| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Schlachtenmusik-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.08.2010, 19:22
| #1 |
| |  Schlachtenmusik-Virus Hallo, ich habe das gleiche Problem wie im Thread 88827-musik-aus-dem-off-offenbar-trojaner.html Zu unbestimmten Zeitpunkten kommt aus dem Lautsprecher eine etwa 15 Sekunden lange Musik, die an eine Schlacht erinnert. Weiter unten die Logs von Malwarebytes und Rsit. Zuvor noch folgende Beobachtung: Ich habe mit mbrcheck gescannt, er sagte "Whistler Black Internet", konnte jedoch den MBR nicht von der Infektion befreien. Vielen Dank im Voraus für Eure Mithilfe! Hier die Logs von Malwarebytes, Rsit und Mbrcheck: Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4386 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 03.08.2010 19:58:17 mbam-log-2010-08-03 (19-58-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 135589 Laufzeit: 5 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Rsit-Log: RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Caspian Europe GmbH at 2010-08-03 20:05:03 Microsoft® Windows Vista™ Business Service Pack 1 System drive C: has 154 GB (68%) free of 226 GB Total RAM: 3581 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:05:12, on 03.08.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18319) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\OEM02Mon.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe C:\Program Files\Cobian Backup 9\cbInterface.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\DellTPad\HidFind.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe C:\Windows\system32\conime.exe C:\Users\Caspian Europe GmbH\Desktop\MBRCheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Caspian Europe GmbH\Desktop\musikvirus\RSIT.exe C:\Program Files\trend micro\Caspian Europe GmbH.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cobian Backup 9 Dienst (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11951 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - MyAshampoo Toolbar - C:\Program Files\MyAshampoo\tbMyAs.dll [2009-12-31 2349080] {872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504] "OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-02-02 36864] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-14 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-14 8433664] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-14 81920] "NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-06-14 67584] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-10-03 4378000] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-10-03 962480] "Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-10-03 165144] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2008-07-09 29984] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2008-07-09 46368] "PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-11-12 1122304] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2008-08-12 114688] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-02-04 548864] "GW Port Controller"=C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE [2006-12-14 163840] "Cobian Backup 9 interface"=C:\Program Files\Cobian Backup 9\cbInterface.exe [2009-01-22 2749952] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2010-06-15 4398016] "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-11-21 3293184] "NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-02-24 385928] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE C:\Users\Caspian Europe GmbH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-08-03 20:05:03 ----D---- C:\rsit 2010-08-03 20:05:03 ----D---- C:\Program Files\trend micro 2010-08-03 19:51:44 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\Malwarebytes 2010-08-03 19:51:35 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-03 19:51:34 ----D---- C:\ProgramData\Malwarebytes 2010-08-03 19:51:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-03 19:51:34 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-03 19:45:38 ----D---- C:\Program Files\ERUNT 2010-08-03 19:33:33 ----D---- C:\Program Files\QS 2010-08-03 19:24:29 ----D---- C:\Windows\temp 2010-08-03 19:24:27 ----A---- C:\ComboFix.txt 2010-08-03 19:23:48 ----SHD---- C:\$RECYCLE.BIN 2010-08-03 19:16:13 ----A---- C:\Windows\zip.exe 2010-08-03 19:16:13 ----A---- C:\Windows\SWSC.exe 2010-08-03 19:16:13 ----A---- C:\Windows\SWREG.exe 2010-08-03 19:16:13 ----A---- C:\Windows\sed.exe 2010-08-03 19:16:13 ----A---- C:\Windows\PEV.exe 2010-08-03 19:16:13 ----A---- C:\Windows\NIRCMD.exe 2010-08-03 19:16:13 ----A---- C:\Windows\MBR.exe 2010-08-03 19:16:13 ----A---- C:\Windows\grep.exe 2010-08-03 19:16:07 ----D---- C:\C7o6m5b4oFix 2010-08-03 19:15:12 ----A---- C:\Windows\SWXCACLS.exe 2010-08-03 19:14:39 ----D---- C:\Windows\ERDNT 2010-08-03 19:03:29 ----D---- C:\Qoobox 2010-08-03 09:21:10 ----A---- C:\Program Files\showmypc.exe 2010-07-30 08:39:42 ----D---- C:\ProgramData\Sun 2010-07-30 08:39:42 ----D---- C:\Program Files\Common Files\Java 2010-07-30 08:39:32 ----A---- C:\Windows\system32\javaws.exe 2010-07-30 08:39:32 ----A---- C:\Windows\system32\javaw.exe 2010-07-30 08:39:32 ----A---- C:\Windows\system32\java.exe 2010-07-30 08:39:32 ----A---- C:\Windows\system32\deployJava1.dll 2010-07-11 18:06:49 ----D---- C:\Program Files\DVDVideoSoftTB 2010-07-11 18:04:29 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers 2010-07-11 18:04:16 ----D---- C:\Program Files\DVDVideoSoft 2010-07-11 18:04:16 ----D---- C:\Program Files\Common Files\DVDVideoSoft 2010-07-11 18:02:22 ----A---- C:\Program Files\FreeYouTubeToMp3Converter.exe ======List of files/folders modified in the last 1 months====== 2010-08-03 20:05:03 ----D---- C:\Program Files 2010-08-03 20:02:36 ----D---- C:\Windows 2010-08-03 19:51:35 ----D---- C:\Windows\system32\drivers 2010-08-03 19:51:34 ----D---- C:\ProgramData 2010-08-03 19:40:35 ----D---- C:\Program Files\CCleaner 2010-08-03 19:40:20 ----D---- C:\Windows\Prefetch 2010-08-03 19:22:37 ----A---- C:\Windows\system.ini 2010-08-03 19:20:26 ----D---- C:\Windows\System32 2010-08-03 19:20:26 ----D---- C:\Windows\AppPatch 2010-08-03 19:20:25 ----D---- C:\Program Files\Common Files 2010-08-03 13:47:42 ----A---- C:\Windows\BRWMARK.INI 2010-08-03 10:12:47 ----D---- C:\Windows\Minidump 2010-08-02 23:31:59 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\Skype 2010-08-02 22:25:00 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\vlc 2010-08-02 22:00:13 ----D---- C:\Users\Caspian Europe GmbH\AppData\Roaming\skypePM 2010-07-30 08:39:42 ----SHD---- C:\Windows\Installer 2010-07-30 08:39:30 ----D---- C:\Program Files\Java 2010-07-30 08:39:27 ----SHD---- C:\System Volume Information 2010-07-28 20:10:18 ----D---- C:\Program Files\Mozilla Firefox 2010-07-28 14:41:49 ----D---- C:\Windows\system32\config 2010-07-26 20:12:17 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-07-26 20:12:16 ----D---- C:\Windows\inf 2010-07-24 15:03:18 ----D---- C:\D S L 2010-07-24 11:22:15 ----D---- C:\Windows\system32\catroot2 