Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Schlachtenmusik-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.08.2010, 19:22   #1
TsKraft
 
Schlachtenmusik-Virus - Standard

Schlachtenmusik-Virus



Hallo,

ich habe das gleiche Problem wie im Thread 88827-musik-aus-dem-off-offenbar-trojaner.html
Zu unbestimmten Zeitpunkten kommt aus dem Lautsprecher eine etwa 15 Sekunden lange Musik, die an eine Schlacht erinnert. Weiter unten die Logs von Malwarebytes und Rsit. Zuvor noch folgende Beobachtung: Ich habe mit mbrcheck gescannt, er sagte "Whistler Black Internet", konnte jedoch den MBR nicht von der Infektion befreien. Vielen Dank im Voraus für Eure Mithilfe! Hier die Logs von Malwarebytes, Rsit und Mbrcheck:

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4386

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

03.08.2010 19:58:17
mbam-log-2010-08-03 (19-58-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135589
Laufzeit: 5 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)





Rsit-Log:
RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by Caspian Europe GmbH at 2010-08-03 20:05:03
Microsoft® Windows Vista™ Business  Service Pack 1
System drive C: has 154 GB (68%) free of 226 GB
Total RAM: 3581 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:05:12, on 03.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\system32\conime.exe
C:\Users\Caspian Europe GmbH\Desktop\MBRCheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Caspian Europe GmbH\Desktop\musikvirus\RSIT.exe
C:\Program Files\trend micro\Caspian Europe GmbH.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 Dienst (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11951 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-02-02 36864]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-14 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-14 8433664]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-14 81920]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-06-14 67584]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-10-03 4378000]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-10-03 962480]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-10-03 165144]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-11-12 1122304]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2008-08-12 114688]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-02-04 548864]
"GW Port Controller"=C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE [2006-12-14 163840]
"Cobian Backup 9 interface"=C:\Program Files\Cobian Backup 9\cbInterface.exe [2009-01-22 2749952]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2010-06-15 4398016]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-11-21 3293184]
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\Caspian Europe GmbH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-03 20:05:03 ----D---- C:\rsit
2010-08-03 20:05:03 ----D---- C:\Program Files\trend micro
2010-08-03 19:51:44 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\Malwarebytes
2010-08-03 19:51:35 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-03 19:51:34 ----D---- C:\ProgramData\Malwarebytes
2010-08-03 19:51:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-03 19:51:34 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-03 19:45:38 ----D---- C:\Program Files\ERUNT
2010-08-03 19:33:33 ----D---- C:\Program Files\QS
2010-08-03 19:24:29 ----D---- C:\Windows\temp
2010-08-03 19:24:27 ----A---- C:\ComboFix.txt
2010-08-03 19:23:48 ----SHD---- C:\$RECYCLE.BIN
2010-08-03 19:16:13 ----A---- C:\Windows\zip.exe
2010-08-03 19:16:13 ----A---- C:\Windows\SWSC.exe
2010-08-03 19:16:13 ----A---- C:\Windows\SWREG.exe
2010-08-03 19:16:13 ----A---- C:\Windows\sed.exe
2010-08-03 19:16:13 ----A---- C:\Windows\PEV.exe
2010-08-03 19:16:13 ----A---- C:\Windows\NIRCMD.exe
2010-08-03 19:16:13 ----A---- C:\Windows\MBR.exe
2010-08-03 19:16:13 ----A---- C:\Windows\grep.exe
2010-08-03 19:16:07 ----D---- C:\C7o6m5b4oFix
2010-08-03 19:15:12 ----A---- C:\Windows\SWXCACLS.exe
2010-08-03 19:14:39 ----D---- C:\Windows\ERDNT
2010-08-03 19:03:29 ----D---- C:\Qoobox
2010-08-03 09:21:10 ----A---- C:\Program Files\showmypc.exe
2010-07-30 08:39:42 ----D---- C:\ProgramData\Sun
2010-07-30 08:39:42 ----D---- C:\Program Files\Common Files\Java
2010-07-30 08:39:32 ----A---- C:\Windows\system32\javaws.exe
2010-07-30 08:39:32 ----A---- C:\Windows\system32\javaw.exe
2010-07-30 08:39:32 ----A---- C:\Windows\system32\java.exe
2010-07-30 08:39:32 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-11 18:06:49 ----D---- C:\Program Files\DVDVideoSoftTB
2010-07-11 18:04:29 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers
2010-07-11 18:04:16 ----D---- C:\Program Files\DVDVideoSoft
2010-07-11 18:04:16 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-07-11 18:02:22 ----A---- C:\Program Files\FreeYouTubeToMp3Converter.exe

