Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Alles o.k.? (https://www.trojaner-board.de/80311-alles-o-k.html)

TheChosenOne 12.12.2009 13:19
Alles o.k.?
 
Hi,
vor ein paar tagen hat sich windows defender gemeldet und einen trojaner angezeigt. Ich habe auf löschen gedrückt und seitdem kommt nichts mehr.
da ich aber auf nummer sicher gehen will habe poste ich hier nochmal mein hijack logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:08:29, on 12.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9138 bytes


und wie siehts aus?

mb pls sam

ps: wenn ihr weitere infos braucht sagts einfach und den namen der datei die der defender gemeldet hat habe ich nicht...
spybot und antivir haben nichts gefunden.

kira 12.12.2009 19:58
Hallo und Herzlich Willkommen! :)

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:
- Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Malwarebytes Anti-Malware

2.
- Lade dir RSIT - http://filepony.de/download-rsit/:
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool ccleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]
gruß
Coverflow

TheChosenOne 13.12.2009 19:08
Also hier ist das Zeug:

1.
Code:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3353
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.12.2009 18:52:10
mbam-log-2009-12-13 (18-52-10).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 266540
Laufzeit: 1 hour(s), 8 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Margotte (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\winsxs\Backup\x86_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_6.0.6002.18005_lt-lt_bf12ba06fdc0c65b_msimsg.dll.mui_72e8994f (Trojan.Dropper) -> Quarantined and deleted successfully.
2.
Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-12-13 18:59:21
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 6 GB (4%) free of 148 GB
Total RAM: 3066 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:32, on 13.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Samuel\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9079 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-08 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-08 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"AVMWlanClient"=C:\Program Files\avmwlanstick\wlangui.exe [2008-09-05 1794048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-05 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2004-08-29 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-09 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c192e5-bc99-11dd-bccb-001377a9ed96}]
shell\AutoRun\command - F:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{417d92d9-8314-11dd-9602-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ef0407-698d-11de-8991-93d595dcd58e}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-13 17:14:58 ----D---- C:\rsit
2009-12-13 17:14:22 ----D---- C:\Program Files\CCleaner
2009-12-13 17:09:41 ----D---- C:\Users\Samuel\AppData\Roaming\Malwarebytes
2009-12-13 17:09:34 ----D---- C:\ProgramData\Malwarebytes
2009-12-13 17:09:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 13:08:21 ----D---- C:\Program Files\Trend Micro
2009-12-12 13:05:22 ----D---- C:\Program Files\TrendMicro
2009-12-11 16:16:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-11 16:16:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-10 18:43:40 ----D---- C:\ProgramData\WindowsSearch
2009-12-10 09:29:41 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 09:29:39 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 19:42:08 ----D---- C:\Users\Samuel\AppData\Roaming\OpenOffice.org
2009-12-09 19:06:09 ----D---- C:\Program Files\JRE
2009-12-09 19:05:48 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaws.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaw.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\java.exe
2009-12-09 19:04:51 ----D---- C:\Program Files\Java
2009-12-09 12:44:20 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 12:44:20 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 12:44:19 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 12:44:18 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 12:44:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 12:43:46 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 12:34:37 ----A---- C:\Windows\system32\rastls.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\WrapDino.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxp5.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxmmx.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxam.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Odbctl32.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dmix.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dinoav.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Dino2d.dll
2009-12-06 17:55:00 ----D---- C:\Program Files\Driftwood
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Vb5db.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\MSVBVM50.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrepl35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrd2x35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjter35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjint35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjet35.dll
2009-11-30 16:45:07 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2009-11-29 21:20:11 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-29 20:42:11 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2009-11-26 17:00:34 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 17:29:37 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 17:29:36 ----A---- C:\Windows\system32\msxml3.dll
2009-11-18 18:36:26 ----D---- C:\Program Files\Windows Portable Devices
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\cdd.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\FntCache.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\DWrite.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d2d1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\dxgi.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d11.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-18 16:53:56 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-18 16:53:53 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-18 16:51:13 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\oleacc.dll