2010-07-05 23:07:22 ----A---- C:\Windows\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 snapman380;Acronis Snapshots Manager (Build 380); C:\Windows\system32\DRIVERS\snman380.sys [2009-09-24 134272] R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140); C:\Windows\system32\DRIVERS\tdrpm140.sys [2009-09-24 971168] R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2009-09-24 540000] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-08 56816] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-11-10 5120] R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-09-24 44704] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192] R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-06-09 106432] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568] R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456] R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128] R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-08 2226688] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-14 7110880] R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-03-20 234496] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424] R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656] R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968] S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2006-09-05 41984] S3 AX88772;ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\Windows\system32\DRIVERS\ax88772.sys [2007-01-20 28672] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 catchme;catchme; \??\C:\Users\CASPIA~1\AppData\Local\Temp\catchme.sys [] S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-16 41472] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-10-03 554264] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 CobianBackupAmanita;Cobian Backup 9 Dienst; C:\Program Files\Cobian Backup 9\cbService.exe [2009-01-22 583168] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680] R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-14 133104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 Samsung UPD Service;Samsung UPD Service; C:\Windows\System32\SUPDSvc.exe [2009-03-24 127656] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [] S4 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] S4 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] -----------------EOF----------------- Rsit-Info: info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-03 20:05:14
======Uninstall list======
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2547E065-D92D-11D6-8586-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{333D93A7-505C-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{501F5586-5040-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94854D4-505E-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9485541-505E-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94855AD-505E-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E226D4BA-4FAD-11D6-857A-006008CA5356}\setup.exe" -l0x7 uninstall
Acronis*True*Image*Home-->MsiExec.exe /X{37C8899D-FD70-481F-94AA-1F1B08765E22}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Ashampoo Photo Commander 7.31-->"C:\Program Files\Ashampoo\Ashampoo Photo Commander 7\unins000.exe"
Audiograbber 1.83 SE -->"C:\Program Files\Audiograbber\Uninstall.exe"
Audiograbber Lame-MP3-Plugin-->"C:\Program Files\Audiograbber\Lame-Uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bengal Special-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_OxxoBengalCB.log"
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
BrainSpeeder 3.2.105 -->C:\Windows\uninstall\BrainSpeeder\setup.exe
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Brother MFC-8880DN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E3B1A1-476D-4406-8EA5-443B3F811D75}\setup.exe" -l0x7 -removeonly /uninst
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{004B8D14-7E3A-490A-ABB3-753535E169E3}\Setup.exe" -runfromtemp -l0x0007 Brunin03.dll -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DEUTSCHLAND SPIELT GAME CENTER-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" UInstAllGPAndDS
Die Wiege Roms-->"C:\Program Files\OXXOGames\GPlayer\\MyInstall.exe" ScriptUInst "C:\Program Files\OXXOGames\GPlayer\Install\\Game_AwemDieWiegeRomsTrial.log"
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Free Audio CD Burner version 1.3-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.125\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Laptop Integrated Webcam Driver (1.00.10.0320) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MyAshampoo Toolbar-->C:\PROGRA~1\MYASHA~1\UNWISE.EXE /U C:\PROGRA~1\MYASHA~1\INSTALL.LOG
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="1M03-0183-W75T-9654-9441-XEL6-U21P-PPUC"
Nero BackItUp and Burn-->MsiExec.exe /X{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}
Nero BurnRights-->MsiExec.exe /X{397516AE-7DFE-4F90-84E0-BD616D559434}
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero Express-->MsiExec.exe /X{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero RescueAgent-->MsiExec.exe /X{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}
Nokia Ovi Suite-->C:\ProgramData\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_PCS_Update.exe
Nokia Ovi Suite-->MsiExec.exe /X{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}
Nokia PC Suite-->C:\ProgramData\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ger.exe
Nokia PC Suite-->MsiExec.exe /I{19DC9559-9C20-4A46-A67D-7ECBA52A2788}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
Ovi Desktop Sync Engine-->MsiExec.exe /X{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}
OviMPlatform-->MsiExec.exe /I{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
PC Connectivity Solution-->MsiExec.exe /I{7397EDED-F38A-4654-B669-BF61065803D0}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.1-->MsiExec.exe /X{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
RICOH R5C83x/84x Media Driver x86 Ver.3.34.03-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x7 anything
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung SCX-5x15 Series - TWAIN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97070C44-7B20-4AB6-8770-A1ABE370F63B}\Setup.exe" -l0x7
Samsung SCX-5x15 Series PCL 6-->C:\Program Files\SAMSUNG\Samsung SCX-5x15 Series PCL 6\Install\Setup.exe /R
Samsung Universal Print Driver-->C:\Program Files\Samsung\Samsung Universal Print Driver\Install\Setup.exe /R
ScanSoft PaperPort 11-->MsiExec.exe /I{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmarThru-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CE06390-46D0-11D6-8578-006008CA5356}\Setup.exe" -l0x7 uninstall -l0007
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: CaspianEurop-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 159553
Source Name: Service Control Manager
Time Written: 20100803174713.000000-000
Event Type: Informationen
User:
Computer Name: CaspianEurop-PC
Event Code: 3004
Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.
