| |
| |||||||
Log-Analyse und Auswertung: Mystart Trojaner eingefangen, Hilfe!!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.09.2012, 15:49
| #1 |
| |  Mystart Trojaner eingefangen, Hilfe!! Hallo. Vorab - ich bin ein 16-jähriges Mädchen und hab nicht viel Ahnung vom Computern. Redet also bitte nicht in Computersprache, das hilft mir nicht weiter. Ich hab mich hier angemeldet, weil ich total am verzweifeln bin. Ich hab mir vor 4 Tagen (glaube ich) etwas gedownloaded, der Download lies sich dann auch plötzlich nicht mehr abbrechen (auch nicht mitm Task-Manager). Tja, und dann hatte sich der Trojaner eingeschlichen. Ich nutzte Chrome, und sobald ich einen neuen Tab auf mache kommt die Seite hxxp://mystart.incredibar.com. Ich hab erstmal bei den Chrome Einstellungen simpel versucht, die Seite zu löschen - geht nicht. Ich habe gegooglet und gegooglet, jeder sagt was anderes. Ich hab viel probiert, nix. Gestern zeigte mein Kasperky dann eine Bedrohung an. Ich ließ ne 2-stündige Untersuchung machen und hoffte, es wird korrigert. Am Ende war wortwörtlich alles wieder im grünen Bereich, aber die Seite war noch da. Also hat sich nix geändert. Grade mach ich meinen Lappi (übrigens Win7) an, startet der nicht richtig. Kasperky ist auch im roten Bereich (mittlerweile nach irgendnem Download wieder im grünen, aber heißt ja nix, wie wir mittlerweile Wissen). BITTE BITTE HELFT MIR!!! Ich weiß nicht was ich machen soll wenn der hier alle meine Daten löscht oder mein Lappi am Ende noch im Arsch ist .. wird auch jeden Tag schlimmer! |
|
21.09.2012, 17:19
| #2 |
| /// Malware-holic   | Mystart Trojaner eingefangen, Hilfe!! hi
__________________öffne mal kaspersky,und poste uns die gefundene(n) bedrohung)en) danach: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
21.09.2012, 17:36
| #3 |
| | Mystart Trojaner eingefangen, Hilfe!! Das ist es ja: Kaspersky sieht das anscheinend noch nicht. Da steht ja, dass der Computer sicher ist..
__________________Und der Link mit dem Download geht bei mir irgendwie nicht. Page not found.. |
|
21.09.2012, 17:38
| #4 |
| /// Malware-holic | Mystart Trojaner eingefangen, Hilfe!! hiho da sind 2 links. du sagtest doch, kaspersky hätte anfangs eine bedrohung gefunden, darüber müsste im programm ein bericht zu finden sein.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.09.2012, 13:17
| #5 |
| | Mystart Trojaner eingefangen, Hilfe!! Hier erstmal dieses OTL.OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/22/2012 1:53:14 PM - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Lisa\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16443) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.48 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 66.15% Memory free 6.96 Gb Paging File | 5.66 Gb Available in Paging File | 81.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 301.94 Gb Total Space | 223.73 Gb Free Space | 74.10% Space Free | Partition Type: NTFS Drive D: | 148.72 Gb Total Space | 70.49 Gb Free Space | 47.40% Space Free | Partition Type: NTFS Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/22 13:50:37 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe PRC - [2011/12/08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011/12/08 03:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2011/08/01 15:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2011/04/13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/11/04 06:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/10/07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe PRC - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2008/03/10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/09/19 19:57:58 | 002,098,200 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012/06/14 20:35:11 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012/06/14 20:30:19 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012/06/14 20:30:05 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012/06/14 20:29:54 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012/06/14 20:29:52 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012/05/12 19:05:57 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012/05/12 19:03:04 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012/05/12 19:02:49 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012/05/10 22:25:53 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012/05/10 22:22:34 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012/05/10 22:22:27 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012/05/10 22:22:19 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012/05/10 22:22:10 | 014,414,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2011/12/28 16:15:50 | 000,115,137 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll MOD - [2011/12/08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/04/13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP) SRV - [2010/09/19 13:05:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/08/13 21:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip) SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) ========== Driver Services (SafeList) ========== DRV - [2011/10/27 03:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/10/27 03:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011/10/27 03:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011/05/21 18:03:01 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2) DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1) DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2010/02/10 18:17:24 | 009,936,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/11/06 22:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/10/26 22:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/06/27 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=1 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={87F64325-68CB-11DF-AF6A-0024545FE718} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=5a77c441000000000000c417fecacc60 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=5a77c441000000000000c417fecacc60 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{06FDDA33-2034-4E96-A60C-69C4AD389F84}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_ccp_3812_8&babsrc=SP_ss&mntrId=5a77c441000000000000c417fecacc60 IE - HKCU\..