======List of files/folders modified in the last 1 months======

2010-08-03 20:05:03 ----D---- C:\Program Files
2010-08-03 20:02:36 ----D---- C:\Windows
2010-08-03 19:51:35 ----D---- C:\Windows\system32\drivers
2010-08-03 19:51:34 ----D---- C:\ProgramData
2010-08-03 19:40:35 ----D---- C:\Program Files\CCleaner
2010-08-03 19:40:20 ----D---- C:\Windows\Prefetch
2010-08-03 19:22:37 ----A---- C:\Windows\system.ini
2010-08-03 19:20:26 ----D---- C:\Windows\System32
2010-08-03 19:20:26 ----D---- C:\Windows\AppPatch
2010-08-03 19:20:25 ----D---- C:\Program Files\Common Files
2010-08-03 13:47:42 ----A---- C:\Windows\BRWMARK.INI
2010-08-03 10:12:47 ----D---- C:\Windows\Minidump
2010-08-02 23:31:59 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\Skype
2010-08-02 22:25:00 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\vlc
2010-08-02 22:00:13 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\skypePM
2010-07-30 08:39:42 ----SHD---- C:\Windows\Installer
2010-07-30 08:39:30 ----D---- C:\Program Files\Java
2010-07-30 08:39:27 ----SHD---- C:\System Volume Information
2010-07-28 20:10:18 ----D---- C:\Program Files\Mozilla Firefox
2010-07-28 14:41:49 ----D---- C:\Windows\system32\config
2010-07-26 20:12:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-26 20:12:16 ----D---- C:\Windows\inf
2010-07-24 15:03:18 ----D---- C:\D S L
2010-07-24 11:22:15 ----D---- C:\Windows\system32\catroot2
2010-07-05 23:07:22 ----A---- C:\Windows\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 snapman380;Acronis Snapshots Manager (Build 380); C:\Windows\system32\DRIVERS\snman380.sys [2009-09-24 134272]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140); C:\Windows\system32\DRIVERS\tdrpm140.sys [2009-09-24 971168]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-09-24 540000]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-11-10 5120]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-09-24 44704]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-06-09 106432]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 2226688]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-14 7110880]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-03-20 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656]
R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2006-09-05 41984]
S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\Windows\system32\DRIVERS\ax88772.sys [2007-01-20 28672]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 catchme;catchme; \??\C:\Users\CASPIA~1\AppData\Local\Temp\catchme.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-16 41472]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-10-03 554264]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 CobianBackupAmanita;Cobian Backup 9 Dienst; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-14 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Samsung UPD Service;Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [2009-03-24 127656]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S4 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S4 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]

-----------------EOF-----------------
         
--- --- ---



Rsit-Info:
info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.08 2010-08-03 20:05:14

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2547E065-D92D-11D6-8586-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{333D93A7-505C-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{501F5586-5040-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94854D4-505E-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9485541-505E-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94855AD-505E-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E226D4BA-4FAD-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
Acronis*True*Image*Home-->MsiExec.exe /X{37C8899D-FD70-481F-94AA-1F1B08765E22}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Ashampoo Photo Commander 7.31-->"C:\Program Files\Ashampoo\Ashampoo Photo Commander 7\unins000.exe"
Audiograbber 1.83 SE -->"C:\Program Files\Audiograbber\Uninstall.exe"
Audiograbber Lame-MP3-Plugin-->"C:\Program Files\Audiograbber\Lame-Uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bengal Special-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_OxxoBengalCB.log"
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
BrainSpeeder 3.2.105 -->C:\Windows\uninstall\BrainSpeeder\setup.exe
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Brother MFC-8880DN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E3B1A1-476D-4406-8EA5-443B3F811D75}\setup.exe" -l0x7  -removeonly /uninst 
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{004B8D14-7E3A-490A-ABB3-753535E169E3}\Setup.exe"  -runfromtemp -l0x0007 Brunin03.dll -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DEUTSCHLAND SPIELT GAME CENTER-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" UInstAllGPAndDS
Die Wiege Roms-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_AwemDieWiegeRomsTrial.log"
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE   /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG  
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Free Audio CD Burner version 1.3-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.125\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Laptop Integrated Webcam Driver (1.00.10.0320)  -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MyAshampoo Toolbar-->C:\PROGRA~1\MYASHA~1\UNWISE.EXE   /U C:\PROGRA~1\MYASHA~1\INSTALL.LOG  
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="1M03-0183-W75T-9654-9441-XEL6-U21P-PPUC"
Nero BackItUp and Burn-->MsiExec.exe /X{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}
Nero BurnRights-->MsiExec.exe /X{397516AE-7DFE-4F90-84E0-BD616D559434}
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero Express-->MsiExec.exe /X{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero RescueAgent-->MsiExec.exe /X{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}
Nokia Ovi Suite-->C:\ProgramData\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
Nokia Ovi Suite-->MsiExec.exe /X{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}
Nokia PC Suite-->C:\ProgramData\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ger.exe
Nokia PC Suite-->MsiExec.exe /I{19DC9559-9C20-4A46-A67D-7ECBA52A2788}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
Ovi Desktop Sync Engine-->MsiExec.exe /X{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}
OviMPlatform-->MsiExec.exe /I{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PC Connectivity Solution-->MsiExec.exe /I{7397EDED-F38A-4654-B669-BF61065803D0}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.1-->MsiExec.exe /X{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x7 anything
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung SCX-5x15 Series - TWAIN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97070C44-7B20-4AB6-8770-A1ABE370F63B}\Setup.exe" -l0x7 
Samsung SCX-5x15 Series PCL 6-->C:\Program Files\SAMSUNG\Samsung SCX-5x15 Series PCL 6\Install\Setup.exe /R
Samsung Universal Print Driver-->C:\Program Files\Samsung\Samsung Universal Print Driver\Install\Setup.exe /R
ScanSoft PaperPort 11-->MsiExec.exe /I{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmarThru-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CE06390-46D0-11D6-8578-006008CA5356}\Setup.exe" -l0x7 uninstall -l0007
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: CaspianEurop-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 159553
Source Name: Service Control Manager
Time Written: 20100803174713.000000-000
Event Type: Informationen
User: 