Weitere Informationen finden Sie im Folgenden:
Nicht zutreffend
Scan-ID: {40060143-8FCF-4904-AF2A-471A3DEEF327}
Benutzer: CaspianEurop-PC\Caspian Europe GmbH
Name: Unknown
ID:
Schweregrad-ID:
Kategorie-ID:
Gefundener Pfad: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware;runonce:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware;file:C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Warnungsart: Nicht klassifizierte Software
Feststellungstyp:
Record Number: 159554
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175140.000000-000
Event Type: Warnung
User:
Computer Name: CaspianEurop-PC
Event Code: 3005
Message: Zum Schutz dieses Computers vor Spyware und möglicherweise unerwünschter Software wurden vom Windows-Defender-Echtzeitschutz-Agent Maßnahmen ergriffen.
Weitere Informationen finden Sie hier:
Nicht zutreffend
Scan-ID: {40060143-8FCF-4904-AF2A-471A3DEEF327}
Benutzer: CaspianEurop-PC\Caspian Europe GmbH
Name: Unknown
ID:
Schweregrad-ID:
Kategorie-ID:
Warnungsart: Nicht klassifizierte Software
Aktion: Ignorieren
Record Number: 159555
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175140.000000-000
Event Type: Informationen
User:
Computer Name: CaspianEurop-PC
Event Code: 3004
Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.
Weitere Informationen finden Sie im Folgenden:
Nicht zutreffend
Scan-ID: {D4CB7833-6827-4F5A-B4E0-6898DDD6314C}
Benutzer: CaspianEurop-PC\Caspian Europe GmbH
Name: Unknown
ID:
Schweregrad-ID:
Kategorie-ID:
Gefundener Pfad: driver:MBAMSwissArmy;file:C:\Windows\system32\drivers\mbamswissarmy.sys
Warnungsart: Nicht klassifizierte Software
Feststellungstyp:
Record Number: 159556
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175248.000000-000
Event Type: Warnung
User:
Computer Name: CaspianEurop-PC
Event Code: 3005
Message: Zum Schutz dieses Computers vor Spyware und möglicherweise unerwünschter Software wurden vom Windows-Defender-Echtzeitschutz-Agent Maßnahmen ergriffen.
Weitere Informationen finden Sie hier:
Nicht zutreffend
Scan-ID: {D4CB7833-6827-4F5A-B4E0-6898DDD6314C}
Benutzer: CaspianEurop-PC\Caspian Europe GmbH
Name: Unknown
ID:
Schweregrad-ID:
Kategorie-ID:
Warnungsart: Nicht klassifizierte Software
Aktion: Ignorieren
Record Number: 159557
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100803175253.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: CaspianEurop-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 227734
Source Name: SecurityCenter
Time Written: 20100803173308.000000-000
Event Type: Informationen
User:
Computer Name: CaspianEurop-PC
Event Code: 1
Message: 03/08/2010 19:34:32 (OviSuite) - INFO - AO Action: Id = 9 Oper = Assign Result = 0 Classname = CAODynSwUpdate Resource = CAODynSwUpdate Content = {645dc909-b71d-4cd2-b515-8643dfb21601} Queue = 6
Record Number: 227735
Source Name: OviSuite
Time Written: 20100803173432.000000-000
Event Type: Informationen
User:
Computer Name: CaspianEurop-PC
Event Code: 1
Message: 03/08/2010 19:34:32 (OviSuite) - INFO - AO Action: Id = 9 Oper = Start Result = 0 Classname = CAODynSwUpdate Resource = CAODynSwUpdate Content = {645dc909-b71d-4cd2-b515-8643dfb21601} Queue = 6
Record Number: 227736
Source Name: OviSuite
Time Written: 20100803173432.000000-000
Event Type: Informationen
User:
Computer Name: CaspianEurop-PC
Event Code: 4609
Message: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80010105 von Zeile 202 von d:\vistasp1_gdr\com\complus\src\events\tier2\service.cpp. Wenden Sie sich an den Microsoft-Produktsupport.
Record Number: 227737
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100803173432.000000-000
Event Type: Fehler
User:
Computer Name: CaspianEurop-PC
Event Code: 1
Message: 03/08/2010 19:34:32 (OviSuite) - INFO - AO Action: Id = 9 Oper = Finish Result = 0 Classname = CAODynSwUpdate Resource = CAODynSwUpdate Content = {645dc909-b71d-4cd2-b515-8643dfb21601} Queue = 6
Record Number: 227738
Source Name: OviSuite
Time Written: 20100803173432.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 51823
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.531187-000
Event Type: Überwachung gescheitert
User:
Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 51824
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.568187-000
Event Type: Überwachung gescheitert
User:
Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 51825
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.603187-000
Event Type: Überwachung gescheitert
User:
Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 51826
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.640187-000
Event Type: Überwachung gescheitert
User:
Computer Name: CaspianEurop-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 51827
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100803180512.695187-000
Event Type: Überwachung gescheitert
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment
-----------------EOF-----------------
MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Business Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Vostro 1700 Logical Drives Mask: 0x0000001c Kernel Drivers (total 175): 0x82233000 \SystemRoot\system32\ntkrnlpa.exe 0x82200000 \SystemRoot\system32\hal.dll 0x80407000 \SystemRoot\system32\kdcom.dll 0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8046F000 \SystemRoot\system32\PSHED.dll 0x80480000 \SystemRoot\system32\BOOTVID.dll 0x80488000 \SystemRoot\system32\CLFS.SYS 0x804C9000 \SystemRoot\system32\CI.dll 0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80698000 \SystemRoot\system32\drivers\acpi.sys 0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys 0x806EF000 \SystemRoot\system32\drivers\pci.sys 0x80716000 \SystemRoot\System32\drivers\partmgr.sys 0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80732000 \SystemRoot\system32\drivers\volmgr.sys 0x80741000 \SystemRoot\System32\drivers\volmgrx.sys 0x8078B000 \SystemRoot\system32\drivers\intelide.sys 0x80792000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x807A0000 \SystemRoot\System32\drivers\mountmgr.sys 0x807B0000 \SystemRoot\system32\drivers\atapi.sys 0x807B8000 \SystemRoot\system32\drivers\ataport.SYS 0x807D6000 \SystemRoot\system32\drivers\msahci.sys 0x805A9000 \SystemRoot\system32\drivers\fltmgr.sys 0x807E0000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B60B000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B67C000 \SystemRoot\system32\drivers\ndis.sys 0x8B787000 \SystemRoot\system32\drivers\msrpc.sys 0x8B7B2000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B803000 \SystemRoot\System32\drivers\tcpip.sys 0x8B8EC000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B907000 \SystemRoot\system32\DRIVERS\timntr.sys 0x8BA04000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BB13000 \SystemRoot\system32\drivers\volsnap.sys 0x8BC04000 \SystemRoot\system32\DRIVERS\tdrpm140.sys 0x8BCF0000 \SystemRoot\System32\Drivers\spldr.sys 0x8BCF8000 \SystemRoot\system32\DRIVERS\snman380.sys 0x8BD18000 \SystemRoot\System32\Drivers\mup.sys 0x8BD27000 \SystemRoot\System32\drivers\ecache.sys 0x8BD4E000 \SystemRoot\system32\drivers\disk.sys 0x8BD5F000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8BD80000 \SystemRoot\system32\drivers\crcdisk.sys 0x8BDAB000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8BDB6000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8BDBF000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x9000B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x906D4000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x90773000 \SystemRoot\System32\drivers\watchdog.sys 