![]() |
|
Log-Analyse und Auswertung: pc sauber nach flacor.dat?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() pc sauber nach flacor.dat? hallo,ich hatte bis vor kurzem den besagten virus und hab ihn mit Malwarebytes entfernt Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4385 Windows 6.0.6000 Internet Explorer 8.0.6001.18882 03.08.2010 16:11:49 mbam-log-2010-08-03 (16-11-49).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 180317 Laufzeit: 6 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully. nach einem neustart kam die meldung das das angegebene modul flacor.dat nicht gefuden werden könne,diese nachricht konnte ich mit dem CCleaner entfernen nun das malwarebytes-log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4385 Windows 6.0.6000 Internet Explorer 8.0.6001.18882 03.08.2010 16:38:43 mbam-log-2010-08-03 (16-38-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 179828 Laufzeit: 6 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und die rsit-files info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-03 16:49:14 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1 Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001} Allods Online 1.0.04.22-->C:\gPotato.eu\Allods Online\uninst.exe Amazon Toolbar-->regsvr32 /u /s "C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll" Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} ArchLord-->"C:\Users\Public\Downloads\Webzen\ArchLord\unins000.exe" ArcSoft Camera Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE6F8DC5-8639- 4E7F-A0FE-EEB0522FCAAC}\Setup.exe" -l0x7 Ashampoo Magical Snap FREE-->"C:\Program Files\Ashampoo\Ashampoo Magical Snap FREE\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Big Fish Games Center (remove only)-->C:\Big Fish Games\Uninstall.exe Big Fish Games Sudoku (remove only)-->C:\Big Fish Games\Sudoku\Uninstall.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Bounty Bay Online-->"C:\Program Files\Yusho Frogster Games\Bounty Bay Online\unins000.exe" Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407 CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} Chrome SpecForce-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5233A5FC-F083-4317-96F8-58FBB4020B3A} /l1031 /Z"UNINSTALL" Cradle of Rome (remove only)-->C:\Big Fish Games\Cradle of Rome\Uninstall.exe Die Gilde 2 - Gold Edition-->C:\Program Files\Die Gilde 2 - Gold Edition\uninstall.exe Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x7 -removeonly EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x7 -UnInstall EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x7 UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x7 UNINST EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7} flatster-->"C:\Program Files\flatster\unins000.exe" Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe" FreePDF (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall GPL Ghostscript 8.70-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.70\uninstal.txt" Guild 2 Patch-->MsiExec.exe /I{E9E09EAA-0FF8-42A1-ACAB-67F2A691E50F} Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984- 5EB1-4881-8EDB-082532ACEC6D}\Setup.exe" -l0x7 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD- 4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5} Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000} KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} LastChaosGER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99A37AC7-E724-4621-B167-500B5A52B69C}\setup.exe" -l0x9 -removeonly Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 -removeonly Luxor Amun Rising (remove only)-->C:\Big Fish Games\Luxor Amun Rising\Uninstall.exe Mahjong Towers Eternity EU (remove only)-->C:\Big Fish Games\Mahjong Towers Eternity EU\Uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18} Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} MindManager X5 Viewer-->MsiExec.exe /I{C4BB8237-3778-4DA8-9843-2410618F6748} Mozilla Firefox (3.6.8)-->C:\ProgramData\uninstall\helper.exe Mozilla Thunderbird (3.0.4)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0- 98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9 Mystery Case Files - Prime Suspects (remove only)-->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe NAVIGON Fresh 2.0.0-->C:\Program Files\NAVIGON\NAVIGON Fresh\uninst.exe Nero 8 Essentials-->MsiExec.exe /X{6803A6E6-48FF-48AB-B558-7B651BBE1031} NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93} NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B} OpenAL-->"C:\Program Files\OpenAL\Oalinst.exe" /U phonostar-Player Version 2.01.2-->"C:\Program Files\phonostar\unins000.exe" PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD -B1F1-0C86DA40E443}\SETUP.EXE" -l0x7 anything PixiePack Codec Pack-->MsiExec.exe /I{9C450606-ED24-4958-92BA-B8940C99D441} Poker Superstars II (remove only)-->C:\Big Fish Games\Poker Superstars II\Uninstall.exe PrintParade Studio-->C:\PROGRA~1\PRINTP~1\UNWISE.EXE C:\PROGRA~1\PRINTP~1\INSTALL.LOG PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A} QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Rakion