:59 | 003,932,160 | -HS- | M] () -- C:\Users\carisma\NTUSER.DAT
[2010.08.26 21:56:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\carisma\Desktop\OTL.exe
[2010.08.26 21:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.26 21:23:27 | 000,005,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 21:23:27 | 000,005,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 19:57:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37FB543E-1C95-45F9-A9CA-0F12DD0296F2}.job
[2010.08.26 16:53:23 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.26 16:53:23 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.26 16:53:23 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.26 16:53:23 | 000,122,648 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.26 16:53:23 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.26 15:40:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.26 09:23:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.26 09:23:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.26 09:23:21 | 4285,849,600 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.26 09:22:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.26 09:22:19 | 000,524,288 | -HS- | M] () -- C:\Users\carisma\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.08.26 09:22:19 | 000,065,536 | -HS- | M] () -- C:\Users\carisma\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.08.26 09:22:18 | 002,583,830 | -H-- | M] () -- C:\Users\carisma\AppData\Local\IconCache.db
[2010.08.26 01:13:38 | 063,880,571 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.08.25 21:35:30 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010.08.25 10:22:22 | 000,000,059 | ---- | M] () -- C:\Users\carisma\AppData\Roaming\GoodnightTimer.ini
[2010.08.23 16:03:23 | 000,342,385 | ---- | M] () -- C:\Users\carisma\Documents\HTC-Arvato Anleitung+Anschreiben.pdf
[2010.08.23 15:46:22 | 000,027,136 | ---- | M] () -- C:\Users\carisma\Documents\HTC Garantie.doc
[2010.08.22 22:17:56 | 000,243,712 | ---- | M] () -- C:\Users\carisma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.15 18:35:58 | 000,023,897 | ---- | M] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_USt_2009.pdf
[2010.08.15 18:35:48 | 000,036,055 | ---- | M] () -- C:\Users\carisma\Documents\2.elfo
[2010.08.15 18:34:26 | 000,039,327 | ---- | M] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_ESt_2009_1.pdf
[2010.08.15 18:34:04 | 000,003,808 | ---- | M] () -- C:\Users\carisma\Documents\Komprimierte Steuererklaerung_ESt_2009.pdf
[2010.08.15 18:32:53 | 000,057,531 | ---- | M] () -- C:\Users\carisma\Documents\1.elfo
[2010.08.15 14:55:26 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.15 14:55:16 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.15 14:55:15 | 002,373,712 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.14 14:03:17 | 000,008,993 | -HS- | M] () -- C:\Users\carisma\Desktop\Folder.jpg
[2010.08.14 14:03:17 | 000,002,031 | -HS- | M] () -- C:\Users\carisma\Desktop\AlbumArtSmall.jpg
[2010.08.13 09:22:41 | 000,247,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.10 07:11:11 | 005,772,429 | ---- | M] () -- C:\Users\carisma\Documents\Zen V series manual.pdf
[1 C:\Users\carisma\Desktop\*.tmp files -> C:\Users\carisma\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.25 23:38:59 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.25 23:26:30 | 4285,849,600 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.25 21:35:26 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010.08.23 16:03:23 | 000,342,385 | ---- | C] () -- C:\Users\carisma\Documents\HTC-Arvato Anleitung+Anschreiben.pdf
[2010.08.23 15:46:16 | 000,027,136 | ---- | C] () -- C:\Users\carisma\Documents\HTC Garantie.doc
[2010.08.21 04:01:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.08.17 20:46:46 | 000,195,960 | ---- | C] () -- C:\Users\carisma\Desktop\Schwerpunktstudium incl Biotechnologie-13-01-10.pdf
[2010.08.15 18:37:21 | 000,039,327 | ---- | C] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_ESt_2009_1.pdf
[2010.08.15 18:37:21 | 000,023,897 | ---- | C] () -- C:\Users\carisma\Documents\komprimierte Steuererklaerung_USt_2009.pdf
[2010.08.15 18:33:59 | 000,003,808 | ---- | C] () -- C:\Users\carisma\Documents\Komprimierte Steuererklaerung_ESt_2009.pdf
[2010.08.15 18:28:13 | 000,036,055 | ---- | C] () -- C:\Users\carisma\Documents\2.elfo
[2010.08.15 18:17:08 | 000,057,531 | ---- | C] () -- C:\Users\carisma\Documents\1.elfo
[2010.08.15 17:30:17 | 000,409,502 | ---- | C] () -- C:\Users\carisma\AppData\Local\dd_vcredistMSI5528.txt
[2010.08.15 17:30:16 | 000,011,374 | ---- | C] () -- C:\Users\carisma\AppData\Local\dd_vcredistUI5528.txt
[2010.08.14 14:03:12 | 000,008,993 | -HS- | C] () -- C:\Users\carisma\Desktop\Folder.jpg
[2010.08.14 14:03:12 | 000,002,031 | -HS- | C] () -- C:\Users\carisma\Desktop\AlbumArtSmall.jpg
[2010.08.11 00:37:41 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.08.11 00:37:39 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010.08.11 00:37:37 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010.08.11 00:37:37 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010.08.11 00:37:34 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010.08.11 00:37:27 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.11 00:37:12 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010.08.11 00:37:12 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010.08.11 00:37:10 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010.08.11 00:37:06 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010.08.11 00:37:06 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010.08.11 00:37:06 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010.08.11 00:37:06 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010.08.11 00:37:06 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010.08.11 00:37:05 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010.08.11 00:37:05 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010.08.11 00:37:05 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010.08.11 00:37:05 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010.08.11 00:37:05 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010.08.11 00:37:05 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010.08.11 00:37:05 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010.08.11 00:37:05 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010.08.11 00:37:05 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010.08.11 00:37:05 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010.08.11 00:37:04 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010.08.11 00:37:04 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010.08.11 00:37:04 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.11 00:37:01 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010.08.11 00:36:58 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010.08.10 07:09:48 | 005,772,429 | ---- | C] () -- C:\Users\carisma\Documents\Zen V series manual.pdf
[2010.08.04 00:37:36 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010.03.26 03:35:53 | 000,000,680 | ---- | C] () -- C:\Users\carisma\AppData\Local\d3d9caps.dat
[2010.03.11 17:38:20 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.01.08 02:28:36 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.10.25 00:39:58 | 000,013,846 | ---- | C] () -- C:\Users\carisma\AppData\Local\dd_vcredistUI14CE.txt
[2009.01.28 18:15:27 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.01.15 20:50:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.12 02:12:40 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.12 02:10:54 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.01.11 06:11:35 | 000,000,059 | ---- | C] () -- C:\Users\carisma\AppData\Roaming\GoodnightTimer.ini
[2009.01.11 01:05:31 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.01.11 01:05:31 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.10 19:21:25 | 000,243,712 | ---- | C] () -- C:\Users\carisma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.10 16:59:20 | 000,000,732 | ---- | C] () -- C:\Users\carisma\AppData\Local\d3d9caps64.dat
[2007.09.13 23:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2007.09.13 23:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2004.07.29 01:19:46 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
 