0x90780000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x9078B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x907C9000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x907D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90809000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x90A32000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x90A42000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x90A52000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x90A60000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x90A7A000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x90A89000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x90A9D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x90AEE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x90B01000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x90B2D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90B38000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90B43000 \SystemRoot\System32\Drivers\AnyDVD.sys 0x90B5C000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90B74000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x90B7A000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x90B7E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x90B87000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x90BB5000 \SystemRoot\system32\DRIVERS\storport.sys 0x907EA000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8BDCE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x907F5000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8BB4C000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8BDE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8BB6F000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8BB83000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x90C06000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0x90C8F000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90C9F000 \SystemRoot\system32\DRIVERS\swenum.sys 0x90CA1000 \SystemRoot\system32\DRIVERS\ks.sys 0x90CCB000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x90CD5000 \SystemRoot\system32\DRIVERS\umbus.sys 0x90CE2000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x90D16000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90D27000 \SystemRoot\system32\drivers\stwrt.sys 0x90D7A000 \SystemRoot\system32\drivers\portcls.sys 0x90DA7000 \SystemRoot\system32\drivers\drmk.sys 0x8BB98000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x90E0D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x90F10000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x90FC4000 \SystemRoot\system32\drivers\modem.sys 0x90FD1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90FDA000 \SystemRoot\System32\Drivers\Null.SYS 0x90FE1000 \SystemRoot\System32\Drivers\Beep.SYS 0x90FF1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90E00000 \SystemRoot\System32\drivers\vga.sys 0x90DCC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90FE8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90FF8000 \SystemRoot\system32\drivers\rdpencdd.sys 0x90DED000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8BBD5000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90BF6000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8BBE3000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B98A000 \SystemRoot\system32\DRIVERS\smb.sys 0x8B99E000 \SystemRoot\system32\drivers\afd.sys 0x91003000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91035000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9104B000 \SystemRoot\system32\DRIVERS\netbios.sys 0x91059000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9106C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x91072000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x910AE000 \SystemRoot\system32\drivers\nsiproxy.sys 0x910B8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys 0x910BD000 \SystemRoot\system32\drivers\csc.sys 0x91117000 \SystemRoot\System32\Drivers\dfsc.sys 0x9112E000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x9114A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x9114C000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91159000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x91164000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x97CB0000 \SystemRoot\System32\win32k.sys 0x9116E000 \SystemRoot\System32\drivers\Dxapi.sys 0x91178000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9118F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x91191000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys 0x911CB000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys 0x911CD000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x9B40B000 \SystemRoot\System32\Drivers\bthport.sys 0x9B445000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x9B456000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x9B460000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x9B47A000 \SystemRoot\system32\DRIVERS\bthmodem.sys 0x9B488000 \SystemRoot\system32\drivers\btwavdt.sys 0x9B4EE000 \SystemRoot\system32\drivers\btwaudio.sys 0x9B569000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x9B56C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x9B57C000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9B585000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x9B58F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9B598000 \SystemRoot\system32\drivers\usbaudio.sys 0x9B5AA000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9B5B2000 \SystemRoot\system32\DRIVERS\monitor.sys 0x97ED0000 \SystemRoot\System32\TSDDD.dll 0x97EF0000 \SystemRoot\System32\cdd.dll 0x9B5C1000 \SystemRoot\system32\drivers\luafv.sys 0x9B5DC000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x9B5F0000 \SystemRoot\system32\DRIVERS\tifsfilt.sys 0x9D00F000 \SystemRoot\system32\drivers\spsys.sys 0x9D0BE000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9D0CE000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9D0F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9D102000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9D115000 \SystemRoot\system32\drivers\HTTP.sys 0x9D180000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D19D000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9D1B6000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9D1CB000 \SystemRoot\system32\drivers\mrxdav.sys 0x911D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9F40B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9F444000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9F45C000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9F483000 \SystemRoot\System32\DRIVERS\srv.sys 0x9F4F6000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9F51E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9F522000 \SystemRoot\system32\drivers\peauth.sys 0x9F400000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9F4CF000 \??