\SearchScopes\{27840BD7-8491-41B6-8FFB-889C34ACC45A}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{7D355D40-C3B6-46E6-A758-EE0A292A3DCC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms} IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{B8EABFB3-EB79-4A08-A702-31815A728D42}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{CFC9FD4C-AF60-4C39-B0FA-6A0A839457E5}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyOw0UJDu&i=26 IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={87F64325-68CB-11DF-AF6A-0024545FE718} IE - HKCU\..\SearchScopes\{F8372CC8-BFA6-4083-8E5E-CABA1A018BAE}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_8&babsrc=HP_ss&mntrId=5a77c441000000000000c417fecacc60" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.3 FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.2.643.41 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Lisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/18 18:48:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/09/19 19:57:59 | 000,000,000 | ---D | M] [2011/03/27 20:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions [2012/09/19 20:45:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\hv0tzcbq.default\extensions [2012/04/11 22:47:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\hv0tzcbq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012/02/04 22:24:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\hv0tzcbq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012/04/11 22:47:29 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012/09/16 18:05:59 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-1.xml [2011/09/16 17:43:27 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-2.xml [2012/04/11 22:56:12 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-3.xml [2012/09/19 21:44:26 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin-4.xml [2011/08/07 20:48:28 | 000,001,034 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\hv0tzcbq.default\searchplugins\icqplugin.xml [2012/09/22 23:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011/10/26 12:05:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/06/19 17:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/03/12 15:32:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/09/22 23:44:26 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru [2011/05/21 18:04:56 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru [2012/09/19 19:57:59 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.2.643.41\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION [2011/09/18 18:48:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.100_0\npbrowserext.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\system32\npDeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Lisa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Splendid = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\ CHR - Extension: New tab for Chrome\u2122 = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll File not found O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll File not found O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll File not found O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll File not found O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll File not found O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll File not found O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe" /md I File not found O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Lisa\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] ~"C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.schueler.cc/uploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FC6C988-6AFC-4DF3-B3AC-C09F4807A70E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA5FFB13-942A-4BFE-8062-4E8F59AD1F02}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011/09/16 06:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{19629db7-1f31-11df-9c99-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{19629db7-1f31-11df-9c99-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011/09/16 09:07:13 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\{c2594754-27ee-11e1-940e-0024545fe718}\Shell - "" = AutoRun O33 - MountPoints2\{c2594754-27ee-11e1-940e-0024545fe718}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {222FB945-258A-4734-84EA-99E5B4EF4E00} - WEB.DE Browser Add-on ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {340219A6-77F0-4A73-8735-3ECBE48CC077} - WEB.DE Browser Add-on ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {808D9323-16E9-411B-9F6B-E733B6B955B9} - WEB.DE Update ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A477E148-6951-4E85-BB46-32845F242F0F} - WEB.DE Update ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{E21663EC-B5F9-4842-8303-EE4FDADFEF6D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/09/22 13:47:26 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{29558843-02EC-4DE9-9F41-42009BF497B6} [2012/09/21 18:10:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe [2012/09/21 18:10:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe [2012/09/21 18:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012/09/21 18:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012/09/21 18:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus [2012/09/21 18:09:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2012/09/21 18:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2012/09/21 17:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012/09/21 16:32:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{BD854DC4-81CF-4468-A959-BF4AED3BB7A8} [2012/09/21 