======List of files/folders modified in the last 1 months======

2009-12-13 18:59:23 ----D---- C:\Windows\Temp
2009-12-13 18:59:18 ----D---- C:\Windows\Prefetch
2009-12-13 18:53:32 ----D---- C:\Windows\system32\drivers
2009-12-13 18:53:32 ----D---- C:\Windows\Cursors
2009-12-13 18:47:47 ----SHD---- C:\System Volume Information
2009-12-13 17:14:22 ----RD---- C:\Program Files
2009-12-13 17:09:34 ----HD---- C:\ProgramData
2009-12-12 13:05:22 ----SHD---- C:\Windows\Installer
2009-12-12 13:05:22 ----SD---- C:\Users\Samuel\AppData\Roaming\Microsoft
2009-12-11 01:58:14 ----D---- C:\Windows
2009-12-10 23:08:04 ----D---- C:\Program Files\Mozilla Firefox
2009-12-10 22:35:59 ----D---- C:\Windows\system32\catroot2
2009-12-10 22:20:31 ----D---- C:\Windows\System32
2009-12-10 21:29:35 ----D---- C:\Windows\rescache
2009-12-10 21:24:39 ----D---- C:\Windows\winsxs
2009-12-10 21:14:30 ----D---- C:\Windows\system32\catroot
2009-12-10 21:11:34 ----D---- C:\Windows\system32\de-DE
2009-12-10 21:11:34 ----D---- C:\Program Files\Windows Mail
2009-12-10 18:18:53 ----D---- C:\Windows\Tasks
2009-12-10 18:15:52 ----D---- C:\Windows\system32\Tasks
2009-12-09 19:07:13 ----RSD---- C:\Windows\assembly
2009-12-09 19:06:28 ----RSD---- C:\Windows\Fonts
2009-12-09 19:04:56 ----A---- C:\Windows\system32\deploytk.dll
2009-12-07 18:45:16 ----D---- C:\Users\Samuel\AppData\Roaming\vlc
2009-12-06 17:55:27 ----D---- C:\Windows\inf
2009-12-06 17:55:27 ----D---- C:\Windows\Help
2009-12-06 17:55:23 ----HD---- C:\Program Files\Uninstall Information
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 21:24:15 ----D---- C:\Users\Samuel\AppData\Roaming\Skype
2009-11-29 21:08:21 ----D---- C:\Program Files\Electronic Arts
2009-11-29 16:25:34 ----D---- C:\Users\Samuel\AppData\Roaming\skypePM
2009-11-28 16:02:04 ----D---- C:\Windows\system32\WDI
2009-11-28 14:05:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-25 17:27:27 ----D---- C:\Windows\system32\LogFiles
2009-11-18 19:49:58 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-11-18 19:49:55 ----D---- C:\Program Files\DVDVideoSoft
2009-11-18 18:36:25 ----D---- C:\Windows\system32\wbem
2009-11-18 18:36:23 ----D---- C:\Windows\system32\zh-HK
2009-11-18 18:36:23 ----D---- C:\Windows\system32\uk-UA
2009-11-18 18:36:23 ----D---- C:\Windows\system32\tr-TR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\th-TH
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sv-SE
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sl-SI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-PT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-BR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pl-PL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\nl-NL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\ko-KR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\it-IT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hu-HU
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hr-HR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\he-IL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fr-FR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fi-FI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\es-ES
2009-11-18 18:36:23 ----D---- C:\Windows\system32\el-GR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\bg-BG
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-TW
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-CN
2009-11-18 18:36:22 ----D---- C:\Windows\system32\sk-SK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ru-RU
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ro-RO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\nb-NO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lv-LV
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lt-LT
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ja-JP
2009-11-18 18:36:22 ----D---- C:\Windows\system32\et-EE
2009-11-18 18:36:22 ----D---- C:\Windows\system32\en-US
2009-11-18 18:36:22 ----D---- C:\Windows\system32\da-DK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\cs-CZ
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ar-SA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-29 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 MxlW2k;MxlW2k; C:\Windows\system32\drivers\MxlW2k.sys [2009-07-24 28352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-08 7522624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-04-05 242560]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-09 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-05 132424]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2008-09-05 364544]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 819200]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-08 196608]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2006-10-17 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------
3.
Code:
info.txt logfile of random's system information tool 1.06 2009-12-13 17:15:20

======Uninstall list======

2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Elements-->C:\WINDOWS\ISUN0407.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe SVG Viewer-->C:\Windows\IsUn0407.exe -f"C:\Windows\System32\Adobe\SVG Viewer\Uninst.isu"
Advanced Wheel Mouse 6.0.0.001-->C:\MSI\ADVANC~1\uninst.exe
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Artus-->C:\program files\ARTUS\unwise.exe
Ashampoo WinOptimizer 4 FREE-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe"
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9
Aufstieg des Hexenkönigs™-->C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\EAUninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AVM FRITZ!WLAN-->C:\Program Files\avmwlanstick\instwcli.exe -d1
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bigfoot Networks LagMeter-->C:\Program Files\Bigfoot Networks\LagMeter\uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Business Contact Manager für Outlook 2007-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {4cb9f93c-9edc-4be9-ae61-af128ddbecfa}
Business Contact Manager für Outlook 2007-->MsiExec.exe /X{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cossacks - The Art Of War-->C:\Windows\unasetup.exe
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe"  -uninstall
Die Schlacht um Mittelerde™ II-->C:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
Die Sims™ Lebensgeschichten-->C:\Program Files\Electronic Arts\Die Sims Lebensgeschichten\EAUninstall.exe
Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9  -removeonly
Easy Network Manager 3.0-->C:\Program Files\InstallShield Installation Information\{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}\setup.exe -runfromtemp -l0x0407
Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Fraps-->"C:\Fraps\uninstall.exe"
Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe"
Freez FLV to MP3 Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Gaming Mouse-->"C:\Program Files\MSI\Gaming Mouse\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB945282)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946040)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946308)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946344)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947540)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947789)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB948127)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB951708)-->C:\Windows\system32\msiexec.exe /package {8F714418-F3C3-3BF0-B548-E4BDA7AD41DE} /uninstall  /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
imagine digital freedom - Samsung-->MsiExec.exe /X{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Kabale-->C:\Program Files\Driftwood\Kabale\UNWISE.EXE C:\Program Files\Driftwood\Kabale\INSTALL.LOG
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe"  -uninstall
LightScribe System Software  1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AutoRoute 2002-->MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40407-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Small Basic v0.5.1-->MsiExec.exe /I{6CC02A6E-782C-4F3B-BBA9-32FE7D186091}
Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)-->MsiExec.exe /I{FA440BE8-EC2F-4478-A01A-077DA0606501}
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)-->MsiExec.exe /X{738B0934-6676-44F6-AB52-32F4E60DCA7F}
Microsoft SQL Server Native Client-->MsiExec.exe /I{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - DEU\setup.exe
Microsoft Visual Basic 2008 Express Edition with SP1 - DEU-->MsiExec.exe /X{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu-->MsiExec.exe /X{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Word 2002-->MsiExec.exe /I{911B0407-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 -->MsiExec.exe /I{EDDDC607-91D9-4758-9F57-265FDCD8A772}
Microsoft Works Suite-Add-Ins für Microsoft Word-->MsiExec.exe /I{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}
MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
MobMap 3.03-->"C:\Program Files\MobMapUpdater\unins000.exe"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x7  -uninst
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}
Play AVStation-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{955597D8-E5E1-474D-B647-60AC44566D24} /l1031
PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x7
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe"  -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
Quest Creator - SHAREWARE-->C:\Program Files\DatawareGames\Quest Creator Demo\Uninstal.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
RPG Maker VX-->"C:\Program Files\Enterbrain\RPGVX\unins000.exe"
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0007 -removeonly
Samsung Update Plus-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1031
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 4.0 beta 2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe

======Security center information======

AS: Spybot - Search and Destroy
AS: Windows Defender

======System event log======

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_62_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58363
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User:

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_61_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58362
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User:

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_60_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58361
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User:

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_59_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58360
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User:

Computer Name: Samuel-PC
Event Code: 4373
Message: Windows-Wartung hat das Paket Package_58_for_KB942288~31bf3856ad364e35~x86~~6.0.2.0() erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 58359
Source Name: Microsoft-Windows-Servicing
Time Written: 20090521114405.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: Samuel-PC
Event Code: 0
Message:
Record Number: 1320
Source Name: EvtEng
Time Written: 20081025102358.000000-000
Event Type: Informationen
User:

Computer Name: Samuel-PC
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1319
Source Name: Microsoft-Windows-EventSystem
Time Written: 20081025102355.000000-000
Event Type: Informationen
User:

Computer Name: Samuel-PC
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet. 


Record Number: 1318
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081025102354.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-E7UK0XVPQ00
Event Code: 17147
Message: SQL Server wird beendet, weil das System heruntergefahren wird. Diese Meldung dient nur zu Informationszwecken. Es ist keine Benutzeraktion erforderlich.
Record Number: 1317
Source Name: MSSQL$MSSMLBIZ
Time Written: 20080915120259.000000-000
Event Type: Informationen
User:

Computer Name: WIN-E7UK0XVPQ00
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 1316
Source Name: Microsoft-Windows-Search
Time Written: 20080915120256.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: WIN-E7UK0XVPQ00
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7

Berechtigungen:                SeAssignPrimaryTokenPrivilege
                        SeTcbPrivilege
                        SeSecurityPrivilege
                        SeTakeOwnershipPrivilege
                        SeLoadDriverPrivilege
                        SeBackupPrivilege
                        SeRestorePrivilege
                        SeDebugPrivilege
                        SeAuditPrivilege
                        SeSystemEnvironmentPrivilege
                        SeImpersonatePrivilege
Record Number: 739
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080915120258.040600-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-E7UK0XVPQ00
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                WIN-E7UK0XVPQ00$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7

Anmeldetyp:                        5

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x254
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Arbeitsstationsname:       
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                Advapi 
        Authentifizierungspaket:        Negotiate
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080915120258.040600-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-E7UK0XVPQ00
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                WIN-E7UK0XVPQ00$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Zielserver:
        Zielservername:        localhost
        Weitere Informationen:        localhost

Prozessinformationen:
        Prozess-ID:                0x254
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Netzwerkadresse:        -
        Port:                        -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 737
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080915120258.040600-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-E7UK0XVPQ00
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 736
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080915120259.319800-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-E7UK0XVPQ00
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
        Sicherheits- ID:        S-1-5-21-1790825414-3180962164-626069228-500
        Kontoname:        Administrator
        Domänenname:        WIN-E7UK0XVPQ00
        Logon-ID:        0x2843b
Record Number: 735
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080915120252.315400-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"devmgr_show_nonpresent_devices"=1
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------
und (siehe 2.ter Teil)

TheChosenOne 13.12.2009 19:08
2.ter Teil:

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-12-13 18:59:21
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 6 GB (4%) free of 148 GB
Total RAM: 3066 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:32, on 13.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Samuel\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9079 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-08 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-08 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"AVMWlanClient"=C:\Program Files\avmwlanstick\wlangui.exe [2008-09-05 1794048]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-05 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2004-08-29 131072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-09 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c192e5-bc99-11dd-bccb-001377a9ed96}]
shell\AutoRun\command - F:\pushinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{417d92d9-8314-11dd-9602-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50ef0407-698d-11de-8991-93d595dcd58e}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-13 17:14:58 ----D---- C:\rsit
2009-12-13 17:14:22 ----D---- C:\Program Files\CCleaner
2009-12-13 17:09:41 ----D---- C:\Users\Samuel\AppData\Roaming\Malwarebytes
2009-12-13 17:09:34 ----D---- C:\ProgramData\Malwarebytes
2009-12-13 17:09:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-12 13:08:21 ----D---- C:\Program Files\Trend Micro
2009-12-12 13:05:22 ----D---- C:\Program Files\TrendMicro
2009-12-11 16:16:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-11 16:16:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-10 18:43:40 ----D---- C:\ProgramData\WindowsSearch
2009-12-10 09:29:41 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 09:29:39 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 19:42:08 ----D---- C:\Users\Samuel\AppData\Roaming\OpenOffice.org
2009-12-09 19:06:09 ----D---- C:\Program Files\JRE
2009-12-09 19:05:48 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaws.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\javaw.exe
2009-12-09 19:05:16 ----A---- C:\Windows\system32\java.exe
2009-12-09 19:04:51 ----D---- C:\Program Files\Java
2009-12-09 12:44:20 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 12:44:20 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 12:44:19 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 12:44:18 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 12:44:17 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 12:44:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 12:43:46 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 12:34:37 ----A---- C:\Windows\system32\rastls.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\WrapDino.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxp5.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxmmx.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\rdxam.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Odbctl32.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dmix.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\dinoav.dll
2009-12-06 17:55:01 ----A---- C:\Windows\system32\Dino2d.dll
2009-12-06 17:55:00 ----D---- C:\Program Files\Driftwood
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Vb5db.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\MSVBVM50.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrepl35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msrd2x35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjter35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjint35.dll
2009-12-06 17:55:00 ----A---- C:\Windows\system32\Msjet35.dll
2009-11-30 16:45:07 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
2009-11-29 21:20:11 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-29 20:42:11 ----D---- C:\Users\Samuel\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2009-11-26 17:00:34 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 17:29:37 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 17:29:36 ----A---- C:\Windows\system32\msxml3.dll
2009-11-18 18:36:26 ----D---- C:\Program Files\Windows Portable Devices
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-18 16:54:49 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-18 16:54:26 ----A---- C:\Windows\system32\cdd.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\FntCache.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-18 16:54:25 ----A---- C:\Windows\system32\DWrite.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-18 16:54:25 ----A---- C:\Windows\system32\d2d1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\dxgi.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d11.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-18 16:54:24 ----A---- C:\Windows\system32\d3d10.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-18 16:53:56 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-18 16:53:56 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-18 16:53:53 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-18 16:53:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-18 16:51:13 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-18 16:51:12 ----A---- C:\Windows\system32\oleacc.dll