\C:\Windows\system32\Drivers\SSPORT.sys 0x9F4D6000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9F4E2000 \SystemRoot\system32\DRIVERS\xaudio.sys 0x8BD89000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77280000 \Windows\System32\ntdll.dll Processes (total 92): 0 System Idle Process 4 System 640 C:\Windows\System32\smss.exe 708 csrss.exe 776 C:\Windows\System32\wininit.exe 788 csrss.exe 820 C:\Windows\System32\services.exe 832 C:\Windows\System32\lsass.exe 840 C:\Windows\System32\lsm.exe 996 C:\Windows\System32\svchost.exe 1076 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1164 C:\Windows\System32\svchost.exe 1188 C:\Windows\System32\svchost.exe 1212 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\winlogon.exe 1336 C:\Windows\System32\audiodg.exe 1372 C:\Windows\System32\SLsvc.exe 1412 C:\Windows\System32\svchost.exe 1564 C:\Windows\System32\svchost.exe 1736 C:\Windows\System32\wlanext.exe 1868 C:\Windows\System32\taskeng.exe 1876 C:\Windows\System32\spoolsv.exe 1928 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1948 C:\Windows\System32\svchost.exe 628 C:\Windows\System32\svchost.exe 768 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe 1560 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1572 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1968 C:\Program Files\Bonjour\mDNSResponder.exe 556 C:\Windows\System32\svchost.exe 1508 C:\Program Files\Cobian Backup 9\cbService.exe 2100 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 2312 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 2480 C:\Windows\System32\svchost.exe 2512 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2568 C:\Windows\System32\stacsv.exe 2640 C:\Windows\System32\svchost.exe 2676 C:\Windows\System32\svchost.exe 2728 C:\Windows\System32\SearchIndexer.exe 2776 C:\Windows\System32\drivers\XAudio.exe 2968 C:\Windows\System32\svchost.exe 3544 C:\Windows\System32\taskeng.exe 3648 C:\Windows\System32\dwm.exe 3724 C:\Windows\explorer.exe 3864 C:\Windows\servicing\TrustedInstaller.exe 2432 C:\Program Files\Windows Defender\MSASCui.exe 2068 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe 2424 C:\Windows\OEM02Mon.exe 2656 C:\Windows\System32\rundll32.exe 2784 C:\Windows\System32\rundll32.exe 2668 C:\Windows\System32\rundll32.exe 2956 WmiPrvSE.exe 476 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe 2868 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe 3164 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe 3256 C:\Program Files\DellTPad\Apoint.exe 3484 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 1716 C:\Program Files\DellTPad\ApMsgFwd.exe 1784 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe 1768 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 2448 C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2116 C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe 3612 C:\Program Files\Cobian Backup 9\cbInterface.exe 1596 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3300 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3444 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe 3012 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe 3268 C:\Program Files\Windows Sidebar\sidebar.exe 4056 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe 1752 C:\Program Files\Google\Google Talk\googletalk.exe 3516 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe 4012 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 2468 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2540 C:\Program Files\WinZip\WZQKPICK.EXE 4132 C:\Program Files\DellTPad\hidfind.exe 4148 C:\Program Files\OpenOffice.org 3\program\soffice.exe 4160 C:\Program Files\DellTPad\ApntEx.exe 4236 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe 4292 C:\Program Files\OpenOffice.org 3\program\soffice.bin 4348 C:\Program Files\Brother\Brmfcmon\BrMfimon.exe 4780 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe 5768 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 5836 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe 5848 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 5876 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 2584 C:\Users\CASPIA~1\AppData\Local\Temp\TeamViewer\Version5\TeamViewer.exe 5464 WmiPrvSE.exe 5704 C:\Windows\System32\conime.exe 4648 C:\Windows\System32\SearchProtocolHost.exe 4908 C:\Windows\System32\SearchFilterHost.exe 4940 C:\Users\Caspian Europe GmbH\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87265000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`075a9e00 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG000D Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)! SHA1: B54B3AC0ADE4B8ABBDCB812292C74DAA2C204010 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
|
03.08.2010, 19:26
| #2 |
| /// Selecta Jahrusso   | Schlachtenmusik-Virus Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Lösche bitte die vorhandenen MBRCheck.txt. Starte bitte MBRCheck.exe erneut. Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter bei
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop. Poste mir den Inhalt von beiden .txt Dokumenten
__________________ |
|
04.08.2010, 19:29
| #3 |
| | Schlachtenmusik-Virus Hallo,
__________________Danke! Es ist mir nicht gelungen, mit mbrCheck den schadhaften MBR zu fixen, aber dann mit Bootkit Remover. (Vorgegangen bin ich wie im Thread 89098-whistler-black-internet-mbr-code-laesst-sich-nicht-aendern.html) Malwarebytes hat dann 14 Viren beseitigt. Die Oldtimer-Logs deuten noch auf Alternate DataStreams hin und GMER ist beim Scannen mit einem blauen Stop-Fehler abgestürzt. Ich poste Euch die Logfiles, vielleicht können wir den Laptop noch weiter bereinigen! Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4386 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 04.08.2010 19:58:31 mbam-log-2010-08-04 (19-58-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 247145 Laufzeit: 1 Stunde(n), 19 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully. C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7e73858d-20247ee8 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\641a18a9-5655bcb4 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7095766b-443a80f4 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\4c6d1371-7273874b (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Users\Caspian Europe GmbH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\36770cf5-1fba15f4 (Trojan.Dropper) -> Quarantined and deleted successfully. Oldtimer - OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.08.2010 20:06:05 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = G:\tdss.d Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,28 Gb Total Space | 150,43 Gb Free Space | 68,29% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 3,73 Gb Free Space | 37,29% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 7,47 Gb Total Space | 1,66 Gb Free Space | 22,22% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CASPIANEUROP-PC Current User Name: Caspian Europe GmbH Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - G:\tdss.d\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Program Files\Cobian Backup 9\cbService.exe (Luis Cobian) PRC - C:\Program Files\Cobian Backup 9\cbInterface.exe (Luis Cobian) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe (Samsung Electronics Co., Ltd., Samsung Software Center.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) ========== Modules (SafeList) ========== MOD - G:\tdss.d\OTL.exe (OldTimer Tools) MOD - C:\Program Files\SlySoft\AnyDVD\ADvdDiscHlp.dll (SlySoft, Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV - (CobianBackupAmanita) -- C:\Program Files\Cobian Backup 9\cbService.exe (Luis Cobian) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (DFUBTUSB) -- C:\Windows\System32\Drivers\frmupgr.sys File not found DRV - (catchme) -- C:\Users\CASPIA~1\AppData\Local\Temp\catchme.sys File not found DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140) -- C:\Windows\system32\DRIVERS\tdrpm140.sys (Acronis) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (snapman380) Acronis Snapshots Manager (Build 380) -- C:\Windows\system32\DRIVERS\snman380.sys (Acronis) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (AX88772) -- C:\Windows\System32\drivers\ax88772.sys (ASIX Electronics Corp.