06:42:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{5571F289-66EE-4986-903C-A7AF3F9FCC76} [2012/09/19 19:58:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Start Menu [2012/09/19 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012/09/19 13:44:17 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/09/19 05:42:23 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2CC8F250-ADE7-4739-800F-F1A3DD9A7DE8} [2012/09/18 19:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Perion [2012/09/18 19:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com [2012/09/18 05:47:21 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{52835A22-A185-486A-8EB6-C22872A2AA70} [2012/09/18 05:42:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2B095E71-3378-47B1-85FA-9FAF9AB67EE3} [2012/09/17 06:43:11 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{9A5E2D88-7C92-4F10-9898-6D8B0C646BE3} [2012/09/16 10:45:00 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{94B0FCEF-1639-4BE9-A902-6779DC9BAD43} [2012/09/15 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{C1FD1299-AD07-422A-AE42-D337FC22D9B0} [2012/09/14 16:32:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{DE981425-4797-4C93-B46A-6BE2B2D68CF9} [2012/09/13 17:07:38 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{01BB91A1-D2D5-47CD-8780-B0E32D180656} [2012/09/12 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{71DF10B9-1F22-4188-B928-97D5BDF7B87D} [2012/09/11 20:28:01 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1D501E69-8677-48DC-BC51-CECF80883AFA} [2012/09/11 05:39:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D13150EE-CAE9-4CE3-8C51-EFC501A8E07B} [2012/09/10 06:40:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{069168C7-EEA7-4E54-9C84-3C1C59DEF3E8} [2012/09/09 13:45:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{FE408C87-3831-4FA9-BDE5-35B54DBDB3A1} [2012/09/08 11:04:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{78A33103-9D66-491C-B963-E4740B1583EC} [2012/09/07 06:37:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{FA79375B-E3D4-44C5-AC34-678FB5E27E91} [2012/09/06 06:33:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{0CB653B2-A166-4E2A-A03A-FC828F001A11} [2012/09/05 07:06:14 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B10C2BE5-86B0-4B58-B41B-3A791395327A} [2012/09/04 07:03:23 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F2F71257-2DDD-4E72-8180-CE76467B37B0} [2012/09/03 13:21:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{DA6A9EFC-A29A-47AB-939A-3E94D1C788B1} [2012/09/02 19:30:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F99B92B1-C369-448D-B43C-676CECFF1947} [2012/09/01 15:41:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{25341902-58D6-41C1-9B14-400DE254D555} [2012/08/31 11:24:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{25EEF005-D8CE-4490-B655-B9F5E63483B3} [2012/08/30 08:50:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1782C86F-4AA9-4EBA-B2C1-53B9E31F2037} [2012/08/29 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{25679C35-E401-453E-9D85-53D312112A2A} [2012/08/28 11:33:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{7F0F14DF-4929-44FE-9A4E-C0D65A483F49} [2012/08/27 13:25:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{43B12894-436D-4A71-BC5E-EB012BD75B79} [2012/08/26 19:28:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{349CF534-C8BD-40B3-98CD-95DB31498A99} [2012/08/25 12:19:14 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F742A142-E5C7-4585-A347-DE1D9D09CBED} [2012/08/25 10:30:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{1A21C770-E3E0-4999-999F-D24D729E9D26} [2012/08/24 11:26:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{13A1B0B1-5EF5-4887-AF27-90C527D35623} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/22 13:54:03 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/22 13:54:03 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/22 13:47:13 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job [2012/09/22 13:47:03 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job [2012/09/22 13:46:23 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/22 13:46:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/09/22 13:46:03 | 242,819,123 | ---- | M] () -- C:\windows\MEMORY.DMP [2012/09/22 13:45:18 | 2804,121,600 | -HS- | M] () -- C:\hiberfil.sys [2012/09/19 21:29:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/09/19 20:45:00 | 000,000,086 | ---- | M] () -- C:\windows\DeleteOnReboot.bat [2012/09/19 20:12:07 | 000,001,134 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job [2012/09/19 13:44:20 | 000,002,354 | ---- | M] () -- C:\Users\Lisa\Desktop\Google Chrome.lnk [2012/09/16 14:15:35 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/09/16 14:15:35 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/09/16 14:15:35 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/09/16 14:15:35 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/09/14 23:56:59 | 000,001,112 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/19 20:44:58 | 000,000,086 | ---- | C] () -- C:\windows\DeleteOnReboot.bat [2012/09/19 13:44:20 | 000,002,354 | ---- | C] () -- C:\Users\Lisa\Desktop\Google Chrome.lnk [2012/09/19 13:42:53 | 000,001,116 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job [2012/09/19 13:42:53 | 000,001,064 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job [2012/06/06 21:06:23 | 000,000,367 | ---- | C] () -- C:\Users\Lisa\Heimnetzgruppe - Verknüpfung.lnk [2011/10/31 12:22:42 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll [2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll [2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll [2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll [2011/05/21 18:04:48 | 000,116,189 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2011/05/21 18:04:48 | 000,098,168 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2011/03/26 19:46:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/05/26 16:34:22 | 000,005,044 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat [2010/05/21 14:42:11 | 000,002,528 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\$_hpcst$.hpc [2010/05/19 19:41:02 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2011/09/27 21:30:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\LocalLow\Microsoft\Silverlight\is\fihp3knr.app\aa3a0fbv.u4l\1\l [2012/01/28 23:47:43 | 000,000,082 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JD9NTF77\t.cxt.ms\lso.swf\u.sol [2010/06/05 18:47:01 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JD9NTF77\www8.agame.com\games\flash\u [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini ========== LOP Check ========== [2011/06/05 21:08:18 | 000,000,000 | -HSD | M] -- C:\Users\Lisa\AppData\Roaming\.