========== LOP Check ==========
 
[2010.08.26 02:03:02 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\90FDCB3FD5D77C447892E331FD7EC42E
[2010.01.29 23:35:28 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\avidemux
[2010.08.05 20:18:40 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.15 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\elsterformular
[2010.02.15 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Facebook
[2010.08.12 22:02:36 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\FileZilla
[2010.06.30 21:16:20 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Hansenet
[2010.08.13 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Mp3tag
[2009.10.25 00:42:10 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\supertuxkart
[2010.06.07 18:44:13 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\TerraTec
[2009.01.11 03:30:00 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Weaverslave
[2010.03.20 15:32:31 | 000,000,000 | ---D | M] -- C:\Users\carisma\AppData\Roaming\Youtube Downloader HD
[2010.08.26 09:22:23 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.26 19:57:01 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37FB543E-1C95-45F9-A9CA-0F12DD0296F2}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0A8E2C33
< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 26.08.2010 21:58:43 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\carisma\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,18 Gb Total Space | 27,12 Gb Free Space | 18,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CARISMA-PC
Current User Name: carisma
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C0 E6 D0 F0 B5 75 C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-798022246-3101898770-1844465478-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe" = C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe" = C:\Users\carisma\Downloads\UUSee 2007 English\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0303F02B-2A71-47F4-8DBA-274DE284C514}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28D7591B-8D33-441D-90B6-41C25A3CBE9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D49BE2C-9342-4C47-80FC-FBBCEAD221A0}" = rport=138 | protocol=17 | dir=out | app=system |
"{524BBF9F-A624-44D5-8E33-08EC0E8E85AC}" = lport=4662 | protocol=6 | dir=in | name=emule |
"{6DA16867-4611-4C35-A88C-718FDBE53872}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A4A0B1F4-3281-4A17-BB27-DB2813824B4B}" = rport=445 | protocol=6 | dir=out | app=system |
"{B91F4FC5-2C87-457F-BA0C-023B21304242}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA680F9C-E4B1-46ED-9C0A-95D494CEEFB1}" = lport=4672 | protocol=17 | dir=in | name=emule |
"{CB69BB51-54D9-495A-8A41-8B9770F18CC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC48B4E3-7CFA-42BB-9137-BD00C9B6DF8A}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDAE9023-293E-4E5A-ACC4-FD6CB839D827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CEE58323-3CA5-467D-94C9-8AA0C3C8AE09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EDFA2FF9-6B73-4CA6-9C73-D3E194BE0915}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9FC8AC9-3A3C-4882-890F-0DA3A5648EAA}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201FFC5-0436-4CDA-A1B1-46063D44654B}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{02560820-1C41-4BA4-960E-4B51358C42F3}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{038D45CD-1756-4524-AFE9-81C92FFCCEE9}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{083AC072-B745-443A-9C4D-6D052829F6A2}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{17849BEF-045E-4F86-922E-44A45DBC55E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{27804793-386B-4A98-9304-21404B8D3343}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{309410D7-805D-46AA-89AA-7DECDF81410E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{31523A84-4BF2-4B42-939A-8F53821C8C2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36DB44F8-FF9E-43CA-8F6A-5E9AFEA3C083}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{40595233-C2B8-44D3-9A0E-FBE86A0364C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{466217C7-701F-472C-ACBE-D84BCE3B4B70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46D57F7B-F25D-4E0B-96B2-A145A06E041E}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{49EAED30-C9F8-4481-A1BF-80B14FC339F3}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