Computer Name: CaspianEurop-PC
Event Code: 3004
Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.
 Weitere Informationen finden Sie im Folgenden:
Nicht zutreffend
 	Scan-ID: {40060143-8FCF-4904-AF2A-471A3DEEF327}
  	Benutzer: CaspianEurop-PC\Caspian Europe GmbH
 	Name: Unknown
 	ID: 
 	Schweregrad-ID: 
 	Kategorie-ID: 
 	Gefundener Pfad: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware;runonce:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware;file:C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
 	Warnungsart: Nicht klassifizierte Software
 	Feststellungstyp:  
Record Number: 159554
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175140.000000-000
Event Type: Warnung
User: 

Computer Name: CaspianEurop-PC
Event Code: 3005
Message: Zum Schutz dieses Computers vor Spyware und möglicherweise unerwünschter Software wurden vom Windows-Defender-Echtzeitschutz-Agent Maßnahmen ergriffen.
 Weitere Informationen finden Sie hier:
Nicht zutreffend
 	Scan-ID: {40060143-8FCF-4904-AF2A-471A3DEEF327}
  	Benutzer: CaspianEurop-PC\Caspian Europe GmbH
 	Name: Unknown
 	ID: 
 	Schweregrad-ID: 
 	Kategorie-ID: 
 	Warnungsart: Nicht klassifizierte Software
 	Aktion: Ignorieren
Record Number: 159555
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175140.000000-000
Event Type: Informationen
User: 

Computer Name: CaspianEurop-PC
Event Code: 3004
Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.
 Weitere Informationen finden Sie im Folgenden:
Nicht zutreffend
 	Scan-ID: {D4CB7833-6827-4F5A-B4E0-6898DDD6314C}
  	Benutzer: CaspianEurop-PC\Caspian Europe GmbH
 	Name: Unknown
 	ID: 
 	Schweregrad-ID: 
 	Kategorie-ID: 
 	Gefundener Pfad: driver:MBAMSwissArmy;file:C:\Windows\system32\drivers\mbamswissarmy.sys
 	Warnungsart: Nicht klassifizierte Software
 	Feststellungstyp:  
Record Number: 159556
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175248.000000-000
Event Type: Warnung
User: 

Computer Name: CaspianEurop-PC
Event Code: 3005
Message: Zum Schutz dieses Computers vor Spyware und möglicherweise unerwünschter Software wurden vom Windows-Defender-Echtzeitschutz-Agent Maßnahmen ergriffen.
 Weitere Informationen finden Sie hier:
Nicht zutreffend
 	Scan-ID: {D4CB7833-6827-4F5A-B4E0-6898DDD6314C}
  	Benutzer: CaspianEurop-PC\Caspian Europe GmbH
 	Name: Unknown
 	ID: 
 	Schweregrad-ID: 
 	Kategorie-ID: 
 	Warnungsart: Nicht klassifizierte Software
 	Aktion: Ignorieren
Record Number: 159557
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175253.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: CaspianEurop-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 227734
Source Name: SecurityCenter
Time Written: 20100803173308.000000-000
Event Type: Informationen
User: 

Computer Name: CaspianEurop-PC
Event Code: 1
Message: 03/08/2010 19:34:32 (OviSuite) - INFO    - AO Action: Id = 9 Oper = Assign Result = 0 Classname = CAODynSwUpdate Resource = CAODynSwUpdate Content = {645dc909-b71d-4cd2-b515-8643dfb21601} Queue = 6
Record Number: 227735
Source Name: OviSuite
Time Written: 20100803173432.000000-000
Event Type: Informationen
User: 

Computer Name: CaspianEurop-PC
Event Code: 1
Message: 03/08/2010 19:34:32 (OviSuite) - INFO    - AO Action: Id = 9 Oper = Start Result = 0 Classname = CAODynSwUpdate Resource = CAODynSwUpdate Content = {645dc909-b71d-4cd2-b515-8643dfb21601} Queue = 6
Record Number: 227736
Source Name: OviSuite
Time Written: 20100803173432.000000-000
Event Type: Informationen
User: 

Computer Name: CaspianEurop-PC
Event Code: 4609
Message: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80010105 von Zeile 202 von d:\vistasp1_gdr\com\complus\src\events\tier2\service.cpp. Wenden Sie sich an den Microsoft-Produktsupport.
Record Number: 227737
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100803173432.000000-000
Event Type: Fehler
User: 

Computer Name: CaspianEurop-PC
Event Code: 1
Message: 03/08/2010 19:34:32 (OviSuite) - INFO    - AO Action: Id = 9 Oper = Finish Result = 0 Classname = CAODynSwUpdate Resource = CAODynSwUpdate Content = {645dc909-b71d-4cd2-b515-8643dfb21601} Queue = 6
Record Number: 227738
Source Name: OviSuite
Time Written: 20100803173432.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys	
Record Number: 51823
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.531187-000
Event Type: Überwachung gescheitert
User: 

Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys	
Record Number: 51824
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.568187-000
Event Type: Überwachung gescheitert
User: 

Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys	
Record Number: 51825
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.603187-000
Event Type: Überwachung gescheitert
User: 

Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys	
Record Number: 51826
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.640187-000
Event Type: Überwachung gescheitert
User: 

Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:	\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys	
Record Number: 51827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.695187-000
Event Type: Überwachung gescheitert
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment

-----------------EOF-----------------
         
--- --- ---



MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 1700
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 175):
0x82233000 \SystemRoot\system32\ntkrnlpa.exe
0x82200000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046F000 \SystemRoot\system32\PSHED.dll
0x80480000 \SystemRoot\system32\BOOTVID.dll
0x80488000 \SystemRoot\system32\CLFS.SYS
0x804C9000 \SystemRoot\system32\CI.dll
0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80698000 \SystemRoot\system32\drivers\acpi.sys
0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EF000 \SystemRoot\system32\drivers\pci.sys
0x80716000 \SystemRoot\System32\drivers\partmgr.sys
0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80732000 \SystemRoot\system32\drivers\volmgr.sys
0x80741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078B000 \SystemRoot\system32\drivers\intelide.sys
0x80792000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A0000 \SystemRoot\System32\drivers\mountmgr.sys
0x807B0000 \SystemRoot\system32\drivers\atapi.sys
0x807B8000 \SystemRoot\system32\drivers\ataport.SYS
0x807D6000 \SystemRoot\system32\drivers\msahci.sys
0x805A9000 \SystemRoot\system32\drivers\fltmgr.sys
0x807E0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B60B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B67C000 \SystemRoot\system32\drivers\ndis.sys
0x8B787000 \SystemRoot\system32\drivers\msrpc.sys
0x8B7B2000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B803000 \SystemRoot\System32\drivers\tcpip.sys
0x8B8EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B907000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BA04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB13000 \SystemRoot\system32\drivers\volsnap.sys
0x8BC04000 \SystemRoot\system32\DRIVERS\tdrpm140.sys
0x8BCF0000 \SystemRoot\System32\Drivers\spldr.sys
0x8BCF8000 \SystemRoot\system32\DRIVERS\snman380.sys
0x8BD18000 \SystemRoot\System32\Drivers\mup.sys
0x8BD27000 \SystemRoot\System32\drivers\ecache.sys
0x8BD4E000 \SystemRoot\system32\drivers\disk.sys
0x8BD5F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BD80000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BDAB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BDB6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BDBF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9000B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x906D4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90773000 \SystemRoot\System32\drivers\watchdog.sys
0x90780000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9078B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x907C9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x907D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90809000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x90A32000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x90A42000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90A52000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90A60000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90A7A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90A89000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x90A9D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x90AEE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90B01000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x90B2D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90B38000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90B43000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x90B5C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90B74000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90B7A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90B7E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90B87000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90BB5000 \SystemRoot\system32\DRIVERS\storport.sys
0x907EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BDCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x907F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BB4C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BDE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BB6F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BB83000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90C06000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x90C8F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90C9F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90CA1000 \SystemRoot\system32\DRIVERS\ks.sys
0x90CCB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90CD5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90CE2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90D16000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90D27000 \SystemRoot\system32\drivers\stwrt.sys
0x90D7A000 \SystemRoot\system32\drivers\portcls.sys
0x90DA7000 \SystemRoot\system32\drivers\drmk.sys
0x8BB98000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90E0D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90F10000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x90FC4000 \SystemRoot\system32\drivers\modem.sys
0x90FD1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90FDA000 \SystemRoot\System32\Drivers\Null.SYS
0x90FE1000 \SystemRoot\System32\Drivers\Beep.SYS
0x90FF1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90E00000 \SystemRoot\System32\drivers\vga.sys
0x90DCC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90FE8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90FF8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90DED000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BBD5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90BF6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BBE3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B98A000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B99E000 \SystemRoot\system32\drivers\afd.sys
0x91003000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91035000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9104B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91059000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9106C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91072000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x910AE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x910B8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x910BD000 \SystemRoot\system32\drivers\csc.sys
0x91117000 \SystemRoot\System32\Drivers\dfsc.sys
0x9112E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9114A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x9114C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91159000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x91164000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97CB0000 \SystemRoot\System32\win32k.sys
0x9116E000 \SystemRoot\System32\drivers\Dxapi.sys
0x91178000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9118F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91191000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x911CB000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x911CD000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9B40B000 \SystemRoot\System32\Drivers\bthport.sys
0x9B445000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9B456000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x9B460000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9B47A000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x9B488000 \SystemRoot\system32\drivers\btwavdt.sys
0x9B4EE000 \SystemRoot\system32\drivers\btwaudio.sys
0x9B569000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x9B56C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9B57C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9B585000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9B58F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9B598000 \SystemRoot\system32\drivers\usbaudio.sys
0x9B5AA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9B5B2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97ED0000 \SystemRoot\System32\TSDDD.dll
0x97EF0000 \SystemRoot\System32\cdd.dll
0x9B5C1000 \SystemRoot\system32\drivers\luafv.sys
0x9B5DC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9B5F0000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x9D00F000 \SystemRoot\system32\drivers\spsys.sys
0x9D0BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9D0CE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9D0F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9D102000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D115000 \SystemRoot\system32\drivers\HTTP.sys
0x9D180000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D19D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D1B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D1CB000 \SystemRoot\system32\drivers\mrxdav.sys
0x911D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F40B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F444000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F45C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F483000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F4F6000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9F51E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F522000 \SystemRoot\system32\drivers\peauth.sys
0x9F400000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F4CF000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x9F4D6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F4E2000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x8BD89000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77280000 \Windows\System32\ntdll.dll