# [2012/02/04 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoft [2011/02/06 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers [2010/05/19 20:24:06 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GameConsole [2011/10/14 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\go [2010/05/19 20:26:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Go Go Gourmet [2012/09/19 13:46:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ICQ [2011/09/18 11:21:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\LibreOffice [2011/12/24 22:39:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Origin [2010/05/21 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PC Suite [2011/12/28 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Samsung [2011/12/28 12:43:20 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Temp [2010/06/03 17:22:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Template [2012/06/24 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010/08/03 13:34:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010/08/07 18:22:19 | 000,000,000 | ---D | M] -- C:\BlueByte [2012/09/19 20:48:17 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009/12/05 06:30:25 | 000,000,000 | ---D | M] -- C:\Intel [2010/05/19 19:46:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/06/01 13:05:56 | 000,000,000 | ---D | M] -- C:\Phenomedia AG [2012/09/22 23:44:26 | 000,000,000 | R--D | M] -- C:\Program Files [2012/09/22 23:44:26 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010/05/19 19:38:05 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/09/22 13:55:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/08/30 16:47:51 | 000,000,000 | ---D | M] -- C:\Temp [2010/05/19 19:39:26 | 000,000,000 | R--D | M] -- C:\Users [2012/09/22 13:46:03 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 06:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2010/05/24 21:15:31 | 000,001,094 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2010/05/24 21:15:32 | 000,001,098 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2011/09/03 14:02:46 | 000,001,112 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job [2011/09/03 14:02:47 | 000,001,134 | ---- | C] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job [2012/09/19 13:42:53 | 000,001,064 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000Core.job [2012/09/19 13:42:53 | 000,001,116 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1410236154-1455553273-2078879821-1000UA.job < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: IASTOR.SYS > [2009/11/20 07:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\drivers\iaStor.sys [2009/11/20 07:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_a3da184953a37ce8\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl1.sys [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl2.sys [2011/05/21 18:03:01 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klif.sys [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\klim6.sys [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2011/04/13 15:38:36 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\klogon.dll [2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll < %USERPROFILE%\*.* > [2012/06/06 21:06:23 | 000,000,367 | ---- | M] () -- C:\Users\Lisa\Heimnetzgruppe - Verknüpfung.lnk [2012/09/22 14:00:10 | 004,980,736 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat [2012/09/22 14:00:10 | 000,262,144 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG1 [2010/05/19 19:39:27 | 000,000,000 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG2 [2010/05/19 20:04:20 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/05/19 20:04:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/05/19 20:04:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/07/12 20:07:10 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{7663d120-8db8-11df-b54d-0024545fe718}.TM.blf [2010/07/12 20:07:09 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{7663d120-8db8-11df-b54d-0024545fe718}.TMContainer00000000000000000001.regtrans-ms [2010/07/12 20:07:10 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{7663d120-8db8-11df-b54d-0024545fe718}.TMContainer00000000000000000002.regtrans-ms [2012/09/21 18:39:33 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{e94ebba5-03f8-11e2-bd55-0024545fe718}.TM.blf [2012/09/21 18:39:33 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{e94ebba5-03f8-11e2-bd55-0024545fe718}.TMContainer00000000000000000001.regtrans-ms [2012/09/21 18:39:33 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{e94ebba5-03f8-11e2-bd55-0024545fe718}.TMContainer00000000000000000002.regtrans-ms [2012/09/22 13:46:18 | 000,065,536 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{f590efc5-04aa-11e2-90ec-0024545fe718}.TM.blf [2012/09/22 13:46:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{f590efc5-04aa-11e2-90ec-0024545fe718}.TMContainer00000000000000000001.regtrans-ms [2012/09/22 13:46:20 | 000,524,288 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat{f590efc5-04aa-11e2-90ec-0024545fe718}.TMContainer00000000000000000002.regtrans-ms [2010/05/19 19:39:27 | 000,000,020 | -HS- | M] () -- C:\Users\Lisa\ntuser.ini [2012/06/06 21:06:26 | 000,148,480 | -HS- | M] () -- C:\Users\Lisa\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > Extras txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/22/2012 1:53:14 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Lisa\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.48 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 66.15% Memory free