{5D3F374B-7F5A-40D9-A6F1-DC970B7034FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6FEAA722-A926-4460-9DFD-42B3BE1F2FA3}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{774FEA87-72F1-476A-8C95-8CE24CAD74D2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{78497D2E-F526-40AC-B369-69EBF5B7D1AB}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{8D01BD93-6888-4FEA-A174-698C7D283218}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{90DF2D5B-0AEF-4722-9243-11DBC4EE7577}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{97ABBCDB-4528-4654-94B0-89A3CF135DBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AC872A40-A9A8-4252-88A2-A38E781A541A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AE64069A-2661-491C-8494-258CC160DCF1}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{C6DCF7B2-B3BC-432B-AEB8-C3ADF7E06CC1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2B6C5FE-1E0D-4CDB-A5DC-CB34E5A636C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F45DAC8A-E0C8-4FF0-8BFA-023CB1C79F82}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{F93FAA98-23FE-4027-9B04-DFF7FA391610}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{1753595C-E3E3-48A4-9EEB-C7C8075320D4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{22D0F94F-DB2E-402B-89E2-E53B6203545C}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{28E7CDB1-0B87-40EB-90CF-3FB28A2A5B0D}F:\emule\emule.exe" = protocol=6 | dir=in | app=f:\emule\emule.exe |
"TCP Query User{2AD8DE3A-4266-4588-8B47-B7CC030B9114}E:\institut\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=e:\institut\fiji.app\fiji-win32.exe |
"TCP Query User{3F183A6D-5F3A-4BA3-94D5-F0FB25A95E3C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{5C283E32-F18E-4ECA-8F99-2F0257DDB8DF}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{5DA0A03D-DC78-43BB-B377-6AE51F2485C3}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{5FE3689A-0C4F-4A62-8BAB-4945518AC0FE}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{60FAB6DE-53C3-47C5-84C6-653D1A1DE5B3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{759CB01C-2A32-4FA1-AC65-4100AF09CCA6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7E725739-5E37-4E06-BD49-321A41D26E1B}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"TCP Query User{89BAA7B5-7366-47F4-9427-1E9875E2770A}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{8F7D3826-4B42-4588-A664-6F56B4F1A411}C:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe |
"TCP Query User{97092A4A-DC09-4966-A5FF-48BCD7D3FB8C}F:\emule\emule.exe" = protocol=6 | dir=in | app=f:\emule\emule.exe |
"TCP Query User{9863B2F9-70C4-44D5-9753-7FD3D1844306}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{9F836239-7EC9-4E96-8C1E-C2CA15934BEE}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"TCP Query User{AE6B2ADD-FEFB-412C-9F1A-5E6E2AA1FDEA}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{B0623A47-808C-430C-A62C-A061F27F12BF}E:\emule\emule.exe" = protocol=6 | dir=in | app=e:\emule\emule.exe |
"TCP Query User{B86E908B-76F3-4F07-B72E-509618D8178C}C:\users\carisma\documents\institut\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\documents\institut\fiji.app\fiji-win32.exe |
"TCP Query User{B93F026F-8BB8-4F6E-AB33-C5A14A11EDA0}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"TCP Query User{BE16EDC0-746F-432C-904F-8C17745880DE}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"TCP Query User{C09145C3-C5CB-40F3-8D66-4160F52A5687}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=6 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"TCP Query User{CA55017C-DFFB-4C46-BB28-503D2CC8370F}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"TCP Query User{D0A665D5-95CE-4EB4-9C35-CA7635C21933}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{F81DC666-F92D-474B-B60C-FA0BB55248A2}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{0466939A-90A5-4ECB-8C62-D6E310D322BC}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"UDP Query User{06ABDA15-D84A-4C22-8376-346E20DA46B9}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{0D7BE5C3-D009-4CE0-A525-DD73191BBE1D}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{13286A44-E252-452E-9333-623588FC3857}E:\institut\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=e:\institut\fiji.app\fiji-win32.exe |