International-->"C:\Program Files\Softnyx\RakionIS\unins000.exe" Rappelz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01A8838A-9469 -425F-A5FB-FC14D4CF93B9}\setup.exe" -l0x7 -removeonly RealPopup-->"C:\Program Files\RealPopup\unins000.exe" Recovery Toolbox for RAR 1.1-->"C:\Program Files\Recovery Toolbox for RAR\unins000.exe" Redmark Vereinsverwaltung easy-->MsiExec.exe /I{06A75F9F-BB8B-4548-93F8-621A183536D2} RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe Runes of Magic-->"C:\ONLINE-GAMES\Runes_of_Magic\Runes of Magic\unins000.exe" SA32xx Device Manager-->C:\Program Files\InstallShield Installation Information\{7CDC26F7-D6BF-442A-B599-0075A48310F7}\setup.exe -runfromtemp -l0x0007 -removeonly SA32xx Media Converter-->C:\Program Files\InstallShield Installation Information\{D57ACD92-6A27-43BB-B3AE-894930940D41}\setup.exe -runfromtemp -l0x0007 -removeonly SAMSUNG Android USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\Shrewsbury\SSADUninstall.exe SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Modem V2 Software-->C:\Windows\system32\Samsung_USB_Drivers\3_6810\SSCEUninstall.exe Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Download Driver Software-->C:\Windows\system32\Samsung_USB_Drivers\NXP_Driver\SSDUUninstall.exe SAMSUNG Mobile USB Driver-->MsiExec.exe /I{7184F382-8A6C-4B85-A3AC-B63734B1E241} SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe Samsung Mobile USB Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7_681B\SECUUninstall.exe SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0407 -removeonly Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A} SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910- 4441-A3E5-EB6977251C86}\Setup.exe" anything SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8- 59C64DF5C6DB} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF- BC9B4E4F3F46} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A- 6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB} Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A} Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Synkron 1.6.1-->"C:\Program Files\Synkron\unins000.exe" TeamDrive-->MsiExec.exe /X{1E7FDC95-FD1D-4552-8AE0-FEBD8BE44514} TeamDrive-->MsiExec.exe /X{42FDC670-AF90-45F6-9B39-6930DF79502C} TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" TIPP10 Version 2.0.1-->"C:\Users\Timo\Downloads\Tipp10\unins000.exe" TMPGEnc DVD Author 3 with DivX Authoring-->MsiExec.exe /I{26771121-732D-481F-BDDB-F965E7983BE8} Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Ulead VideoStudio SE DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\Setup.exe" -l0x7 Unlocker 1.8.9-->C:\Program Files\Unlocker\uninst.exe Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7} Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B- 3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} USB2.0 Capture Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E337B156-DF81-48D8-8977-B1574EE87BCF}\Setup.exe" -l0x7 Vereinsverwaltung easy 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C97A5CA- A130-4988-9FAA-273632ED4CBF}\Setup.exe" VideoCam Suite 2.0-->C:\Program Files\InstallShield Installation Information\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}\setup.exe -runfromtemp -l0x0007 -removeonly VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe Virtual Villagers (remove only)-->C:\Big Fish Games\Virtual Villagers\Uninstall.exe VirtualCom driver-->MsiExec.exe /I{1943A043-5C85-4A16-A0D0-D687B2C1A40F} Webzen Game Starter-->"C:\Program Files\InstallShield Installation Information\{255FC1CF-2620-4B64-BE02-79B9E609BB3D}\setup.exe" -runfromtemp -l0x0009 -removeonly WER WIRD MILLIONÄR - JUNIOR-->MsiExec.exe /I{18B0210F-7B11-45C4-9F9D-5366D7160AB0} Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60} Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\1E28F12B7828B817\DPInst.exe /u C:\Windows\System32 \DriverStore\FileRepository\mbtmdm.inf_afb0631d\mbtmdm.inf WinRAR-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: AntiVir Desktop AS: AntiVir Desktop AS: Windows-Defender ======System event log====== Computer Name: *** Event Code: 7036 Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt". Record Number: 185766 Source Name: Service Control Manager Time Written: 20100803144340.000000-000 Event Type: Informationen User: Computer Name: *** Event Code: 10029 Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Record Number: 185767 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20100803144449.000000-000 Event Type: Informationen User: Computer Name: *** Event Code: 7036 Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt". Record Number: 185768 Source Name: Service Control Manager Time Written: 20100803144449.000000-000 Event Type: Informationen User: Computer Name: *** Event Code: 4 Message: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. Record Number: 185769 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20100803144503.000000-000 Event Type: Warnung User: Computer Name: *** Event Code: 4 Message: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr verfügbar ist. Record Number: 185770 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20100803144503.000000-000 Event Type: Warnung User: =====Application event log===== Computer Name: *** Event Code: 4096 Message: Der AntiVir Dienst wurde erfolgreich gestartet! Record Number: 185256 Source Name: Avira AntiVir Time Written: 20100803144115.