======List of files/folders modified in the last 1 months======

2009-12-13 18:59:23 ----D---- C:\Windows\Temp
2009-12-13 18:59:18 ----D---- C:\Windows\Prefetch
2009-12-13 18:53:32 ----D---- C:\Windows\system32\drivers
2009-12-13 18:53:32 ----D---- C:\Windows\Cursors
2009-12-13 18:47:47 ----SHD---- C:\System Volume Information
2009-12-13 17:14:22 ----RD---- C:\Program Files
2009-12-13 17:09:34 ----HD---- C:\ProgramData
2009-12-12 13:05:22 ----SHD---- C:\Windows\Installer
2009-12-12 13:05:22 ----SD---- C:\Users\Samuel\AppData\Roaming\Microsoft
2009-12-11 01:58:14 ----D---- C:\Windows
2009-12-10 23:08:04 ----D---- C:\Program Files\Mozilla Firefox
2009-12-10 22:35:59 ----D---- C:\Windows\system32\catroot2
2009-12-10 22:20:31 ----D---- C:\Windows\System32
2009-12-10 21:29:35 ----D---- C:\Windows\rescache
2009-12-10 21:24:39 ----D---- C:\Windows\winsxs
2009-12-10 21:14:30 ----D---- C:\Windows\system32\catroot
2009-12-10 21:11:34 ----D---- C:\Windows\system32\de-DE
2009-12-10 21:11:34 ----D---- C:\Program Files\Windows Mail
2009-12-10 18:18:53 ----D---- C:\Windows\Tasks
2009-12-10 18:15:52 ----D---- C:\Windows\system32\Tasks
2009-12-09 19:07:13 ----RSD---- C:\Windows\assembly
2009-12-09 19:06:28 ----RSD---- C:\Windows\Fonts
2009-12-09 19:04:56 ----A---- C:\Windows\system32\deploytk.dll
2009-12-07 18:45:16 ----D---- C:\Users\Samuel\AppData\Roaming\vlc
2009-12-06 17:55:27 ----D---- C:\Windows\inf
2009-12-06 17:55:27 ----D---- C:\Windows\Help
2009-12-06 17:55:23 ----HD---- C:\Program Files\Uninstall Information
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 21:24:15 ----D---- C:\Users\Samuel\AppData\Roaming\Skype
2009-11-29 21:08:21 ----D---- C:\Program Files\Electronic Arts
2009-11-29 16:25:34 ----D---- C:\Users\Samuel\AppData\Roaming\skypePM
2009-11-28 16:02:04 ----D---- C:\Windows\system32\WDI
2009-11-28 14:05:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-25 17:27:27 ----D---- C:\Windows\system32\LogFiles
2009-11-18 19:49:58 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-11-18 19:49:55 ----D---- C:\Program Files\DVDVideoSoft
2009-11-18 18:36:25 ----D---- C:\Windows\system32\wbem
2009-11-18 18:36:23 ----D---- C:\Windows\system32\zh-HK
2009-11-18 18:36:23 ----D---- C:\Windows\system32\uk-UA
2009-11-18 18:36:23 ----D---- C:\Windows\system32\tr-TR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\th-TH
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sv-SE
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-18 18:36:23 ----D---- C:\Windows\system32\sl-SI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-PT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pt-BR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\pl-PL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\nl-NL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\ko-KR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\it-IT
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hu-HU
2009-11-18 18:36:23 ----D---- C:\Windows\system32\hr-HR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\he-IL
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fr-FR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\fi-FI
2009-11-18 18:36:23 ----D---- C:\Windows\system32\es-ES
2009-11-18 18:36:23 ----D---- C:\Windows\system32\el-GR
2009-11-18 18:36:23 ----D---- C:\Windows\system32\bg-BG
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-TW
2009-11-18 18:36:22 ----D---- C:\Windows\system32\zh-CN
2009-11-18 18:36:22 ----D---- C:\Windows\system32\sk-SK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ru-RU
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ro-RO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\nb-NO
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lv-LV
2009-11-18 18:36:22 ----D---- C:\Windows\system32\lt-LT
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ja-JP
2009-11-18 18:36:22 ----D---- C:\Windows\system32\et-EE
2009-11-18 18:36:22 ----D---- C:\Windows\system32\en-US
2009-11-18 18:36:22 ----D---- C:\Windows\system32\da-DK
2009-11-18 18:36:22 ----D---- C:\Windows\system32\cs-CZ
2009-11-18 18:36:22 ----D---- C:\Windows\system32\ar-SA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-29 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 MxlW2k;MxlW2k; C:\Windows\system32\drivers\MxlW2k.sys [2009-07-24 28352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-08 7522624]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-04-05 242560]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-09 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-05 132424]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [2008-09-05 364544]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 819200]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-08 196608]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2006-10-17 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-13 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------
4.
Code:
2007 Microsoft Office system        Microsoft Corporation        07.07.2008        491,2MB        12.0.4518.1014
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        14.09.2008        13,5MB       
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        09.09.2009                10.0.32.18
Adobe Flash Player 9 ActiveX        Adobe Systems Incorporated        14.09.2008                9
Adobe Photoshop Elements        Adobe Systems, Inc.        18.11.2008        68,3MB        1.0
Adobe Reader 8.1.3 - Deutsch        Adobe Systems Incorporated        10.08.2009        99,8MB        8.1.3
Adobe SVG Viewer        Adobe Systems, Inc.        18.11.2008        3,38MB        1.0
Advanced Wheel Mouse 6.0.0.001                27.11.2008        0,39MB       
Agere Systems HDA Modem        Agere Systems        07.07.2008               
Apple Mobile Device Support        Apple Inc.        29.03.2009        38,3MB        2.4.0.27
Apple Software Update        Apple Inc.        07.02.2009        2,16MB        2.1.1.116
Artus                10.10.2009        3,33MB       
Ashampoo WinOptimizer 4 FREE        Ashampoo GmbH & Co. KG        25.06.2009        27,2MB        4.5.1
Ask Toolbar        Ask.com        29.03.2009        1,11MB        4.1.0.2
Atheros WLAN Client                14.09.2008        0,86MB        1.00.000
Aufstieg des Hexenkönigs™                28.11.2009        2.923,7MB       
Avira AntiVir Personal - Free Antivirus        Avira GmbH        19.03.2009        71,4MB       
AVM FRITZ!WLAN        AVM Berlin        28.11.2008               
AVS Update Manager 1.0        Online Media Technologies Ltd.        27.08.2009        9,55MB       
AVS Video Converter 6        Online Media Technologies Ltd.        27.08.2009        22,9MB       
AVS4YOU Software Navigator 1.3        Online Media Technologies Ltd.        27.08.2009        8,84MB       
Bigfoot Networks LagMeter                28.09.2009        1,66MB       
Bonjour        Apple Inc.        29.03.2009        0,49MB        1.0.106
Business Contact Manager für Outlook 2007        Microsoft Corporation        07.07.2008        29,0MB        3.0.5828.0
CCleaner        Piriform        12.12.2009        2,80MB       
Cossacks - The Art Of War                05.12.2008        309,6MB       
CyberLink DVD Suite        CyberLink Corp.        14.09.2008        9,64MB        5.0.2403
CyberLink Power2Go        CyberLink Corp.        14.09.2008        52,4MB        5.0.3825
Die Schlacht um Mittelerde™ II                03.10.2009        5.243,0MB       
Die Sims™ Lebensgeschichten                24.07.2009        2.630,3MB       
Easy Battery Manager                14.09.2008        7,89MB        3.2.1.7
Easy Display Manager        Samsung        07.07.2008        12,4MB        2.0.0.0