Processes (total 92):
0 System Idle Process
4 System
640 C:\Windows\System32\smss.exe
708 csrss.exe
776 C:\Windows\System32\wininit.exe
788 csrss.exe
820 C:\Windows\System32\services.exe
832 C:\Windows\System32\lsass.exe
840 C:\Windows\System32\lsm.exe
996 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\winlogon.exe
1336 C:\Windows\System32\audiodg.exe
1372 C:\Windows\System32\SLsvc.exe
1412 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\svchost.exe
1736 C:\Windows\System32\wlanext.exe
1868 C:\Windows\System32\taskeng.exe
1876 C:\Windows\System32\spoolsv.exe
1928 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1948 C:\Windows\System32\svchost.exe
628 C:\Windows\System32\svchost.exe
768 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
1560 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1572 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1968 C:\Program Files\Bonjour\mDNSResponder.exe
556 C:\Windows\System32\svchost.exe
1508 C:\Program Files\Cobian Backup 9\cbService.exe
2100 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2312 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2480 C:\Windows\System32\svchost.exe
2512 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2568 C:\Windows\System32\stacsv.exe
2640 C:\Windows\System32\svchost.exe
2676 C:\Windows\System32\svchost.exe
2728 C:\Windows\System32\SearchIndexer.exe
2776 C:\Windows\System32\drivers\XAudio.exe
2968 C:\Windows\System32\svchost.exe
3544 C:\Windows\System32\taskeng.exe
3648 C:\Windows\System32\dwm.exe
3724 C:\Windows\explorer.exe
3864 C:\Windows\servicing\TrustedInstaller.exe
2432 C:\Program Files\Windows Defender\MSASCui.exe
2068 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
2424 C:\Windows\OEM02Mon.exe
2656 C:\Windows\System32\rundll32.exe
2784 C:\Windows\System32\rundll32.exe
2668 C:\Windows\System32\rundll32.exe
2956 WmiPrvSE.exe
476 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
2868 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
3164 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
3256 C:\Program Files\DellTPad\Apoint.exe
3484 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
1716 C:\Program Files\DellTPad\ApMsgFwd.exe
1784 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
1768 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2448 C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2116 C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe
3612 C:\Program Files\Cobian Backup 9\cbInterface.exe
1596 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3300 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3444 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
3012 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
3268 C:\Program Files\Windows Sidebar\sidebar.exe
4056 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
1752 C:\Program Files\Google\Google Talk\googletalk.exe
3516 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
4012 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
2468 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2540 C:\Program Files\WinZip\WZQKPICK.EXE
4132 C:\Program Files\DellTPad\hidfind.exe
4148 C:\Program Files\OpenOffice.org 3\program\soffice.exe
4160 C:\Program Files\DellTPad\ApntEx.exe
4236 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
4292 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4348 C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
4780 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5768 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
5836 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
5848 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
5876 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2584 C:\Users\CASPIA~1\AppData\Local\Temp\TeamViewer\Version5\TeamViewer.exe
5464 WmiPrvSE.exe
5704 C:\Windows\System32\conime.exe
4648 C:\Windows\System32\SearchProtocolHost.exe
4908 C:\Windows\System32\SearchFilterHost.exe
4940 C:\Users\Caspian Europe GmbH\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87265000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`075a9e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG000D

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: B54B3AC0ADE4B8ABBDCB812292C74DAA2C204010


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Alt 03.08.2010, 19:26   #2
Larusso
/// Selecta Jahrusso
 
Schlachtenmusik-Virus - Standard

Schlachtenmusik-Virus





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Lösche bitte die vorhandenen MBRCheck.txt.

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
  • Enter your choice: 2
  • Enter the physical disk number to fix (0-99, -1 to cancel): 0
  • PLease select the MBR code to write to this drive: 3
Die rot eingerahmten Zahlen aus der Anleitung entnehmen!!!
  • Gib nun Yes ein und bestätige mit ENTER.
  • Starte den Rechner neu auf.
Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten
__________________

__________________

Alt 04.08.2010, 19:29   #3
TsKraft
 
Schlachtenmusik-Virus - Standard

Schlachtenmusik-Virus



Hallo,

Danke! Es ist mir nicht gelungen, mit mbrCheck den schadhaften MBR zu fixen, aber dann mit Bootkit Remover. (Vorgegangen bin ich wie im Thread 89098-whistler-black-internet-mbr-code-laesst-sich-nicht-aendern.html)

Malwarebytes hat dann 14 Viren beseitigt. Die Oldtimer-Logs deuten noch auf Alternate DataStreams hin und GMER ist beim Scannen mit einem blauen Stop-Fehler abgestürzt. Ich poste Euch die Logfiles, vielleicht können wir den Laptop noch weiter bereinigen!

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4386

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04.08.2010 19:58:31
mbam-log-2010-08-04 (19-58-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 247145
Laufzeit: 1 Stunde(n), 19 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7e73858d-20247ee8 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\641a18a9-5655bcb4 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7095766b-443a80f4 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4c6d1371-7273874b (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\36770cf5-1fba15f4 (Trojan.Dropper) -> Quarantined and deleted successfully.



Oldtimer - OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.08.2010 20:06:05 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = G:\tdss.d
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 150,43 Gb Free Space | 68,29% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,73 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,47 Gb Total Space | 1,66 Gb Free Space | 22,22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CASPIANEUROP-PC
Current User Name: Caspian Europe GmbH
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - G:\tdss.d\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Cobian Backup 9\cbService.exe (Luis Cobian)
PRC - C:\Program Files\Cobian Backup 9\cbInterface.exe (Luis Cobian)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe (Samsung Electronics Co., Ltd., Samsung Software Center.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - G:\tdss.d\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (CobianBackupAmanita) -- C:\Program Files\Cobian Backup 9\cbService.exe (Luis Cobian)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- C:\Windows\System32\Drivers\frmupgr.sys File not found
DRV - (catchme) -- C:\Users\CASPIA~1\AppData\Local\Temp\catchme.sys File not found
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140) -- C:\Windows\system32\DRIVERS\tdrpm140.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\Windows\system32\DRIVERS\snman380.sys (Acronis)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AX88772) -- C:\Windows\System32\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.05 09:04:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.26 08:09:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 13:52:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.30 08:39:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.17 09:55:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.05 09:04:05 | 000,000,000 | ---D | M]
 