"UDP Query User{1CF138F2-3C09-4F16-846C-79B258C31724}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1FA3068E-5E0F-43AC-9609-869C50CDA009}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{31A92D8A-2283-4BDE-B649-8F61E8588B07}C:\users\carisma\desktop\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\desktop\fiji.app\fiji-win32.exe |
"UDP Query User{34EFC64A-AFCF-4A7A-B4F3-4F95853A4949}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{3F15C443-0604-42AC-8ADD-A67980629FC6}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{499E5B63-6F13-48B3-963A-C830A7494C46}C:\users\carisma\documents\institut\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\documents\institut\fiji.app\fiji-win32.exe |
"UDP Query User{63ADA674-8B18-47CB-8F13-C0FC0C701053}F:\emule\emule.exe" = protocol=17 | dir=in | app=f:\emule\emule.exe |
"UDP Query User{6F2E549E-5195-4754-995F-37B2B7277503}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{711741D7-94F2-44F6-B694-4C5E1A6FE528}C:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\desktop\bscthesis\fiji.app\fiji-win32.exe |
"UDP Query User{A7E5F8AB-34E8-44E7-8A2D-7BEF8B01E214}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"UDP Query User{A8EC7A8A-AAE6-48A5-9403-4C4F44097C93}F:\emule\emule.exe" = protocol=17 | dir=in | app=f:\emule\emule.exe |
"UDP Query User{B466F197-3D57-4028-B1F1-DD9EFF943792}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{BAEC4D57-B0AD-40FB-BB58-223C6C4605BA}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{BC107EB5-8B19-4636-8021-B8CD77F959F2}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{BC781F09-A9E8-4FF2-9CA1-228D4284045D}C:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe" = protocol=17 | dir=in | app=c:\users\carisma\documents\bscthesis\fiji.app\fiji-win32.exe |
"UDP Query User{C0BDD428-B7B5-40BF-8A76-92381B2F3DAD}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C29E0E5B-1A16-49E4-9441-A4647947FC24}E:\emule\emule.exe" = protocol=17 | dir=in | app=e:\emule\emule.exe |
"UDP Query User{C6518C1B-F06E-4A58-839E-8E6013D62284}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
"UDP Query User{D09C4387-7112-4DF8-914D-C4A41D8C4B56}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{F0D07171-9C24-4CE7-A2AB-BC3F0AF591EA}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{F453942A-9E13-49BE-8168-D6A6A7B10861}C:\program files (x86)\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phonerlite\phonerlite.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{3A8386F4-A9CC-4395-B9D2-C7E864260B51}" = Windows Mobile-Gerätecenter: Treiberupdate
"{52784483-7088-4A4C-81E2-808303AD98F5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFA48C6E-A32B-4FC6-8170-4212DDCF7284}" = Microsoft LifeChat
"{F44F6BAB-6988-4E61-A4B2-73E749F56A65}" = Windows Mobile-Gerätecenter
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSet" = Intel(R) Network Connections Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}" = Quake Live Internet Explorer Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice Software" = Alice Software 4.10.0
"AVG8Uninstall" = AVG Free 8.5
"bwin" = bwin Poker (remove only)
"CCleaner" = CCleaner
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ElsterFormular 11.5.0.4546" = ElsterFormular
"eMule" = eMule
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.2.0
"Flash Slideshow Generator_is1" = Flash Slideshow Generator 2.1.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Goodnight Timer_is1" = Goodnight Timer 1.1
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HijackThis" = HijackThis 2.0.2
"IETester" = IETester v0.3.3 (remove only)
"Keycraft" = Keycraft (remove only)
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Mp3tag" = Mp3tag v2.46a
"PhonerLite_is1" = PhonerLite 1.61
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 3.0.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.08.2010 15:32:50 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.08.2010 15:39:13 | Computer Name = carisma-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 25.08.2010 17:28:33 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\AVG\AVG8\avglvea.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.08.2010 17:28:45 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 25.08.2010 19:14:13 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\AVG\AVG8\avglvea.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.08.2010 20:00:25 | Computer Name = carisma-PC | Source = VSS | ID = 8194
Description =
 