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: *** Event Code: 4354 Message: Das COM+-Ereignissystem konnte die ConnectionMadeNoQOCInfo-Methode für das Abonnement {C708F205-D87A-4FFC-A3DF-0DBC4627902E}-{00000000-0000-0000-0000- 000000000000}-{00000000-0000-0000-0000-000000000000} nicht auslösen. Das vom Abonnenten zurückgegebene HRESULT war 80040210. Record Number: 185257 Source Name: Microsoft-Windows-EventSystem Time Written: 20100803144119.000000-000 Event Type: Warnung User: Computer Name: *** Event Code: 1 Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet. Record Number: 185258 Source Name: Microsoft-Windows-CertificateServicesClient Time Written: 20100803144208.180256-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: *** Event Code: 11 Message: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Record Number: 185259 Source Name: Microsoft-Windows-CAPI2 Time Written: 20100803144318.000000-000 Event Type: Fehler User: Computer Name: *** Event Code: 1 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 185260 Source Name: SecurityCenter Time Written: 20100803144318.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: *** Event Code: 4624 Message: Ein Konto wurde erfolgreich angemeldet. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: ***$ Kontodomäne: MSHEIMNETZ Anmelde-ID: 0x3e7 Anmeldetyp: 2 Neue Anmeldung: Sicherheits-ID: S-1-5-21-152039969-3448965500-3346611246-1000 Kontoname: *** Kontodomäne: *** Anmelde-ID: 0x56580c Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Prozessinformationen: Prozess-ID: 0xfd0 Prozessname: C:\Windows\System32\consent.exe Netzwerkinformationen: Arbeitsstationsname: *** Quellnetzwerkadresse: ::1 Quellport: 0 Detaillierte Authentifizierungsinformationen: Anmeldeprozess: CredPro Authentifizierungspaket: Negotiate Übertragene Dienste: - Paketname (nur NTLM): - Schlüssellänge: 0 Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde. Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe". Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk). Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto. Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben. Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung. - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren. - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren. - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an. - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0. Record Number: 185864 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100709181649.118886-000 Event Type: Überwachung erfolgreich User: Computer Name: *** Event Code: 4672 Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen. Antragsteller: Sicherheits-ID: S-1-5-21-152039969-3448965500-3346611246-1000 Kontoname: *** Kontodomäne: *** Anmelde-ID: 0x5657ff Berechtigungen: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege Record Number: 185865 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100709181649.118886-000 Event Type: Überwachung erfolgreich User: Computer Name: *** Event Code: 4634 Message: Ein Konto wurde abgemeldet. Antragsteller: Sicherheits-ID: S-1-5-21-152039969-3448965500-3346611246-1000 Kontoname: *** Kontodomäne: *** Anmelde-ID: 0x56580c Anmeldetyp: 2 Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig. Record Number: 185866 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100709181649.119863-000 Event Type: Überwachung erfolgreich User: Computer Name: *** Event Code: 4634 Message: Ein Konto wurde abgemeldet. Antragsteller: Sicherheits-ID: S-1-5-21-152039969-3448965500-3346611246-1000 Kontoname: *** Kontodomäne: *** Anmelde-ID: 0x5657ff Anmeldetyp: 2 Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig. Record Number: 185867 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100709181656.960181-000 Event Type: Überwachung erfolgreich User: Computer Name: *** Event Code: 4648 Message: Anmeldeversuch mit expliziten Anmeldeinformationen. Antragsteller: Sicherheits-ID: S-1-5-18 Kontoname: ***$ Kontodomäne: MSHEIMNETZ Anmelde-ID: 0x3e7 Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Konto, dessen Anmeldeinformationen verwendet wurden: Kontoname: *** Kontodomäne: *** Anmelde-GUID: {00000000-0000-0000-0000-000000000000} Zielserver: Zielservername: localhost Weitere Informationen: localhost Prozessinformationen: Prozess-ID: 0x2ac Prozessname: C:\Windows\System32\consent.exe Netzwerkinformationen: Netzwerkadresse: ::1 Port: 0 Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch- Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird. Record Number: 185868 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100709181848.866105-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=4 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0f0b "QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% -----------------EOF----------------- und RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-08-03 16:49:11 Microsoft® Windows Vista™ Home Premium System drive C: has 55 GB (18%) free of 311 GB Total RAM: 2047 MB (46% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:49:12, on 03.08.