[2009.09.24 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Extensions
[2010.08.04 17:38:25 | 000,000,000 | ---D | M] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions
[2009.12.13 16:00:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.04.27 09:59:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.08 11:48:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.11 18:06:47 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.11 18:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.22 11:50:34 | 000,000,687 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Mozilla\FireFox\Profiles\6ykl0h5l.default\searchplugins\ask.xml
[2010.07.11 18:07:29 | 000,000,873 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Mozilla\FireFox\Profiles\6ykl0h5l.default\searchplugins\conduit.xml
[2009.12.13 16:01:01 | 000,001,201 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Mozilla\FireFox\Profiles\6ykl0h5l.default\searchplugins\winamp-search.xml
[2010.08.04 16:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.07 07:53:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.09.25 11:38:23 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2010.07.30 08:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.09.25 11:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Cobian Backup 9 interface] C:\Program Files\Cobian Backup 9\cbInterface.exe (Luis Cobian)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GW Port Controller] C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe (Samsung Electronics Co., Ltd., Samsung Software Center.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\Caspian Europe GmbH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.04 18:21:05 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Windows\System32\remover.exe
[2010.08.03 20:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.03 20:05:03 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.03 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\Desktop\musikvirus
[2010.08.03 19:51:44 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Malwarebytes
[2010.08.03 19:51:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.03 19:51:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.03 19:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.03 19:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.03 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.03 19:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.03 19:23:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.03 19:16:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.03 19:16:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.03 19:16:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.03 19:16:07 | 000,000,000 | ---D | C] -- C:\C7o6m5b4oFix
[2010.08.03 19:15:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.03 19:14:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.03 19:03:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.03 09:21:10 | 001,581,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\showmypc.exe
[2010.07.30 08:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.30 08:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.07.30 08:39:32 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.30 08:39:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.30 08:39:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.30 08:39:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.11 18:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010.07.11 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.11 18:04:23 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\Documents\DVDVideoSoft
[2010.07.11 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.07.11 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.07.11 18:02:22 | 018,014,460 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.04 20:08:05 | 002,883,584 | -HS- | M] () -- C:\Users\Caspian Europe GmbH\ntuser.dat
[2010.08.04 20:03:11 | 000,094,443 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\nvModes.dat
[2010.08.04 20:03:11 | 000,094,443 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\nvModes.001
[2010.08.04 20:01:51 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.04 20:00:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.04 20:00:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.04 20:00:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.04 20:00:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.04 20:00:27 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.04 19:59:37 | 000,524,288 | -HS- | M] () -- C:\Users\Caspian Europe GmbH\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010.08.04 19:59:37 | 000,065,536 | -HS- | M] () -- C:\Users\Caspian Europe GmbH\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010.08.04 19:59:26 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.04 19:59:22 | 004,220,810 | -H-- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Local\IconCache.db
[2010.08.04 19:18:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.04 17:11:25 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.04 17:11:25 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.04 17:11:25 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.04 17:11:25 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.04 17:11:25 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.04 07:48:42 | 000,023,040 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.03 19:51:38 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.03 19:45:39 | 000,000,674 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\ERUNT.lnk
[2010.08.03 19:40:35 | 000,000,764 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\CCleaner.lnk
[2010.08.03 19:22:37 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.03 18:14:22 | 002,128,832 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\teamviewer.exe
[2010.08.03 13:47:42 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.08.03 09:21:14 | 001,581,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\showmypc.exe
[2010.08.02 21:59:34 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Windows\System32\remover.exe
[2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.11 18:06:45 | 000,000,992 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.11 18:03:53 | 018,014,460 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe
[2010.07.05 23:07:42 | 000,000,173 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\default.rss
[2010.07.05 23:07:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.08.03 19:51:38 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.03 19:45:39 | 000,000,674 | ---- | C] () -- C:\Users\Caspian Europe GmbH\Desktop\ERUNT.lnk
[2010.08.03 19:16:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.03 19:16:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.03 19:16:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.03 19:16:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.03 19:16:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.03 18:14:18 | 002,128,832 | ---- | C] () -- C:\Users\Caspian Europe GmbH\Desktop\teamviewer.exe
[2010.07.11 18:04:24 | 000,000,992 | ---- | C] () -- C:\Users\Caspian Europe GmbH\Desktop\DVDVideoSoft Free Studio.lnk
[2010.01.26 20:44:50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.10.09 18:39:27 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.09.25 12:47:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.09.25 12:34:52 | 000,000,070 | ---- | C] () -- C:\Windows\fine.ini
[2009.09.25 10:20:49 | 000,000,117 | ---- | C] () -- C:\Windows\groupwar.ini
[2009.09.25 10:20:41 | 000,007,889 | ---- | C] () -- C:\Windows\System32\ssUsbW2k.dll
[2009.09.25 10:09:40 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll
[2009.09.25 10:09:37 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll
[2009.09.25 10:09:37 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll
[2009.09.25 10:09:37 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2009.09.24 17:23:07 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009.09.24 17:22:03 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2009.09.24 16:15:29 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2009.09.24 16:01:58 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.24 15:43:06 | 000,000,754 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.09.24 15:43:06 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.09.24 15:40:55 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.09.24 15:40:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.09.24 15:38:13 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.09.24 15:29:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009.09.24 15:29:15 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009.09.24 13:06:31 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.07.25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Caspian Europe GmbH\Documents\MumboJumbo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Caspian Europe GmbH\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Caspian Europe GmbH\Documents\Azureus Downloads:Roxio EMC Stream
< End of report >
         