Error - 25.08.2010 20:09:06 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\AVG\AVG8\avglvea.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.08.2010 20:09:23 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.08.2010 03:34:03 | Computer Name = carisma-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 26.08.2010 03:34:06 | Computer Name = carisma-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\AVG\AVG8\avglvea.dll".  Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 25.08.2010 17:26:40 | Computer Name = carisma-PC | Source = HTTP | ID = 15016
Description =
 
Error - 25.08.2010 17:28:08 | Computer Name = carisma-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 25.08.2010 17:28:45 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 25.08.2010 17:28:49 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 25.08.2010 20:05:31 | Computer Name = carisma-PC | Source = HTTP | ID = 15016
Description =
 
Error - 25.08.2010 20:09:06 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 25.08.2010 20:09:25 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 26.08.2010 03:23:29 | Computer Name = carisma-PC | Source = HTTP | ID = 15016
Description =
 
Error - 26.08.2010 03:34:09 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 26.08.2010 03:34:12 | Computer Name = carisma-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{A12E1963-74AB-481C-833F-2E591956EA6A} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
 
< End of report >
--- --- ---

coolibri 26.08.2010 21:47
Hallo nochmal,

ich habe nun mein Problem mit den deaktivierten "Ordner- und Suchoptionen" lösen können. Nachdem ich Anti-Malware nach der Bereinigung erneut laufen liess gab es ja noch diesen Eintrag:

Zitat:
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.
Ich wusste nun nicht ob ich daran Änderungen vornehmen sollte, habe dann aber im Netz eine Anleitung zu meinem Problem gefunden und die Datei entfernt. Auf die "Ordner- und Suchoptionen" kann ich nun wieder zugreifen. Naja, vielleicht hilft die Anleitung ja auch anderen Benutzern.

Ich glaube, dass mein System nun eigentlich "sauber" sein dürfte, wäre aber trotzdem nett wenn ihr noch einmal in die Logs schaut und mir ggfs. noch andere Scan-Software empfehlen könntet.

Hier die Anleitung:
Zitat:
Malware often drops itself as a hidden file and then disables the Folder Options menu in Windows Explorer so you can't change the settings to view hidden files and folders. If you are unable to access the Tools | Folder Options in Windows Explorer, here's how to modify the registry to regain access to the Folder Options menu.

1. Click Start

2. Click Run

3. Type REGEDIT

4. Click OK
The Registry Editor will now open

5. Browse to the following key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Note: HKCU stands for HKEY_CURRENT_USER

6. In the right pane, look for the value: NoFolderOptions

7. Right click NoFolderOptions and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

8. Now browse to the following key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Note: HKLM stands for HKEY_LOCAL_MACHINE

9. In the right pane, look for the value: NoFolderOptions

10. Right click NoFolderOptions and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

11. Close the Registry by choosing File | Exit

12. You should now be able to access the Folder Options menu. If not, reboot into Safe Mode and repeat the steps outlined above.
Reboot tut gut :)

cosinus 27.08.2010 08:52
Zitat:
Ich wusste nun nicht ob ich daran Änderungen vornehmen sollte, habe dann aber im Netz eine Anleitung zu meinem Problem gefunden und die Datei entfernt. Auf die "Ordner- und Suchoptionen" kann ich nun wieder zugreifen. Naja, vielleicht hilft die Anleitung ja auch anderen Benutzern.
Deswegen steht bei der Anleitung von Malwarebytes ja auch extra nochmal, dass man wirklich alle Funde entfernen soll.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131