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.05 09:04:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.26 08:09:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 13:52:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.30 08:39:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.17 09:55:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.05 09:04:05 | 000,000,000 | ---D | M] [2009.09.24 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Extensions [2010.08.04 17:38:25 | 000,000,000 | ---D | M] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions [2009.12.13 16:00:54 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.04.27 09:59:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.08 11:48:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.11 18:06:47 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.11 18:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caspian Europe GmbH\AppData\Roaming\mozilla\Firefox\Profiles\6ykl0h5l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.22 11:50:34 | 000,000,687 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Mozilla\FireFox\Profiles\6ykl0h5l.default\searchplugins\ask.xml [2010.07.11 18:07:29 | 000,000,873 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Mozilla\FireFox\Profiles\6ykl0h5l.default\searchplugins\conduit.xml [2009.12.13 16:01:01 | 000,001,201 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Mozilla\FireFox\Profiles\6ykl0h5l.default\searchplugins\winamp-search.xml [2010.08.04 16:42:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.06.07 07:53:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.09.25 11:38:23 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2010.07.30 08:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2009.09.25 11:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Cobian Backup 9 interface] C:\Program Files\Cobian Backup 9\cbInterface.exe (Luis Cobian) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [GW Port Controller] C:\Program Files\SAMSUNG\SmarThru\Portctrl.exe (Samsung Electronics Co., Ltd., Samsung Software Center.) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - Startup: C:\Users\Caspian Europe GmbH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.04 18:21:05 | 000,081,920 | ---- | C] (eSage Lab) -- C:\Windows\System32\remover.exe [2010.08.03 20:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.08.03 20:05:03 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.03 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\Desktop\musikvirus [2010.08.03 19:51:44 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\Malwarebytes [2010.08.03 19:51:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.03 19:51:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.03 19:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.08.03 19:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.03 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.08.03 19:24:29 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.08.03 19:23:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.08.03 19:16:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.08.03 19:16:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.08.03 19:16:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.08.03 19:16:07 | 000,000,000 | ---D | C] -- C:\C7o6m5b4oFix [2010.08.03 19:15:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.08.03 19:14:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.03 19:03:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.08.03 09:21:10 | 001,581,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\showmypc.exe [2010.07.30 08:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.07.30 08:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010.07.30 08:39:32 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.07.30 08:39:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.07.30 08:39:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.07.30 08:39:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.07.11 18:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB [2010.07.11 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.11 18:04:23 | 000,000,000 | ---D | C] -- C:\Users\Caspian Europe GmbH\Documents\DVDVideoSoft [2010.07.11 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2010.07.11 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2010.07.11 18:02:22 | 018,014,460 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe ========== Files - Modified Within 30 Days ========== [2010.08.04 20:08:05 | 002,883,584 | -HS- | M] () -- C:\Users\Caspian Europe GmbH\ntuser.dat [2010.08.04 20:03:11 | 000,094,443 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\nvModes.dat [2010.08.04 20:03:11 | 000,094,443 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\nvModes.001 [2010.08.04 20:01:51 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.04 20:00:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 20:00:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.04 20:00:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.04 20:00:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.04 20:00:27 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 19:59:37 | 000,524,288 | -HS- | M] () -- C:\Users\Caspian Europe GmbH\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms [2010.08.04 19:59:37 | 000,065,536 | -HS- | M] () -- C:\Users\Caspian Europe GmbH\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf [2010.08.04 19:59:26 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.04 19:59:22 | 004,220,810 | -H-- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Local\IconCache.db [2010.08.04 19:18:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.04 17:11:25 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.04 17:11:25 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.04 17:11:25 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.04 17:11:25 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.04 17:11:25 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.04 07:48:42 | 000,023,040 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.03 19:51:38 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 19:45:39 | 000,000,674 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\ERUNT.lnk [2010.08.03 19:40:35 | 000,000,764 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\CCleaner.lnk [2010.08.03 19:22:37 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.08.03 18:14:22 | 002,128,832 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\teamviewer.exe [2010.08.03 13:47:42 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.08.03 09:21:14 | 001,581,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\showmypc.exe [2010.08.02 21:59:34 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.07.21 19:50:20 | 000,081,920 | ---- | M] (eSage Lab) -- C:\Windows\System32\remover.exe [2010.07.17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.07.17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.07.17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.07.11 18:06:45 | 000,000,992 | ---- | M] () -- C:\Users\Caspian Europe GmbH\Desktop\DVDVideoSoft Free Studio.lnk [2010.07.11 18:03:53 | 018,014,460 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe [2010.07.05 23:07:42 | 000,000,173 | ---- | M] () -- C:\Users\Caspian Europe GmbH\AppData\Roaming\default.rss [2010.07.05 23:07:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini ========== Files Created - No Company Name ========== [2010.08.03 19:51:38 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 19:45:39 | 000,000,674 | ---- | C] () -- C:\Users\Caspian Europe GmbH\Desktop\ERUNT.lnk [2010.08.03 19:16:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.03 19:16:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.03 19:16:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.03 19:16:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.03 19:16:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.03 18:14:18 | 002,128,832 | ---- | C] () -- C:\Users\Caspian Europe GmbH\Desktop\teamviewer.exe [2010.07.11 18:04:24 | 000,000,992 | ---- | C] () -- C:\Users\Caspian Europe GmbH\Desktop\DVDVideoSoft Free Studio.lnk [2010.01.26 20:44:50 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.10.09 18:39:27 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.09.25 12:47:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.09.25 12:34:52 | 000,000,070 | ---- | C] () -- C:\Windows\fine.ini [2009.09.25 10:20:49 | 000,000,117 | ---- | C] () -- C:\Windows\groupwar.ini [2009.09.25 10:20:41 | 000,007,889 | ---- | C] () -- C:\Windows\System32\ssUsbW2k.dll [2009.09.25 10:09:40 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l3.dll [2009.09.25 10:09:37 | 000,339,968 | ---- | C] () -- C:\Windows\System32\DscPnt1.dll [2009.09.25 10:09:37 | 000,233,472 | ---- | C] () -- C:\Windows\System32\DscPnt0.dll [2009.09.25 10:09:37 | 000,229,376 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2009.09.24 17:23:07 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2009.09.24 17:22:03 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini [2009.09.24 16:15:29 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini [2009.09.24 16:01:58 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.24 15:43:06 | 000,000,754 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009.09.24 15:43:06 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2009.09.24 15:40:55 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009.09.24 15:40:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.09.24 15:38:13 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2009.09.24 15:29:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2009.09.24 15:29:15 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2009.09.24 13:06:31 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.07.25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Caspian Europe GmbH\Documents\MumboJumbo:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Caspian Europe GmbH\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Caspian Europe GmbH\Documents\Azureus Downloads:Roxio EMC Stream < End of report > Oldtimer - Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.08.2010 20:06:05 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = G:\tdss.d
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 150,43 Gb Free Space | 68,29% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,73 Gb Free Space | 37,29% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 7,47 Gb Total Space | 1,66 Gb Free Space | 22,22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CASPIANEUROP-PC
Current User Name: Caspian Europe GmbH
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-310542224-2537145970-2728054387-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136E3373-EBEC-40C3-9D97-D3A2CD0D85C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CAAE25AF-6B5A-4FBE-8A31-3B9384399E32}" = lport=54925 | protocol=17 | dir=in | name=brother network scanner |
"{F5DFE7ED-F6EE-4A1E-A25C-F3CF217E3DC7}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D2959-2964-40BC-91AA-E0A7410BB34A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0196120D-6FEE-4950-97B8-2D82605B9D69}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0262F649-A9CC-41B1-912A-1C52084F92B5}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{05070CD7-F3BE-491F-974F-9C3CB1DB770B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DA80A52-C98E-4CC5-9ABC-6895F9728FEB}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{10C45136-F4E7-4435-8C6F-1E7B22E9A2A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12D15F74-C93C-4BD3-B8B1-5D1926B31BE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14B75B1D-AB10-47D1-8D49-817819F7F76C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{151D94BC-5842-4F14-888C-8D76DE7E7943}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{164A4195-3B02-4777-AB3D-FF5DA86CC4A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C244CB0-C9B5-4151-835E-C3777C17F2C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{223C37C7-9D92-48B9-B0FA-E2CEB9AF87B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2630D4D8-D799-43FB-BDA1-E4580A456911}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{26E648D0-6A68-4D31-B01B-9B0C0B42F808}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{289E2CA0-F8EB-4ADA-8E9E-46935CA4B18E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A3A1D9C-E4D2-4107-8297-D4FAA6017E22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AEBD067-ED5D-495B-A224-50012F1A0920}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C6F8AA3-596E-45B6-8BBD-3C08DA660D90}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FB2C4CC-4326-424B-B725-B58A8F51D816}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30F351F3-B5D6-4ECE-BD5A-F4C86721342B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37ACC131-E470-42E0-A8C7-22020C36D0E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B139006-1D51-4CA5-89B4-23EB2AB62803}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BA37290-C786-457B-9A43-860235BB8A50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E39BA18-673A-4147-8936-08A380E9D557}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4078888E-0E49-4D39-A109-61BF4D078903}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4805E05E-9022-4F09-B9B6-7A146F02413F}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08i\faxrx.exe |
"{487BA12C-33C0-476E-9308-A8FDC4C0E99F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B55F152-EF9B-4CFB-96B8-85F966883966}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{4B661907-F6D1-4893-A4DF-FB8FA4DBCFD8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4BBE552A-1E31-4AC1-8047-EA45BD0CD94E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C5642FC-0C15-4EC3-AF39-FEC3FC9284E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E3B6E92-CAB9-4AB6-9A5A-F93383DEEF57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E41B7FE-A340-4E09-8B26-96EBD6F99166}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F854DA3-0A63-4B0A-9624-61689B37E959}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5123BEBB-4278-489C-A416-0D8ECFCCFCDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51A7CB03-151A-4204-88CF-A9B35627F0D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59473429-FFDD-407A-8BE9-088BD999AB46}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AFD0350-FD09-46F2-AB85-A76E258360ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{629EF7D3-8C2C-4B84-8B56-7B159660969D}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08i\faxrx.exe |