Easy Network Manager 3.0        Ihr Firmenname        07.07.2008        36,9MB        3.0.0.0
Easy SpeedUp Manager                14.09.2008        4,00MB        2.0.1.0
FLV Player 2.0 (build 25)        Martijn de Visser        07.03.2009        1,95MB        2.0 (build 25)
Fraps                28.09.2009        1,47MB       
Free Audio CD Burner version 1.2        DVDVideoSoft Limited.        17.11.2009        2,60MB       
Free YouTube to MP3 Converter version 3.2        DVDVideoSoft Limited.        17.11.2009        2,20MB       
Freez FLV to MP3 Converter        www.smallvideosoft.com        29.11.2008        5,46MB        1.2
Gaming Mouse                27.11.2008        14,1MB       
HiJackThis        Trend Micro        11.12.2009        0,36MB        1.0.0
HijackThis 2.0.2        TrendMicro        11.12.2009        0,77MB        2.0.2
ICQ Toolbar        ICQ        27.10.2008                3.0.0
ICQ6.5        ICQ        12.10.2009        48,1MB        6.5
imagine digital freedom - Samsung        Samsung Electronics Co., LTD        07.07.2008        7,50MB        1.0.2.0
Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        07.07.2008        78,3MB        12.00.2000
Intel® Matrix Storage Manager        Intel Corporation        14.09.2008        0,79MB       
iTunes        Apple Inc.        29.03.2009        106,0MB        8.1.0.52
Java(TM) 6 Update 16        Sun Microsystems, Inc.        08.12.2009        97,7MB        6.0.160
Kabale                05.12.2009        0,31MB       
LabelPrint        CyberLink Corp.        14.09.2008        106,4MB        .2406
LightScribe System Software  1.12.37.1        LightScribe        07.07.2008        20,9MB        1.12.37.1
Malwarebytes' Anti-Malware        Malwarebytes Corporation        12.12.2009        4,11MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        20.05.2009        37,4MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        20.05.2009        37,4MB       
Microsoft AutoRoute 2002        Microsoft        22.11.2008        192,5MB        9.00.17.0200
Microsoft Office 2003 Web Components        Microsoft Corporation        07.07.2008        21,7MB        11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        07.07.2008        7,23MB        12.0.4518.1014
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        07.03.2009        34,7MB        12.0.4518.1014
Microsoft Office Small Business Connectivity Components        Microsoft Corporation        07.07.2008        0,15MB        2.0.7024.0
Microsoft Silverlight        Microsoft Corporation        20.05.2009        3,14MB        1.0.30401.0
Microsoft Small Basic v0.5.1        Microsoft Corporation        10.08.2009        5,11MB        0.5.1
Microsoft SQL Server 2005        Microsoft Corporation        07.07.2008        42,7MB       
Microsoft SQL Server 2008 Management Objects        Microsoft Corporation        20.05.2009        11,5MB        10.0.1600.22
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)        Microsoft Corporation        20.05.2009        2,87MB        3.5.5692.0
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)        Microsoft Corporation        20.05.2009        9,10MB        3.5.5692.0
Microsoft SQL Server Native Client        Microsoft Corporation        07.07.2008        2,59MB        9.00.2047.00
Microsoft SQL Server VSS Writer        Microsoft Corporation        07.07.2008        0,68MB        9.00.2047.00
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU        Microsoft Corporation        20.05.2009        163,4MB       
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        07.07.2008        0,41MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        20.05.2009        0,57MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        19.03.2009        0,58MB        9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu        Microsoft Corporation        20.05.2009        5,74MB        3.5.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32        Microsoft Corporation        20.05.2009        2,61MB        6.1.5295.17011
Microsoft Word 2002        Microsoft Corporation        22.11.2008        105,0MB        10.0.2701.01
Microsoft Works 7.0        Microsoft Corporation        22.11.2008        195,3MB        07.02.0702
Microsoft Works Suite-Add-Ins für Microsoft Word        Microsoft Corporation        22.11.2008        37,3MB        2.0.0.0000
MobileMe Control Panel        Apple Inc.        29.03.2009        6,74MB        2.4.0.27
MobMap 3.03        Slarti on EU-Blackhand        15.11.2008        5,70MB       
Mozilla Firefox (3.5.5)        Mozilla        12.11.2009        30,1MB        3.5.5 (de)
Musicmatch® Jukebox                23.07.2009        30,4MB        9.00.0156
NVIDIA Drivers                14.09.2008               
OpenOffice.org 3.1        OpenOffice.org        08.12.2009        371,1MB        3.1.9420
Play AVStation        Ihr Firmenname        07.07.2008        91,1MB        4.1.20.50
PlayCamera                24.10.2008        363,3MB        1.0.1.7
PowerDirector        CyberLink Corp.        14.09.2008        129,4MB        5.0.3927
PowerDVD        CyberLink Corp.        14.09.2008        114,4MB        7.0.3118.0
PowerProducer        CyberLink Corp.        14.09.2008        297,7MB        085120(3.7)_Vista_SSPC
Quest Creator - SHAREWARE                28.08.2009        4,22MB       
QuickTime        Apple Inc.        07.02.2009        74,4MB        7.60.92.0
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        07.07.2008        11,4MB        6.0.1.5605
RGSS-RTP Standard        Enterbrain        28.08.2009        22,5MB        1.0.0
RPG Maker VX        Enterbrain        05.09.2009        9,84MB        1.02
RPG Maker VX RTP        Enterbrain        05.09.2009        43,1MB        1.02
RPGXP        Enterbrain        28.08.2009        4,11MB        1.0.0
Samsung Magic Doctor        Samsung Electronics Co., LTD        14.09.2008        15,4MB        5.00
Samsung Recovery Solution III        Samsung        07.07.2008        36,5MB        3.0.0.5
Samsung Update Plus        Samsung Electronics Co., LTD        07.07.2008        5,64MB        1.3.0.11
Skype web features        Skype Technologies S.A.        24.10.2009        4,34MB        1.0.3971
Skype™ 4.1        Skype Technologies S.A.        24.10.2009        31,1MB        4.1.179
Spybot - Search & Destroy        Safer Networking Limited        10.12.2009        52,1MB        1.6.2
SQL Server System CLR Types        Microsoft Corporation        20.05.2009        0,81MB        10.0.1600.22
Synaptics Pointing Device Driver        Synaptics        07.07.2008        13,6MB        10.1.2.0
TeamSpeak 2 RC2        Dominating Bytes Design        08.11.2008                2.0.32.60
Uninstall 1.0.0.1                17.11.2009        27,2MB       
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        07.07.2008        23,2MB        9.00.2047.00
User Guide                14.09.2008        152,0MB        1.0
Vimicro UVC Camera        Vimicro Corporation        07.07.2008        2,15MB        1.00.0000
VLC media player 1.0.1        VideoLAN Team        27.08.2009        60,4MB        1.0.1
WIDCOMM Bluetooth Software 6.0.1.6300        WIDCOMM, Inc.        07.07.2008        35,5MB        6.0.1.6300
Windows Media Player Firefox Plugin        Microsoft Corp        20.05.2009        0,29MB        1.0.0.8
WinPcap 4.0 beta 2        CACE Technologies        28.09.2009        0,18MB        4.0.0.655
WinRAR                15.11.2008        3,68MB       
World of Warcraft        Blizzard Entertainment        10.12.2009                3.3.0.10958
Das wärs...
Und nachdem der Malwarebytes Anti-Malware Scan und Verschiebung in die Quarantäne abgeschlossen hat, ist mein PC runtergefahren. Ist das normal???