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\FreePDF_XP\fpassist.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Desktop\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: TBSB04045 - {C6BFC16B-D6FF-47EB-B5D7-F91FB78F94CE} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O3 - Toolbar: Amazon Toolbar - {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-152039969-3448965500-3346611246-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '***') O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe O4 - Startup: TeamDrive2.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - h**p://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - h**p://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9858 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{7080964A-3D96-4116-B628-6587E344B0DA}.job C:\Windows\tasks\User_Feed_Synchronization-{91E93BC7-8B5E-4332-A553-6EF5D16A122C}.job C:\Windows\tasks\User_Feed_Synchronization-{A85ED906-5250-4E4F-AE1B-4A97B4CABF5C}.job C:\Windows\tasks\User_Feed_Synchronization-{B6D6128A-3CF1-406B-9062-A041A5B2944C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6BFC16B-D6FF-47EB-B5D7-F91FB78F94CE}] TBSB04045 Class - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll [2008-04-14 2433024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2009-05-23 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - Amazon Toolbar - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll [2008-04-14 2433024] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-10-22 1006264] "RtHDVCpl"=RtHDVCpl.exe [] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "Skytel"=Skytel.exe [] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920] "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "NPSStartup"= [] "FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2009-09-05 385024] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-10 1232896] "ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-10-01 107864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer\Application\DataLayer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe [2002-09-11 401408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe [2009-05-13 126976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe [2002-05-23 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk] C:\PROGRA~1\PANASO~1\VIDEOC~1\VIDEOC~2.EXE [2009-02-17 185688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe TeamDrive2.lnk - C:\Program Files\TeamDrive2.0\bin\TeamDrive2.exe [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-03 16:49:10 ----D---- C:\rsit 2010-08-03 16:43:23 ----D---- C:\Program Files\trend micro 2010-08-03 16:03:38 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-08-03 16:03:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-03 16:03:20 ----D---- C:\ProgramData\Malwarebytes 2010-08-03 16:03:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-03 16:03:20 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-01 15:57:16 ----D---- C:\Program Files\ESET 2010-08-01 15:28:50 ----D---- C:\Windows\BDOSCAN8 2010-07-25 12:51:06 ----D---- C:\ProgramData\updates 2010-07-24 18:20:18 ----D---- C:\ProgramData\NOS 2010-07-24 18:20:18 ----D---- C:\Program Files\NOS 2010-07-08 18:24:42 ----D---- C:\ProgramData\searchplugins 2010-07-08 16:57:33 ----D---- C:\Users\***\AppData\Roaming\gamigo 2010-07-08 16:56:06 ----D---- C:\Users\***\AppData\Roaming\Martial Empires Luancher OBT 2010-07-08 16:56:06 ----D---- C:\Users\***\AppData\Roaming\launcher 2010-07-08 16:44:45 ----D---- C:\Gamigo 2010-07-04 11:16:59 ----SHD---- C:\Config.Msi ======List of files/folders modified in the last 1 months====== 2010-08-03 16:49:09 ----D---- C:\Windows\Temp 2010-08-03 16:43:34 ----D---- C:\Windows\Prefetch 2010-08-03 16:43:23 ----RD---- C:\Program Files 2010-08-03 16:13:56 ----D---- C:\Windows\system32\drivers 2010-08-03 16:13:56 ----D---- C:\Windows\schemas 2010-08-03 16:03:20 ----HD---- C:\ProgramData 2010-08-03 16:01:18 ----D---- C:\Windows\tracing 2010-08-03 15:50:37 ----D---- C:\Windows\Minidump 2010-08-03 15:50:37 ----D---- C:\Windows\Debug 2010-08-03 15:50:37 ----D---- C:\Windows 2010-08-03 15:46:16 ----D---- C:\Program Files\CCleaner 2010-08-03 15:34:59 ----SHD---- C:\System Volume Information 2010-08-03 15:28:45 ----D---- C:\Windows\system32\catroot2 2010-08-02 21:44:31 ----D---- C:\Windows\System32 2010-08-02 21:44:31 ----D---- C:\Windows\inf 2010-08-02 21:44:31 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-02 11:26:05 ----D---- C:\Downloads 2010-08-01 15:57:19 ----SD---- C:\Windows\Downloaded Program Files 2010-07-29 13:40:36 ----D---- C:\ProgramData\uninstall 2010-07-29 13:40:33 ----D---- C:\ProgramData\res 2010-07-29 13:40:33 ----D---- C:\ProgramData\plugins 2010-07-29 13:40:33 ----D---- C:\ProgramData\modules 2010-07-29 13:40:33 ----D---- C:\ProgramData\greprefs 2010-07-29 13:40:33 ----D---- C:\ProgramData\components 2010-07-29 13:40:33 ----D---- C:\ProgramData\chrome 2010-07-29 13:40:33 ----A---- C:\ProgramData\xul.dll 2010-07-29 13:40:29 ----A---- C:\ProgramData\xpcom.dll 2010-07-29 13:40:29 ----A---- C:\ProgramData\updater.ini 2010-07-29 13:40:29 ----A---- C:\ProgramData\updater.exe 2010-07-29 13:40:29 ----A---- C:\ProgramData\ssl3.dll 2010-07-29 13:40:29 ----A---- C:\ProgramData\sqlite3.dll 2010-07-29 13:40:28 ----A---- C:\ProgramData\softokn3.dll 2010-07-29 13:40:28 ----A---- C:\ProgramData\smime3.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\plugin-container.exe 2010-07-29 13:40:26 ----A---- C:\ProgramData\plds4.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\plc4.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\platform.ini 2010-07-29 13:40:26 ----A---- C:\ProgramData\nssutil3.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\nssdbm3.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\nssckbi.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\nss3.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\nspr4.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\mozcrt19.dll 2010-07-29 13:40:26 ----A---- C:\ProgramData\mozcpp19.dll 2010-07-29 13:40:25 ----A---- C:\ProgramData\js3250.dll 2010-07-29 13:40:25 ----A---- C:\ProgramData\freebl3.dll 2010-07-29 13:40:25 ----A---- C:\ProgramData\firefox.exe 2010-07-29 13:40:24 ----A---- C:\ProgramData\crashreporter-override.ini 2010-07-29 13:40:24 ----A---- C:\ProgramData\crashreporter.ini 2010-07-29 13:40:24 ----A---- C:\ProgramData\crashreporter.exe 2010-07-29 13:40:21 ----A---- C:\ProgramData\README.txt 2010-07-29 13:40:21 ----A---- C:\ProgramData\application.ini 2010-07-29 13:40:21 ----A---- C:\ProgramData\AccessibleMarshal.dll 2010-07-26 14:20:06 ----D---- C:\Windows\rescache 2010-07-26 12:05:08 ----D---- C:\Windows\ShellNew 2010-07-26 11:20:22 ----D---- C:\Windows\winsxs 2010-07-25 12:23:25 ----SD---- C:\ProgramData\Microsoft 2010-07-07 17:23:41 ----SHD---- C:\$Recycle.Bin 2010-07-07 17:23:25 ----RD---- C:\Users 2010-07-05 20:48:49 ----D---- C:\Users\***\AppData\Roaming\TeamDrive 2010-07-04 11:17:28 ----SHD---- C:\Windows\Installer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-13 691696] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-12-15 5632] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-08-04 278728] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-08-04 25416] R2 RMCAST;RMCAST (Pgm)-Protokolltreiber; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-09-21 36608] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-10-22 82688] S3 ayhxfym0;ayhxfym0; C:\Windows\system32\drivers\ayhxfym0.sys [] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248] S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [] S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 SQTECH905C;DualCamera; C:\Windows\System32\Drivers\Capt905c.sys [2006-01-26 34686] S3 StkAMini;Syntek STK1150; C:\Windows\System32\Drivers\StkAMini.sys [2006-09-27 241628] S3 StkScan;Syntek STK1150 Filter Driver; C:\Windows\System32\Drivers\StkScan.sys [2006-08-02 4772] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 XDva352;XDva352; \??\C:\Windows\system32\XDva352.sys [] S3 XDva356;XDva356; \??\C:\Windows\system32\XDva356.sys [] S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616] S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112] S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\system32\bgsvcgen.exe [2007-06-15 145504] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-10-01 238952] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-05-18 66872] R2 SQLBrowser;SQL Server-Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904] R2 StkASSrv;Syntek STK1150 Service; C:\Windows\System32\StkASv2K.exe [2006-05-24 24576] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-07-20 121360] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-16 382248] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-12-16 3453712] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016] S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] -----------------EOF----------------- und ich wollte nun wissen ob mein pc sauber ist |
Themen zu pc sauber nach flacor.dat? |
abonnement, antivir, antivir guard, avgntflt.sys, bho, browser, c:\windows\system32\rundll32.exe, desktop, excel, fehler, firefox, flacor.dat, flash player, hdaudio.sys, hijack, hijackthis, home premium, hotfix.exe, iastor.sys, installation, locker, logfile, msiexec, msiexec.exe, mssql, notepad.exe, nvlddmkm.sys, object, office 2007, programdata, realtek, registry, rundll, senden, server, services.exe, software, sptd.sys, staropen, start menu, svchost.exe, system, trustedinstaller, uleadburninghelper, usb, virus, vlc media player, windows-sicherheitscenterdienst, wscript.exe |