--- --- ---



Oldtimer - Extras:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.08.2010 20:06:05 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = G:\tdss.d
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 150,43 Gb Free Space | 68,29% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,73 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,47 Gb Total Space | 1,66 Gb Free Space | 22,22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CASPIANEUROP-PC
Current User Name: Caspian Europe GmbH
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-310542224-2537145970-2728054387-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136E3373-EBEC-40C3-9D97-D3A2CD0D85C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CAAE25AF-6B5A-4FBE-8A31-3B9384399E32}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner | 
"{F5DFE7ED-F6EE-4A1E-A25C-F3CF217E3DC7}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D2959-2964-40BC-91AA-E0A7410BB34A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0196120D-6FEE-4950-97B8-2D82605B9D69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0262F649-A9CC-41B1-912A-1C52084F92B5}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{05070CD7-F3BE-491F-974F-9C3CB1DB770B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DA80A52-C98E-4CC5-9ABC-6895F9728FEB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{10C45136-F4E7-4435-8C6F-1E7B22E9A2A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12D15F74-C93C-4BD3-B8B1-5D1926B31BE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14B75B1D-AB10-47D1-8D49-817819F7F76C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{151D94BC-5842-4F14-888C-8D76DE7E7943}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{164A4195-3B02-4777-AB3D-FF5DA86CC4A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C244CB0-C9B5-4151-835E-C3777C17F2C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{223C37C7-9D92-48B9-B0FA-E2CEB9AF87B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2630D4D8-D799-43FB-BDA1-E4580A456911}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26E648D0-6A68-4D31-B01B-9B0C0B42F808}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{289E2CA0-F8EB-4ADA-8E9E-46935CA4B18E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A3A1D9C-E4D2-4107-8297-D4FAA6017E22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AEBD067-ED5D-495B-A224-50012F1A0920}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C6F8AA3-596E-45B6-8BBD-3C08DA660D90}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FB2C4CC-4326-424B-B725-B58A8F51D816}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30F351F3-B5D6-4ECE-BD5A-F4C86721342B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37ACC131-E470-42E0-A8C7-22020C36D0E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3B139006-1D51-4CA5-89B4-23EB2AB62803}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3BA37290-C786-457B-9A43-860235BB8A50}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E39BA18-673A-4147-8936-08A380E9D557}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4078888E-0E49-4D39-A109-61BF4D078903}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4805E05E-9022-4F09-B9B6-7A146F02413F}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08i\faxrx.exe | 
"{487BA12C-33C0-476E-9308-A8FDC4C0E99F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B55F152-EF9B-4CFB-96B8-85F966883966}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{4B661907-F6D1-4893-A4DF-FB8FA4DBCFD8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4BBE552A-1E31-4AC1-8047-EA45BD0CD94E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C5642FC-0C15-4EC3-AF39-FEC3FC9284E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E3B6E92-CAB9-4AB6-9A5A-F93383DEEF57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E41B7FE-A340-4E09-8B26-96EBD6F99166}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4F854DA3-0A63-4B0A-9624-61689B37E959}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5123BEBB-4278-489C-A416-0D8ECFCCFCDC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51A7CB03-151A-4204-88CF-A9B35627F0D9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59473429-FFDD-407A-8BE9-088BD999AB46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5AFD0350-FD09-46F2-AB85-A76E258360ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{629EF7D3-8C2C-4B84-8B56-7B159660969D}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08i\faxrx.exe | 
"{62F80E02-FE99-4C43-8084-DBF5FDBE970A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{649A25DD-3C36-4E42-AA68-F21E7CF57A96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67FF99EB-9CB0-48FD-B89D-3BBF1EDBBB8C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{702B9545-D7A5-4CE6-865D-B57A5518565E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7082220B-0916-4A00-98EE-D2A3A2916BE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{71FEDEE0-287A-4038-8E7C-C7F5D584F89B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77C40B1F-CCD4-4771-A063-A011CFD03B6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D37D266-9453-4838-8C6B-AB90A4993D12}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83F55D67-D193-45E5-9BCE-DF0E5F44DBA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8673906E-3C59-4AC0-8E2F-28A1F244C687}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{914E38DD-FE3D-42AD-87E4-26BA1D3F71D2}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{98409966-95E8-4073-B900-D4C531263809}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98BBB5AC-2A0B-4A21-90FA-92769299BBA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD184662-94A1-4F40-8ADE-FE470BDDDCAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0D56E97-3CFB-40E5-9AC5-4945BFF6BAAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B684E922-5BDB-4306-8B40-A04F92FFE93F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B68CCD09-E261-4A5E-A771-1E1A202AAE57}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B81BFF2C-CD67-488B-A971-EDB13E1B4938}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BA3C6426-B345-40DE-B4DF-9B4BA70652C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BB58BBB6-98F6-4317-98B4-7DCE7461D6E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB9E3CC7-14E2-4062-80D0-756EE621416F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF63120F-5697-4295-9071-EECA6EBB61E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF84C37D-2CA3-4279-94E8-28C89E8D376F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BFB8F6D1-649C-44DC-AC29-7A9CD17787E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1686C25-AAAF-40DC-9FDC-BDED34A36C83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D1EC7065-613F-4B4C-8866-50802E6AD19A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{EC0A7762-339F-41C8-889B-F2F61C594C17}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF7E3DB0-D3C0-40D9-9FB5-6E1C40DFA51B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F145F41F-306B-447D-BBD3-A4BE76C706A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F396A031-C842-482F-BACD-F526913566A8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F8832A68-DD1A-4F0A-8EA3-557791F30194}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8C6C317-9464-4BB1-9F5F-A62303EC9DAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD59530F-3D91-4F00-9960-B82DEC802E5E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{0CC25D45-2F5F-4A4D-B687-C2A37F6CF85B}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{2877F9AD-A43E-485E-BCFC-F23B07D66CF8}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{2C86AF2D-8164-4E2B-8843-ACF48CC096A5}C:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{399F9DE0-21D6-4494-A83C-98A251E183B7}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe | 
"TCP Query User{4EC9604F-5D95-4A29-9324-4076FFAC7ABA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{575555B3-52E8-4060-9FB5-DBC949E594AA}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe | 
"TCP Query User{5882415A-5C7E-459E-B17E-97B21038CFD6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{5A38539E-1D6E-48BC-9116-D212E2C536E2}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{D53D5512-EED6-4CE3-BB68-5E60D24B4A4E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{DD168C0D-3C18-4C48-B4BA-67CD9D5F2B48}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{52A9385A-D809-4C93-B47A-5C649BE3A086}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{66D8018E-F649-438B-BA8E-0AFCC79A9941}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe | 
"UDP Query User{68FB11B6-44C1-400F-81E8-07FD8463F912}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{6AE358DB-8177-4705-A1B1-1F28B8A98B96}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{7A1C9FC6-4FBF-4FE5-BEDB-9A06F5FEF5EB}C:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{A97DD2FD-56FE-48CB-AB37-32AE7261ED54}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{B9520867-5D04-4846-9F3C-D1ADD0172FE0}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{BE692B43-2B77-414F-8DBF-E92C04D3E4A9}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe | 
"UDP Query User{C283CD73-F280-4F50-8CF6-DA99559EC5CF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{E25D5CEF-E430-488F-9985-F75D61BFC1B2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1CE06390-46D0-11D6-8578-006008CA5356}" = SmarThru
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4b29c6d9-ab37-4014-bd9b-e461180eb331}" = Nero 9
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97070C44-7B20-4AB6-8770-A1ABE370F63B}" = Samsung SCX-5x15 Series - TWAIN
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D7E3B1A1-476D-4406-8EA5-443B3F811D75}" = Brother MFC-8880DN
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.31
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bengal Special" = Bengal Special
"BrainSpeeder" = BrainSpeeder 3.2.105 
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CobBackup9" = Cobian Backup 9
"Creative OEM002" = Laptop Integrated Webcam Driver (1.00.10.0320)  
"Die Wiege Roms" = Die Wiege Roms
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Samsung SCX-5x15 Series PCL 6" = Samsung SCX-5x15 Series PCL 6
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2010 14:00:41 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 19
Description = 
 