"{62F80E02-FE99-4C43-8084-DBF5FDBE970A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{649A25DD-3C36-4E42-AA68-F21E7CF57A96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67FF99EB-9CB0-48FD-B89D-3BBF1EDBBB8C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{702B9545-D7A5-4CE6-865D-B57A5518565E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7082220B-0916-4A00-98EE-D2A3A2916BE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{71FEDEE0-287A-4038-8E7C-C7F5D584F89B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77C40B1F-CCD4-4771-A063-A011CFD03B6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D37D266-9453-4838-8C6B-AB90A4993D12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83F55D67-D193-45E5-9BCE-DF0E5F44DBA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8673906E-3C59-4AC0-8E2F-28A1F244C687}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{914E38DD-FE3D-42AD-87E4-26BA1D3F71D2}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{98409966-95E8-4073-B900-D4C531263809}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98BBB5AC-2A0B-4A21-90FA-92769299BBA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD184662-94A1-4F40-8ADE-FE470BDDDCAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0D56E97-3CFB-40E5-9AC5-4945BFF6BAAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B684E922-5BDB-4306-8B40-A04F92FFE93F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B68CCD09-E261-4A5E-A771-1E1A202AAE57}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B81BFF2C-CD67-488B-A971-EDB13E1B4938}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA3C6426-B345-40DE-B4DF-9B4BA70652C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BB58BBB6-98F6-4317-98B4-7DCE7461D6E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB9E3CC7-14E2-4062-80D0-756EE621416F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF63120F-5697-4295-9071-EECA6EBB61E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF84C37D-2CA3-4279-94E8-28C89E8D376F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFB8F6D1-649C-44DC-AC29-7A9CD17787E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C1686C25-AAAF-40DC-9FDC-BDED34A36C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1EC7065-613F-4B4C-8866-50802E6AD19A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{EC0A7762-339F-41C8-889B-F2F61C594C17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF7E3DB0-D3C0-40D9-9FB5-6E1C40DFA51B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F145F41F-306B-447D-BBD3-A4BE76C706A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F396A031-C842-482F-BACD-F526913566A8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F8832A68-DD1A-4F0A-8EA3-557791F30194}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8C6C317-9464-4BB1-9F5F-A62303EC9DAC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD59530F-3D91-4F00-9960-B82DEC802E5E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0CC25D45-2F5F-4A4D-B687-C2A37F6CF85B}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{2877F9AD-A43E-485E-BCFC-F23B07D66CF8}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{2C86AF2D-8164-4E2B-8843-ACF48CC096A5}C:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{399F9DE0-21D6-4494-A83C-98A251E183B7}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"TCP Query User{4EC9604F-5D95-4A29-9324-4076FFAC7ABA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{575555B3-52E8-4060-9FB5-DBC949E594AA}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
"TCP Query User{5882415A-5C7E-459E-B17E-97B21038CFD6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{5A38539E-1D6E-48BC-9116-D212E2C536E2}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D53D5512-EED6-4CE3-BB68-5E60D24B4A4E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{DD168C0D-3C18-4C48-B4BA-67CD9D5F2B48}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{52A9385A-D809-4C93-B47A-5C649BE3A086}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{66D8018E-F649-438B-BA8E-0AFCC79A9941}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
"UDP Query User{68FB11B6-44C1-400F-81E8-07FD8463F912}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6AE358DB-8177-4705-A1B1-1F28B8A98B96}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{7A1C9FC6-4FBF-4FE5-BEDB-9A06F5FEF5EB}C:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\caspian europe gmbh\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{A97DD2FD-56FE-48CB-AB37-32AE7261ED54}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B9520867-5D04-4846-9F3C-D1ADD0172FE0}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{BE692B43-2B77-414F-8DBF-E92C04D3E4A9}C:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\caspian europe gmbh\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"UDP Query User{C283CD73-F280-4F50-8CF6-DA99559EC5CF}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{E25D5CEF-E430-488F-9985-F75D61BFC1B2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004B8D14-7E3A-490A-ABB3-753535E169E3}" = Brother MFL-Pro Suite
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1CE06390-46D0-11D6-8578-006008CA5356}" = SmarThru
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4b29c6d9-ab37-4014-bd9b-e461180eb331}" = Nero 9
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver x86 Ver.3.34.03
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97070C44-7B20-4AB6-8770-A1ABE370F63B}" = Samsung SCX-5x15 Series - TWAIN
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D7E3B1A1-476D-4406-8EA5-443B3F811D75}" = Brother MFC-8880DN
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.31
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bengal Special" = Bengal Special
"BrainSpeeder" = BrainSpeeder 3.2.105
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CobBackup9" = Cobian Backup 9
"Creative OEM002" = Laptop Integrated Webcam Driver (1.00.10.0320)
"Die Wiege Roms" = Die Wiege Roms
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Samsung SCX-5x15 Series PCL 6" = Samsung SCX-5x15 Series PCL 6
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2010 14:00:41 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 19
Description =
Error - 04.08.2010 14:00:41 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 8193
Description =
Error - 04.08.2010 14:00:46 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4610
Description =
Error - 04.08.2010 14:00:46 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 19
Description =
Error - 04.08.2010 14:00:46 | Computer Name = CaspianEurop-PC | Source = VSS | ID = 8193
Description =
Error - 04.08.2010 14:01:51 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4609
Description =
Error - 04.08.2010 14:01:57 | Computer Name = CaspianEurop-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.08.2010 14:02:04 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4610
Description =
Error - 04.08.2010 14:02:45 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4609
Description =
Error - 04.08.2010 14:06:07 | Computer Name = CaspianEurop-PC | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 04.08.2010 14:01:51 | Computer Name = CaspianEurop-PC | Source = DCOM | ID = 10016
Description =
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 04.08.2010 14:01:59 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 04.08.2010 14:02:45 | Computer Name = CaspianEurop-PC | Source = DCOM | ID = 10016
Description =
Error - 04.08.2010 14:02:46 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 04.08.2010 14:06:07 | Computer Name = CaspianEurop-PC | Source = DCOM | ID = 10016
Description =
Error - 04.08.2010 14:06:08 | Computer Name = CaspianEurop-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Vielen Dank! |
|
04.08.2010, 20:06
| #4 |
| /// Selecta Jahrusso | Schlachtenmusik-Virus Willst Du weiterhin auf eigene Faust so Kleinigkeiten wie den MBR fixen oder haltest Du dich an meine Anweisungen ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
09.08.2010, 12:46
| #5 |
| /// Selecta Jahrusso | Schlachtenmusik-Virus Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PN an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere eröffnet bitte einen eigenen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Schlachtenmusik-Virus |
| .com, 32 bit, antivir, antivir guard, ask toolbar, askbar, avgntflt.sys, avira, bho, black, black internet, bonjour, browser, converter, desktop, device driver, drvstore, error, firefox, flash player, google, hdaudio.sys, hijack, hijackthis, install.exe, local\temp, maßnahme, mp3, msiexec.exe, nodrives, nvlddmkm.sys, object, pdfforge toolbar, plug-in, problem, programdata, rückgängig, security, sekunden, software, spyware, start menu, svchost.exe, system, usbvideo.sys, vista 32, vista 32 bit, whistler, windows-sicherheitscenterdienst |
Linear-Darstellung