6.96 Gb Paging File | 5.66 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 301.94 Gb Total Space | 223.73 Gb Free Space | 74.10% Space Free | Partition Type: NTFS
Drive D: | 148.72 Gb Total Space | 70.49 Gb Free Space | 47.40% Space Free | Partition Type: NTFS
Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8E486C-9C2A-4A77-BD46-539FBDA22073}" = rport=139 | protocol=6 | dir=out | app=system |
"{16675751-CA47-4AFC-B953-E704E17060A9}" = lport=139 | protocol=6 | dir=in | app=system |
"{189B0A50-BB7F-489E-A7AE-8B6F57471421}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{253792DD-E9B0-453C-ABEA-BDBB0E5E5939}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{270147F5-34A5-4762-94C5-D0BE229FDBA8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{397CEB25-3E8F-4611-8394-538D052EF575}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40451385-5874-413B-9924-9B2A30029466}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40CE33F0-7D7F-40D7-8C7C-CEB51AD58986}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{418BC385-CC75-4D6B-9B0C-7C3F3CE36004}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{41B4E18D-50C1-488B-BA07-A1E1BD0DB0B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C619419-C76F-4184-9109-1700F32BB7AE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54E98889-FF37-45F5-8511-E76AAD76983B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E5F6BC7-4F52-4A49-9951-7FEB7DC71BAC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66EBDB99-C35B-44F7-BE74-D27A4D4CF8AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6878F091-C627-4810-BC2F-661B31F1EC89}" = lport=138 | protocol=17 | dir=in | app=system |
"{6DB7B1F6-E7C2-44A6-B1AE-43FD19C236C1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7737BD34-FF46-4091-9928-F945B2EC8AC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B313264-7E1B-4F76-9431-64D01B23A212}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E6681E6-CD74-4DC3-8E6F-F4538471E6ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7F7C8279-CE4A-4A02-B8CE-9B341C57AD0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A311DEF6-2A45-4486-BEC2-AD54D6EF8386}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A73D542D-83B9-42CD-A3FB-66912C4EB25C}" = lport=137 | protocol=17 | dir=in | app=system |
"{AFF46CB4-3ABC-4A38-85D6-38038164D7B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{BAAF1C59-9F67-4DAA-BB70-0DCC459E7D12}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BF308638-DFFF-4F18-B0AF-80FE1804B9E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7AA3BDC-F00C-481A-9951-59C4334E612F}" = rport=137 | protocol=17 | dir=out | app=system |
"{FFB7C89B-1025-4A85-9E65-F1EAB125B96A}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BB677E-14AF-4813-96CC-5A6A42DB5D20}" = protocol=17 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe |
"{077F7EB0-8B2B-4E15-B9F3-BF38D58B5E3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CEA1B26-A01D-46CB-91A6-245DB204A900}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12A6C94D-4871-4CF6-BE5B-65B31CF80F66}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{12F4A2D0-C0C6-46C7-9F7E-064D380E5A1F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1598A42B-853B-4835-B12A-98664CFF42B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1A8C7E02-D22A-4953-915F-37E164BD1CB1}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{2423E344-FA8C-4D23-8FC8-5BBF45CE6D72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B043814-5690-4DB9-A38B-6D5D4DCC0F06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2ED75C22-C27B-4248-9CBD-539A53890C2C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{377FDEA4-5177-40E8-891E-F304FCEC5DB8}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{38BB7640-0E17-4646-87AC-BDDC4F7DEBE3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3DD3437D-A8EA-4950-A76A-3D55D464FDD5}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{3DD4374E-20B3-44FB-9E85-438EAF02BD6A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E01D3B2-8ECB-40AD-B051-4AF9C37C7591}" = protocol=6 | dir=in | app=c:\users\lisa\downloads\sweetimsetup.exe |
"{46F99C3B-70FC-4C95-A1CF-D0E6E0F991DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{47109BB8-90B5-4124-AF08-4E4E82A6A3C5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{4A52B94C-8679-40B2-846B-0464984D8963}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{4BE35DCE-43BF-4F9D-8530-24F8A8D80B57}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{51520E62-7CEC-4251-AB02-5162C6A36261}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54D934D1-A226-4939-B3B0-A50C6BAF032D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{56DEB7B7-B964-42A6-806E-B70072091A85}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{64606CCC-5BF4-47FB-86DD-A0C3552DA641}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A728BCC-0E3B-489F-9322-317DAC66A283}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{6DB2123F-A2FC-41BA-BE3F-1D735AEF3098}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{6E3A96C7-E622-43B9-8657-B1F31005A4F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F4ACC1E-9363-4BA3-BAA6-933AA5804AA3}" = dir=in | app=c:\users\lisa\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{780CFA94-960D-4C11-AEC0-697C048EFE8C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{798E882A-F9B8-4A5E-AEA9-691F397FC7FC}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{7A11B0F2-035E-4FDC-AEB0-389397733C62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F35C5D9-8FE0-43C4-9A4F-7C44B3DFCA82}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{806A04CA-B5B5-46AD-80B4-549F069DE125}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8077295A-F783-46A1-8CCD-F806E58FF004}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{87F34DC7-82F7-44CA-8058-8190A17A0852}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{8D53590D-EA52-4E68-949D-8DDA25BE6EEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94D508BC-C2C2-45E7-BE10-D989EF938703}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{976F6410-9268-4DFF-A2FD-76D705855B5D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9C90446E-AD28-463C-B02E-A1B91790047D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D5C87B5-B894-426F-945E-DB10931D2CB1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{A0502994-5053-45F3-82F5-298BF29631F1}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A5D9943F-9F16-474E-ACF2-45FC8D8C92BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A75566FE-161C-4E60-801C-4B3983CF7C12}" = protocol=6 | dir=out | app=system |
"{B8119AC2-1E1E-4B15-911B-EC2433D0581C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE08D41C-53E2-421F-A1D5-0B90F4C788F7}" = protocol=6 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe |
"{D2ADDF4B-A6D4-44C2-9D07-5DDBCC49D497}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{DD9520DD-940A-4CDF-8E44-118CBFBDB2A9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E30DB952-C163-48FA-8125-CCAC1F5DEB7D}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{EF68FB9D-E550-4585-ACFB-CA1B78CBD4F1}" = protocol=17 | dir=in | app=c:\users\lisa\downloads\sweetimsetup.exe |
"{FF2BBA31-26B5-4E18-A303-9E0A80DDE39F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{093465B7-E75C-4AE8-8A58-6ED7AE782F25}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{3937EBE8-521B-432C-818F-14E92AE35085}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{5705B37E-1288-4097-AC9F-DAAB442A379C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4E9B476C-5CF1-407A-B416-2562F62529C0}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{81308E4E-05A9-4122-B30A-A2BAD6196D17}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{8A475D1B-DBCD-44AA-909F-8285921E90A9}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.100
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1194237-547A-461d-BD44-B97B1574A7DA}" = SweetIM Toolbar for Internet Explorer 4.1
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF507761-0AD4-4BCC-A636-42DB38E689B0}" = Sven 2 XXL
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B16D7022-A166-420B-BC44-E6682452EBA5}" = LibreOffice 3.3
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}" = Sven XXX - XXL
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E24AECDA-101F-11D6-986D-00500443CF9F}" = Sven Bømwøllen
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/2/2012 5:33:26 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
Zeitstempel: 0x491c0a79 Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
2.0.2313.0, Zeitstempel: 0x491c0a79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00003ce7
ID
des fehlerhaften Prozesses: 0xdc0 Startzeit der fehlerhaften Anwendung: 0x01cd7091dd399f8f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
1ba23725-dc85-11e1-aefc-0024545fe718
Error - 8/2/2012 5:44:24 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
Zeitstempel: 0x491c0a79 Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
2.0.2313.0, Zeitstempel: 0x491c0a79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00003ce7
ID
des fehlerhaften Prozesses: 0x14a0 Startzeit der fehlerhaften Anwendung: 0x01cd70930994851f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
a3fa2a2b-dc86-11e1-aefc-0024545fe718
Error - 8/23/2012 5:46:58 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OfficeLiveSignIn.exe, Version: 2.0.2313.0,
Zeitstempel: 0x491c0a79 Name des fehlerhaften Moduls: OfficeLiveSignIn.exe, Version:
2.0.2313.0, Zeitstempel: 0x491c0a79 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00003ce7
ID
des fehlerhaften Prozesses: 0x690 Startzeit der fehlerhaften Anwendung: 0x01cd81108d320469
Pfad
der fehlerhaften Anwendung: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
Berichtskennung:
7a824f87-ed07-11e1-8352-0024545fe718
Error - 8/31/2012 10:09:05 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
Zeitstempel: 0x4f596cbb Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
2.0.7883.3217, Zeitstempel: 0x4a88fced Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9f8
ID
des fehlerhaften Prozesses: 0xdec Startzeit der fehlerhaften Anwendung: 0x01cd8781fece0045
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
6bf3d2f1-f375-11e1-ae91-0024545fe718
Error - 9/1/2012 6:15:10 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
Zeitstempel: 0x4f596cbb Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
2.0.7883.3217, Zeitstempel: 0x4a88fced Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9f8
ID
des fehlerhaften Prozesses: 0xacc Startzeit der fehlerhaften Anwendung: 0x01cd882aa4fc54f3
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
e8a00993-f41d-11e1-8262-0024545fe718
Error - 9/4/2012 7:32:33 AM | Computer Name = Lisa-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 21.0.1180.89 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4b8 Startzeit:
01cd8a8ee24266ee Endzeit: 21 Anwendungspfad: C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID:
2d2b22cd-f684-11e1-ae85-0024545fe718
Error - 9/7/2012 6:55:23 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
Zeitstempel: 0x4f596cbb Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
2.0.7883.3217, Zeitstempel: 0x4a88fced Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9f8
ID
des fehlerhaften Prozesses: 0xdd4 Startzeit der fehlerhaften Anwendung: 0x01cd8ce74247b050
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
8584ea91-f8da-11e1-85a9-0024545fe718
Error - 9/17/2012 10:42:09 AM | Computer Name = Lisa-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.116, Zeitstempel:
0x50001496 Name des fehlerhaften Moduls: mshtml.dll, Version: 9.0.8112.16448, Zeitstempel:
0x4fecfb0e Ausnahmecode: 0xc0000005 Fehleroffset: 0x002627f8 ID des fehlerhaften Prozesses:
0xfa8 Startzeit der fehlerhaften Anwendung: 0x01cd94e244c3f41b Pfad der fehlerhaften
Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Windows\System32\mshtml.dll Berichtskennung: dba60a6e-00d5-11e2-8265-0024545fe718
Error - 9/19/2012 2:12:07 PM | Computer Name = Lisa-PC | Source = Google Update | ID = 20
Description =
Error - 9/19/2012 2:47:42 PM | Computer Name = Lisa-PC | Source = Application Hang | ID = 1002
Description = Programm adwcleaner.exe, Version 2.0.0.2 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 550 Startzeit:
01cd96966f3582a8 Endzeit: 16 Anwendungspfad: C:\Users\Lisa\Downloads\adwcleaner.exe
Berichts-ID:
7591e226-028a-11e2-b473-0024545fe718
Error - 9/21/2012 1:48:56 PM | Computer Name = Lisa-PC | Source = MsiInstaller | ID = 11706
Description =
[ OSession Events ]
Error - 6/16/2011 2:14:52 PM | Computer Name = Lisa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/8/2011 7:19:06 AM | Computer Name = Lisa-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 9/21/2012 10:31:47 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 9/21/2012 11:26:10 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 9/21/2012 1:35:43 PM | Computer Name = Lisa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?09.?2012 um 18:39:30 unerwartet heruntergefahren.
Error - 9/21/2012 1:35:49 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 9/21/2012 1:36:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Oberon Media Game Console service erreicht.
Error - 9/21/2012 1:36:23 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Oberon Media Game Console service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 9/21/2012 1:38:03 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Kaspersky Security Suite CBE 11 Service" wurde nicht richtig
gestartet.
Error - 9/21/2012 1:38:03 PM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KL1 KLIF
Error - 9/22/2012 7:46:19 AM | Computer Name = Lisa-PC | Source = BugCheck | ID = 1001
Description =
Error - 9/22/2012 7:46:18 AM | Computer Name = Lisa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
Hab eben nochmal nach meinem Kaspersky geguckt: es geht nicht mehr, total kaputt.. Sag mal, muss ich jetzt Angst haben oder kriegt man das wieder richtig weg? |
|
25.09.2012, 18:23
| #6 |
| /// Malware-holic | Mystart Trojaner eingefangen, Hilfe!! sorry für die wartezeit lade den CCleaner standard: CCleaner Download - CCleaner 3.22.1800 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Mystart Trojaner eingefangen, Hilfe!! |
|
25.09.2012, 19:37
| #7 |
| | Mystart Trojaner eingefangen, Hilfe!! Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 06.06.2011 6,00MB 10.3.181.23 notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 21.05.2011 6,00MB 10.3.181.14 notwendig Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 19.05.2010 229MB 9.1.0 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 19.06.2010 11.5.7.609 notwendig AnyPC Client Doctorsoft 05.12.2009 1.0.0.23 unbekannt Babylon toolbar on IE BabylonToolbar 25.09.2012 unnötig BatteryLifeExtender Samsung 05.12.2009 14,2MB 1.0.1 unbekannt Browser Manager 19.09.2012 unbekannt CCleaner Piriform 22.08.2012 3.22 notwendig ChargeableUSB SAMSUNG 05.12.2009 1.0.0.0 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 20.08.2012 229MB 12.0.6612.1000 notwendig CyberLink DVD Suite CyberLink Corp. 05.12.2009 15,1MB 6.0.2806 notwendig CyberLink LabelPrint CyberLink Corp. 05.12.2009 163MB 2.5.1916 notwendig CyberLink Power2Go CyberLink Corp. 05.12.2009 120MB 6.0.3108a notwendig CyberLink PowerDirector CyberLink Corp. 05.12.2009 367MB 7.0.3213 notwendig CyberLink PowerDVD 8 CyberLink Corp. 05.12.2009 91,3MB 8.0.2815b notwendig CyberLink PowerProducer CyberLink Corp. 05.12.2009 297MB 5.0.1.1812 notwendig CyberLink YouCam CyberLink Corp. 19.05.2010 77,1MB 2.0.3304 notwendig Die Sims™ 3 Electronic Arts 14.06.2012 1.34.27 notwendig Die Sims™ 3 Einfach tierisch Electronic Arts 24.12.2011 10.0.96 notwendig Die Sims™ 3 Late Night Electronic Arts 27.08.2011 6.5.1 notwendig Die Sims™ 3 Luxus-Accessoires Electronic Arts 12.07.2010 3.5.8 notwendig Die Sims™ 3 Traumkarrieren Electronic Arts 14.07.2010 4.0.87 notwendig DVDVideoSoftTB Toolbar 21.03.2011 6.3.2.17 notwendig Easy Display Manager Samsung Electronics Co., Ltd. 05.12.2009 3.0 unbekannt Easy Network Manager Samsung 05.12.2009 19,0MB 4.2.4 unbekannt Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 05.12.2009 3.0.0.5 unbekannt EasyBatteryManager Samsung 05.12.2009 4.0.0.3 unbekannt EasyBits GO EasyBits Media 12.06.2011 unbekannt Facebook Video Calling 1.2.0.159 Skype Limited 21.03.2012 4,76MB 1.2.159 unnötig Facemoods Toolbar 23.08.2011 unnötig Farm Frenzy 2 Oberon Media 19.05.2010 unnötig FileConverter 1.3 Toolbar FileConverter 1.3 22.09.2012 6.9.0.16 unnötig Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 06.02.2011 10,3MB notwendig Free YouTube to MP3 Converter version 3.10.15.1228 DVDVideoSoft Ltd. 04.02.2012 85,5MB notwendig Game Pack Oberon Media, Inc. 19.05.2010 5.3.0.10 unnötig Giant Savings 215 Apps 25.09.2012 1.20.150.150 unbekannt GIMP 2.6.11 The GIMP Team 23.08.2011 107MB 2.6.11 unbekannt Go-Go Gourmet Oberon Media 19.05.2010 unnötig Google Chrome Google Inc. 19.09.2012 21.0.1180.89 notwendig Google Toolbar for Internet Explorer Google Inc. 12.08.2012 7.4.3203.136 unnötig Guitar Hero World Tour Aspyr 21.03.2012 7,54GB 1.0 unnötig Harry Potter II 23.05.2010 unnötig ICQ7.4 ICQ 14.04.2011 7.4 notwendig iLivid Bandoo Media Inc 22.09.2012 1.92 unbekannt Incredibar Toolbar on IE 18.09.2012 unnötig Intel(R) Rapid Storage Technology Intel Corporation 05.12.2009 9.5.4.1001 notwendig Intel(R) Turbo Boost Technology Driver Intel Corporation 05.12.2009 01.00.01.1002 notwendig Java(TM) 6 Update 