mfg Samuel

PS: Ist das wirklich nötig das ganze Zeug zu posten? War mir da unsicher, ist ja ziemlich viel Info...

kira 13.12.2009 19:39
hi

Ohne Informationen über dein System, können wir Dir nicht helfen..?!
Wenn du deinen PC mit dem Inet verbindest, er ist sowieso wie ein *offene Buchbindewerkstatt*
Aber Deine persönlichen Angaben/Daten (die persönliche Merkmale enthalten, wie Name, Seriennummer etc) kannst Du aus dem geposteten Logs heraus löschen:)
ansonsten nur zu Hause formatieren u neu installieren hilft...

1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
Ask Toolbar - Adware -Toolbar
2.
Falls noch vorhanden:
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked"klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
3.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
  • `Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
  • `Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
  • für jedes Benutzerkonto bitte durchführen
  • anschließend den Papierkorb leeren

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 17 schon fällig!)
danach deinstalliere:
`Systemsteuerung → Software → Ändern/Entfernen...`
Code:
Java(TM) 6 Update 16 (falls noch existiert)
um die neueste Version von Adobe zu erhalten klick hier: Adobe Reader

6.
Bitte unbedingt alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner - wähle hier "My computer" aus und das Logergebnis speichern "Save as" dann posten
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

TheChosenOne 13.12.2009 20:08
Also ich hab hier noch den Bericht von dem Antivir Rootkit Tool:

Code:
Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
 - Scan started Sonntag, 13. Dezember 2009 - 19:31:31
========================================================================================================

--------------------------------------------------------------------------------------------------------
  Configuration:
--------------------------------------------------------------------------------------------------------
 - [X] Scan files
 - [X] Scan registry
 - [X] Scan processes
 - [ ] Fast scan
 - Working disk total size : 144.09 GB
 - Working disk free size : 5.49 GB (3 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing\eventthrottlelastreported
Hidden key : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing\eventthrottlestate
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottleflushperiodms
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottlemaxevents
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottleblockperiodms
Hidden value : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing -> eventthrottlemaxcontrolperiodms
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet001\Control\WMI\Autologger\SQMLogger\{2ff3e6b7-cb90-4700-9621-443f389734ed}
Hidden key : HKEY_LOCAL_MACHINE\System\ControlSet003\Control\WMI\Autologger\SQMLogger\{2ff3e6b7-cb90-4700-9621-443f389734ed}