Error - 04.08.2010 14:00:41 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 8193
Description = 
 
Error - 04.08.2010 14:00:46 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4610
Description = 
 
Error - 04.08.2010 14:00:46 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 19
Description = 
 
Error - 04.08.2010 14:00:46 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 8193
Description = 
 
Error - 04.08.2010 14:01:51 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 04.08.2010 14:01:57 | Computer Name = CaspianEurop-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.08.2010 14:02:04 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4610
Description = 
 
Error - 04.08.2010 14:02:45 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 04.08.2010 14:06:07 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 04.08.2010 14:01:51 | Computer Name = CaspianEurop-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2010 14:02:45 | Computer Name = CaspianEurop-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 04.08.2010 14:02:46 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.08.2010 14:06:07 | Computer Name = CaspianEurop-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 04.08.2010 14:06:08 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
--- --- ---

Vielen Dank!
__________________

Alt 04.08.2010, 20:06   #4
Larusso
/// Selecta Jahrusso
 
Schlachtenmusik-Virus - Standard

Schlachtenmusik-Virus



Willst Du weiterhin auf eigene Faust so Kleinigkeiten wie den MBR fixen oder haltest Du dich an meine Anweisungen ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.08.2010, 12:46   #5
Larusso
/// Selecta Jahrusso
 
Schlachtenmusik-Virus - Standard

Schlachtenmusik-Virus



Fehlende Rückmeldung

Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.

PN an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere eröffnet bitte einen eigenen Thread.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Schlachtenmusik-Virus
.com, 32 bit, antivir, antivir guard, ask toolbar, avgntflt.sys, avira, bho, black, black internet, bonjour, browser, converter, desktop, device driver, drvstore, error, firefox, flash player, google, hdaudio.sys, hijack, hijackthis, install.exe, local\temp, maßnahme, mp3, msiexec.exe, nodrives, nvlddmkm.sys, object, pdfforge toolbar, problem, programdata, rückgängig, security, sekunden, software, spyware, start menu, svchost.exe, system, usbvideo.sys, vista 32, vista 32 bit, whistler, windows-sicherheitscenterdienst




Zum Thema Schlachtenmusik-Virus - Hallo, ich habe das gleiche Problem wie im Thread 88827-musik-aus-dem-off-offenbar-trojaner.html Zu unbestimmten Zeitpunkten kommt aus dem Lautsprecher eine etwa 15 Sekunden lange Musik, die an eine Schlacht erinnert. Weiter unten - Schlachtenmusik-Virus...
Archiv
Du betrachtest: Schlachtenmusik-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.