31 Oracle 12.03.2012 95,1MB 6.0.310 notwendig Java(TM) 7 Update 5 Oracle 01.07.2012 99,3MB 7.0.50 notwendig JavaFX 2.1.1 Oracle Corporation 01.07.2012 20,8MB 2.1.1 notwendig JDownloader 0.9 AppWork GmbH 25.09.2012 0.9 unnötig Kaspersky Security Suite CBE 11 Kaspersky Lab 21.05.2011 11.0.2.556 notwendig LibreOffice 3.3 LibreOffice 18.09.2011 944MB 3.3.8 notwendig Marvell Miniport Driver Marvell 05.12.2009 11.22.3.3 unbekannt McAfee Security Scan Plus McAfee, Inc. 16.06.2010 8,30MB 2.0.181.2 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.12.2011 38,8MB 4.0.30320 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 28.12.2011 2,93MB 4.0.30320 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Home and Student 2007 Microsoft Corporation 29.02.2012 12.0.6612.1000 unbekannt Microsoft Office Live Add-in 1.3 Microsoft Corporation 19.05.2010 494KB 2.0.2313.0 unbekannt Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 20.08.2012 136MB 12.0.6612.1000 notwendig Microsoft Office Suite Activation Assistant Microsoft Corporation 19.05.2010 8,36MB 2.9 notwendig Microsoft Silverlight Microsoft Corporation 10.05.2012 222MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 19.05.2010 1,72MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 20.07.2010 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 598KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.09.2011 240KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 24.06.2010 596KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 26.12.2011 15,0MB 10.0.40219 unbekannt Microsoft Works Microsoft Corporation 12.04.2012 1,02GB 9.7.0621 notwendig Microsoft WSE 3.0 Runtime Microsoft Corp. 19.05.2010 942KB 3.0.5305.0 unbekannt Mozilla Firefox 5.0 (x86 de) Mozilla 18.09.2011 35,2MB 5.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 24.05.2010 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.05.2010 1,33MB 4.20.9876.0 unbekannt MyFreeCodec 28.12.2011 unbekannt Need for Speed™ Most Wanted 13.07.2012 notwendig NVIDIA Drivers NVIDIA Corporation 16.10.2010 1.10 unbekannt Origin Electronic Arts, Inc. 24.12.2011 8.2.2.2413 notwendig PC Connectivity Solution Nokia 21.05.2010 9,21MB 8.15.0.0 unnötig Picasa 3 Google, Inc. 23.02.2012 3.8 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.12.2009 6.0.1.5969 unbekannt REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 05.12.2009 1.01.0088 unbekannt Samsung Kies Samsung Electronics Co., Ltd. 28.12.2011 195MB 2.1.0.11095_121 notwendig Samsung New PC Studio Samsung Electronics Co., Ltd. 21.05.2010 200MB 1.00.0000 notwendig Samsung R-Series Samsung 05.12.2009 24,2MB 1.0 notwendig Samsung Recovery Solution 4 Samsung 05.12.2009 4.0.0.41 notwendig Samsung Support Center Samsung 05.12.2009 40,8MB 1.0.21 notwendig Samsung Update Plus Samsung Electronics Co., Ltd. 05.12.2009 2.0 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 07.01.2012 42,1MB 1.4.8.0 unnötig SamsungConnectivityCableDriver Samsung 21.05.2010 633KB 6.83.6.2.1 unnötig Searchqu Toolbar Bandoo Media Inc 22.09.2012 4.1.0.3114 unnötig Skype Click to Call Skype Technologies S.A. 26.10.2011 18,4MB 5.6.8442 notwendig Skype™ 5.10 Skype Technologies S.A. 14.08.2012 19,3MB 5.10.116 notwendig Sven 2 XXL 23.05.2010 unnötig Sven Bømwøllen 01.06.2012 unnötig Sven XXX - XXL 23.05.2010 notwendig SweetIM for Messenger 3.6 SweetIM Technologies Ltd. 06.11.2011 4,74MB 3.6.0002 unnötig Synaptics Pointing Device Driver Synaptics Incorporated 21.08.2010 15.0.10.0 unbekannt Tomb Raider: Legend 1.2 13.11.2010 notwendig Uninstall 1.0.0.1 06.02.2011 10,4MB unbekannt User Guide 05.12.2009 1.0 unbekannt Web Assistant 2.0.0.100 IncrediBar 18.09.2012 1,84MB 2.0.0.100 unnötig WEB.DE Internet Explorer Addon 1&1 Mail & Media GmbH 22.06.2011 1.0.1.0 notwendig WEB.DE Softwareaktualisierung 1&1 Mail & Media GmbH 24.06.2011 2.0.1.5 unnötig Windows Live Essentials Microsoft Corporation 17.06.2012 15.4.3555.0308 unnötig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 18.06.2012 5,57MB 15.4.5722.2 unnötig Windows Live Sync Microsoft Corporation 19.05.2010 2,79MB 14.0.8089.726 unnötig Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 21.05.2010 10/12/2007 6.85.4.0 unbekannt Yontoo 1.10.02 Yontoo LLC 19.09.2012 1,29MB 1.10.02 unbekannt Da, wo ich schon erkannt habe, dass es was schlimmes ist (zum Beispiel einmal die "incredibar") hab ich schon unnötig dahintergeschrieben. Jetzt isses zu spät, ich kommt nicht mehr rein. Er fährt nicht richtig hoch, es kommen immer wieder irgendwelche Fehlermeldungen und er überprüft und überprüft irgendwelche Daten, um dann wieder neu zu starten. Ne Computerbild-Notfall CD bringts auch nicht. Und jetzt? |
|
27.09.2012, 16:46
| #8 |
| /// Malware-holic | Mystart Trojaner eingefangen, Hilfe!! deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AnyPC Babylon Browser Manager DVDVideoSoftTB : unnötiger unsinn, toolbars sind eine potentielle gefahr. Facemoods Farm Frenzy FileConverter Game Giant GIMP Go-Go Google Toolbar Guitar Harry Potter iLivid Incredibar Java: alle Download der kostenlosen Java-Software downloade java jre instalieren deinstaliere: JDownloader Kaspersky : ist veraltet, aktuell ist version 2013, da solltest du überlegen ne lizenz zu erwerben. deinstaliere. McAfee Mozilla Firefox : öffnen, hilfe, update, aktuell ist version 15 deinstaliere: MyFreeCodec PC Connectivity Searchqu Sven : alle unnötigen SweetIM Web Assistant Windows Live : alle für dich unnötigen Yontoo hast du irgendwas selbst gelöscht? kannst du wieder normal starten und bitte ein wenig genauer, er überprüft irgendwas ist keine aussage mit der man arbeiten kann
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Mystart Trojaner eingefangen, Hilfe!! |
| ahnung, angemeldet, bereich, computer, daten, eingefangen, einstellungen, gen, hilfe!, löschen, löscht, mystart by incredibar, mystart trojaner, neue, neuen, nicht mehr, nutzte, plötzlich, seite, startet, tab, task-manager, total, trojaner, win, win7 |
Linear-Darstellung