--------------------------------------------------------------------------------------------------------
Files: 0/155473
Registry items: 8/465044
Processes: 0/81
Scan time: 00:31:31
--------------------------------------------------------------------------------------------------------
Active processes:
  - System          (PID 4)
  - spoolsv.exe      (PID 1648)
  - avguard.exe      (PID 568)
  - svchost.exe      (PID 1068)
  - svchost.exe      (PID 1108)
  - svchost.exe      (PID 1768)
  - smss.exe        (PID 456)
  - lsass.exe        (PID 700)
  - svchost.exe      (PID 984)
  - SearchIndexer.exe (PID 2468)
  - wh_exec.exe      (PID 1304)
  - unsecapp.exe    (PID 2776)
  - firefox.exe      (PID 4132)
  - WLanNetService.exe (PID 576)
  - AppleMobileDeviceService.exe (PID 12)
  - csrss.exe        (PID 588)
  - mDNSResponder.exe (PID 704)
  - svchost.exe      (PID 2360)
  - wininit.exe      (PID 640)
  - WmiPrvSE.exe    (PID 3580)
  - taskeng.exe      (PID 1656)
  - services.exe    (PID 684)
  - lsm.exe          (PID 708)
  - csrss.exe        (PID 652)
  - RtHDVCpl.exe    (PID 2436)
  - svchost.exe      (PID 848)
  - nvvsvc.exe      (PID 916)
  - svchost.exe      (PID 944)
  - svchost.exe      (PID 1032)
  - sidebar.exe      (PID 2372)
  - svchost.exe      (PID 992)
  - explorer.exe    (PID 3936)
  - svchost.exe      (PID 1236)
  - audiodg.exe      (PID 1160)
  - consent.exe      (PID 2980)
  - SLsvc.exe        (PID 1188)
  - msiexec.exe      (PID 4768)
  - EvtEng.exe      (PID 1224)
  - winlogon.exe    (PID 1332)
  - svchost.exe      (PID 1388)
  - ICQ Service.exe  (PID 1396)
  - sqlservr.exe    (PID 2116)
  - mbam.exe        (PID 5568)
  - avgnt.exe        (PID 3752)
  - mm_tray.exe      (PID 1644)
  - iTunesHelper.exe (PID 4036)
  - msiexec.exe      (PID 972)
  - rundll32.exe    (PID 1696)
  - MSASCui.exe      (PID 3972)
  - sched.exe        (PID 1744)
  - SynTPEnh.exe    (PID 2876)
  - TeaTimer.exe    (PID 1896)
  - ICQ.exe          (PID 3048)
  - PDVDServ.exe    (PID 2944)
  - LSSrvc.exe      (PID 2096)
  - svchost.exe      (PID 2200)
  - dwm.exe          (PID 3416)
  - RegSrvc.exe      (PID 2232)
  - RichVideo.exe    (PID 2284)
  - taskeng.exe      (PID 3348)
  - svchost.exe      (PID 2428)
  - msiexec.exe      (PID 504)
  - msiexec.exe      (PID 2448)
  - SDWinSec.exe    (PID 2708)
  - VSSVC.exe        (PID 5836)
  - iPodService.exe  (PID 4836)
  - taskeng.exe      (PID 3408)
  - msiexec.exe      (PID 5408)
  - EasyBatteryMgr3.exe (PID 3432)
  - avirarkd.exe    (PID 1664)
  - MagicDoctorKbdHk.exe (PID 3492)
  - dmhkcore.exe    (PID 3572)
  - EasySpeedUpManager.exe (PID 3720)
  - HijackThis.exe  (PID 4396)
  - LightScribeControlPanel.exe (PID 3924)
  - rundll32.exe    (PID 4004)
  - jre-6u17-windows-i586-iftw-rv.exe (PID 5800)
  - THGuard.exe      (PID 5968)
  - svchost.exe      (PID 5380)
  - naxsuvaq.exe    (PID 3848) (Avira AntiRootkit Tool)
  - SynTPHelper.exe  (PID 5040)
========================================================================================================
 - Scan finished  Sonntag, 13. Dezember 2009 - 20:03:03
========================================================================================================
Falls das was hilft....

und atm hab ich das Problem, das Bei Hijackthis immer die meldung "Hijackthis is already running"

Außerdem habe ich noch eine Frage zu Schritt 3.
Wo finde ich den ordner etc...
eine genauere erklärung wäre nett.
mfg Sam

kira 13.12.2009 20:28
nein, sorry hast Du Vista...also Punkt 3. (http://www.trojaner-board.de/80311-a...ost486776)gilt nicht für dich, aber:
- alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
- c:\windows\temp
- anschließend den Papierkorb leeren

oder auch zusätzliche Ordner bereinigen lassen mit Ccleaner :
CCleaner als Admin starten→ gehe auf den Button links oben "Cleaner", setze Häkchen unter Reiter "Windows" (alle außer "Eingabefeld Verlauf" und bei "Erweitert" nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner").
Einstellungen → Benutzerdefiniert → Zu bereinigende Dateien und Ordner → Ordner hinzufügen :
Code:
C:\Users\<DeinBenutzername>\AppData\Local\Temp\*.*
C:\Users\Default\AppData\Local\Temp\*.*
C:\Windows\Temp\*.*
Systemreinigung mit ccleaner

- CCleaner richtig und gefahrlos einsetzen
- Anleitung 1.
- Anleitung 2.
- Manual:CCleaner Handbuch

TheChosenOne 16.12.2009 17:12
Ok. Vielen Dank.
Mach mich mal an die Arbeit mit dem Kaspersky online Teil...
Bei meinem Internet ist das ne Sache von Stunden.

TheChosenOne 30.12.2009 14:58
noch ne frage:
ist mein pc jetzt in gefahr oder nicht?

konnte nämlich länger nicht ran...

versuche den online scan schon öfters aber dank meinem internet das häufig abbricht funktioniert das sehr schlecht...

ist das dringend?

mfg Sam


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:37 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19